Skip to content

Certificates

This guide is optional

Part of Setup your AWS environment.

Certificates for each application are created within its corresponding application stack.

If you need additional certificates, set up a separate certificates stack.

Step 1: Add and configure the scaffold package

repo-iac/environments/dev/
ok pkg add scaffold certificates

Update package-config.yml with your preferences.

Step 2: Install the package

repo-iac/environments/dev/certificates/
ok pkg install

Step 3: Initialize and apply the certificates stack

repo-iac/environments/dev/certificates/
terraform init
terraform apply

This creates no resources since we're scaffolding an empty stack.

Step 4: Add custom certificate

Create one or more certificates as needed. This example creates a certificate for km-dev.oslo.systems.

repo-iac/environments/dev/certificates/km-dev-certificate.tf
module "acm_certificate_km" {
  # https://github.com/terraform-aws-modules/terraform-aws-acm
  source  = "terraform-aws-modules/acm/aws"
  version = "5.0.1"

  create_certificate = true

  domain_name = "km-dev.oslo.systems"
  zone_id     = data.aws_route53_zone.km.zone_id

  validation_method   = "DNS"
  wait_for_validation = true
}

data "aws_route53_zone" "km" {
  name = "km-dev.oslo.systems"
}

Step 5: Verify

Run the following command:

aws acm list-certificates | jq '.CertificateSummaryList[].DomainName'

The output list should contain km-dev.oslo.systems.

Sign in to the AWS console and navigate to Certficate Manager. Select List certificates in the left-hand menu.

The list should contain km-dev.oslo.systems

Commit your files

At this stage it is a good idea to commit your files.

Next step

Set up load balancing.