如何在不使用 ACM(AWS Certificate Manager)的情况下获取 SSL 证书的 ARN(Amazon Resource Name)?
How to get the ARN (Amazon Resource Name) of SSL certificate without using ACM (AWS Certificate Manager)?
我正在使用 Terraform 在位于中国的 AWS 宁夏区域创建 Elastic Beanstalk 环境。
让我困惑的一件事是如何获得 SSLCertificateArns?
的值
setting {
namespace = "aws:elbv2:listener:443"
name = "SSLCertificateArns"
value = "arn:aws:acm:cn-northwest-1:012345678912:certificate/????????-????-????-????-????????????" # Where to get this value?
}
AWS中国目前不提供Certificate Manager服务。
我使用 Let's Encrypt 创建了证书,然后通过单击经典负载均衡器的 SSL Certificate 列上传证书:
当您从 ELB 配置上传证书时,它会保存在 IAM 证书列表而不是 ACM 中。
您应该能够使用以下命令查看证书:
aws iam list-server-certificates
https://docs.aws.amazon.com/cli/latest/reference/iam/list-server-certificates.html
您可以使用 aws_iam_server_certificate 根据证书的名称前缀获取 ARN:
data "aws_iam_server_certificate" "my-domain" {
name_prefix = "my-domain.org"
latest = true
}
resource "aws_elb" "elb" {
name = "my-domain-elb"
listener {
instance_port = 8000
instance_protocol = "https"
lb_port = 443
lb_protocol = "https"
ssl_certificate_id = "${data.aws_iam_server_certificate.my-domain.arn}"
}
}
我正在使用 Terraform 在位于中国的 AWS 宁夏区域创建 Elastic Beanstalk 环境。
让我困惑的一件事是如何获得 SSLCertificateArns?
setting {
namespace = "aws:elbv2:listener:443"
name = "SSLCertificateArns"
value = "arn:aws:acm:cn-northwest-1:012345678912:certificate/????????-????-????-????-????????????" # Where to get this value?
}
AWS中国目前不提供Certificate Manager服务。
我使用 Let's Encrypt 创建了证书,然后通过单击经典负载均衡器的 SSL Certificate 列上传证书:
当您从 ELB 配置上传证书时,它会保存在 IAM 证书列表而不是 ACM 中。 您应该能够使用以下命令查看证书:
aws iam list-server-certificates
https://docs.aws.amazon.com/cli/latest/reference/iam/list-server-certificates.html
您可以使用 aws_iam_server_certificate 根据证书的名称前缀获取 ARN:
data "aws_iam_server_certificate" "my-domain" {
name_prefix = "my-domain.org"
latest = true
}
resource "aws_elb" "elb" {
name = "my-domain-elb"
listener {
instance_port = 8000
instance_protocol = "https"
lb_port = 443
lb_protocol = "https"
ssl_certificate_id = "${data.aws_iam_server_certificate.my-domain.arn}"
}
}