Skip to content

Certificates

This guide is optional

Certificates for each application are created within its corresponding application stack.

If you need additional certifications you can create them by setting up a separate certificates stack.

Step 1: Create a new configuration file

Create a new configuration file for certificates:

repo-iac/environments/dev/_config/certificates.yml
StackName: "certificates"

Step 2: Add and install the scaffold package

Run the following command in the repo-iac/environments/dev/ directory:

repo-iac/environments/dev/
ok pkg add scaffold certificates

This will add the package you want to install to packages.yml. If you want to know more about how this works, read the reference documentation for packages.yml.

Then, run the following command to install the package:

repo-iac/environments/dev/
ok pkg install certificates

Step 3: Initialize and apply the certificates stack

repo-iac/environments/dev
cd certificates/
terraform init
terraform apply

This will not create any resources since we are scaffolding a empty stack.

Step 4: Add custom certificate

Depending on your needs you can create one or more certificates. The following example creates a certificate for km-dev.oslo.systems.

repo-iac/environments/dev/certificates/km-dev-certificate.tf
module "acm_certificate_km" {
  # https://github.com/terraform-aws-modules/terraform-aws-acm
  source  = "terraform-aws-modules/acm/aws"
  version = "5.0.1"

  create_certificate = true

  domain_name = "km-dev.oslo.systems"
  zone_id     = data.aws_route53_zone.km.zone_id

  validation_method   = "DNS"
  wait_for_validation = true
}

data "aws_route53_zone" "km" {
  name = "km-dev.oslo.systems"
}

Step 5: Verify

Run the following command:

aws acm list-certificates | jq '.CertificateSummaryList[].DomainName'

The output list should contain km-dev.oslo.systems.

Login to the AWS console and navigate to Certficate Manager. Select List certificates in the left-hand menu.

The list should contain km-dev.oslo.systems


Commit your files

At this stage it is a good idea to commit your files.

Next step

Set up load balancing.