Certificates

This guide is optional

Certificates for each application are created within its corresponding application stack.

If you need additional certificates, set up a separate certificates stack.

Step 1: Add and configure the `scaffold` package

repo-iac/environments/dev/

ok pkg add scaffold certificates
cd certificates

Update package-config.yml with your preferences.

Step 2: Install the package

repo-iac/environments/dev/certificates/

ok pkg install

Step 3: Initialize and apply the `certificates` stack

repo-iac/environments/dev/certificates/

terraform init
terraform apply

This creates no resources since we're scaffolding an empty stack.

Step 4: Add custom certificate

Create one or more certificates as needed. This example creates a certificate for km-dev.oslo.systems.

repo-iac/environments/dev/certificates/km-dev-certificate.tf

module "acm_certificate_km" {
  # https://github.com/terraform-aws-modules/terraform-aws-acm
  source  = "terraform-aws-modules/acm/aws"
  version = "5.0.1"

  create_certificate = true

  domain_name = "km-dev.oslo.systems"
  zone_id     = data.aws_route53_zone.km.zone_id

  validation_method   = "DNS"
  wait_for_validation = true
}

data "aws_route53_zone" "km" {
  name = "km-dev.oslo.systems"
}

Step 5: Verify

AWS CLIAWS console

Run the following command:

aws acm list-certificates | jq '.CertificateSummaryList[].DomainName'

The output list should contain km-dev.oslo.systems.

Sign in to the AWS console and navigate to Certficate Manager. Select List certificates in the left-hand menu.

The list should contain km-dev.oslo.systems

Commit your files

At this stage it is a good idea to commit your files.

Next step

Set up load balancing.