DEV Community

Cover image for Create ACM certificate with DNS validation using Terraform
AWS Community Builders profile image Asrin
Asrin for AWS Community Builders

Posted on • Originally published at azcodez.Medium

Create ACM certificate with DNS validation using Terraform

#aws #programming #devops #terraform

This is how I created an HTTPS AWS Certificate (ACM) and validated it with my domain in AWSRoute53 using DNS validation, all using infrastructure as code tool Terraform.

This is how I created an HTTPS AWS Certificate (ACM) and validated it with my domain in AWSRoute53 using DNS validation, all using infrastructure as code tool Terraform.

Prerequisites

Add a variable for your domain 

variable "root_domain_name" {
  type    = string
  default = "helloworld.info"
}
Enter fullscreen mode Exit fullscreen mode
  • Replace the above helloworld.info with your domain

Route53

I had an imported route 53 already like so. See terraform docs for more info

resource "aws_route53_zone" "hello_world_zone" {
  name = var.root_domain_name
}
Create an ACM Certificate
resource "aws_acm_certificate" "hello_certificate" {
  domain_name       = var.root_domain_name
  validation_method = "DNS"
  lifecycle {
    create_before_destroy = true
  }
}
Enter fullscreen mode Exit fullscreen mode
  • This creates a AWS ACM certificate for the domain name you set as variable
  • Sets validation mode to DNS

Add DNS records 

resource "aws_route53_record" "hello_cert_dns" {
  allow_overwrite = true
  name =  tolist(aws_acm_certificate.hello_certificate.domain_validation_options)[0].resource_record_name
  records = [tolist(aws_acm_certificate.hello_certificate.domain_validation_options)[0].resource_record_value]
  type = tolist(aws_acm_certificate.hello_certificate.domain_validation_options)[0].resource_record_type
  zone_id = aws_route53_zone.hello_world_zone.zone_id
  ttl = 60
}
Enter fullscreen mode Exit fullscreen mode
  • This adds DNS records from the resource above and inputs them into your Route53 host zone. Similar way you would do this as if you did it manually

Validate the certificcate 

resource "aws_acm_certificate_validation" "hello_cert_validate" {
  certificate_arn = aws_acm_certificate.hello_certificate.arn
  validation_record_fqdns = [aws_route53_record.hello_cert_dns.fqdn]
}
Enter fullscreen mode Exit fullscreen mode
  • This validates your ACM certificate with your domain name

Run Terraform 

terraform fmt
terraform validate
terraform plan
terraform apply
Enter fullscreen mode Exit fullscreen mode

Check ACM

  • In AWS Console > Certificate Manager
  • You should have the status as issued

Hope this helps😁

Feel free to comment with questions or feedback✌️

Happy coding,

Az 👨🏾‍💻

Credits

Top comments (0)

Read next

nozibul_islam_113b1d5334f profile image

Parallel Programming in Web Browsers

Nozibul Islam -

mateuscechetto profile image

Allowlist vs Denylist: When to use them

Mateus Cechetto -

dm8ry profile image

Demonstrating Persistence vs. Non-Persistence in Kubernetes with MongoDB

Dmitry Romanoff -

ayush7614 profile image

How to Install Minikube on Ubuntu Virtual Machine?

Ayush kumar -