DEVHIDE
Login Or Sign up

Terraform - Error: associating ACM PCA Certificate with Certificate Authority

740 Views Asked by At

I am a rookie to Terraform and I have a blocker with this code. I followed the terraform documentation that advised to issue a renewable certificate using an ACM PCA, create a aws_acm_certificate with the parameter certificate_authority_arn. My goal is to create root CA with ACMPCA, install the CA certificate and use ACM to request the private CA. Although the ACM resource deployed, it's in failed status and I got the Error below and I don’t know how to resolve the issue.

Code

provider "aws" {
    region = "us-east-1"
}




# Create a root CA with ACM PCA
resource "aws_acmpca_certificate_authority" "pca_cert" {
    type = "ROOT"
    certificate_authority_configuration {
        key_algorithm     = "RSA_2048"
        signing_algorithm = "SHA256WITHRSA"

        subject {
            common_name = "cf-demo.com"
        }
    }
    permanent_deletion_time_in_days = 7
}

# Install the root CA certificate
resource "aws_acmpca_certificate_authority_certificate" "cert_authority_certificate" {
    certificate_authority_arn = aws_acmpca_certificate_authority.pca_cert.arn
    certificate               = aws_acm_certificate.demo_acm_cert.arn
}


# Use ACM to request the certificate
resource "aws_acm_certificate" "demo_acm_cert" {
    domain_name       = "cf-demo.com"
    certificate_authority_arn = aws_acmpca_certificate_authority.pca_cert.arn
}


# Grant permissions to ACM to access the certificate authority
resource "aws_acmpca_permission" "root_ca_permission" {
    certificate_authority_arn = aws_acmpca_certificate_authority.pca_cert.arn
    actions                   = ["IssueCertificate", "GetCertificate", "ListPermissions"]
    principal                 = "acm.amazonaws.com"
}

Error:

Error: associating ACM PCA Certificate with Certificate Authority (arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx): ValidationException: 1 validation error detected: Value at 'certificate' failed to satisfy constraint: Member must satisfy regular expression pattern: -----BEGIN CERTIFICATE-----\r?\n([A-Za-z0-9/+]{64}\r?\n)*[A-Za-z0-9/+]{1,64}={0,2}\r?\n-----END CERTIFICATE-----(\r?\n)?.
│       status code: 400, request id: xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
│ 
│   with aws_acmpca_certificate_authority_certificate.cert_authority_certificate,
│   on cert.tf line 32, in resource "aws_acmpca_certificate_authority_certificate" "cert_authority_certificate":
│   32: resource "aws_acmpca_certificate_authority_certificate" "cert_authority_certificate" {

I attempted at using "aws_acmpca_certificate" resource together with "aws_acm_certificate" but that i got "Error: Cycle".

terraform terraform-provider-aws aws-certificate-manager certificate-authority aws-acm
Original Q&A
1

There are 1 best solutions below

2
Robert Hafner On

The aws_acmpca_certificate_authority_certificate resource's certificate parameter expects an actual certificate, not an ARN. Use the certificate attribute of the pca_cert instead of the arn attribute.

# Install the root CA certificate
resource "aws_acmpca_certificate_authority_certificate" "cert_authority_certificate" {
    certificate_authority_arn = aws_acmpca_certificate_authority.pca_cert.arn
    certificate               = aws_acmpca_certificate_authority.pca_cert.certificate
}

Related Questions in TERRAFORM

Related Questions in TERRAFORM-PROVIDER-AWS

Related Questions in AWS-CERTIFICATE-MANAGER

Related Questions in CERTIFICATE-AUTHORITY

Related Questions in AWS-ACM

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.