DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’» is a community of 963,864 amazing developers

We're a place where coders share, stay up-to-date and grow their careers.

Create account Log in
Cover image for Create ACM certificate with DNS validation using Terraform
Asrin for AWS Community Builders

Posted on • Originally published at azcodez.Medium

Create ACM certificate with DNS validation using Terraform

This is how I created an HTTPS AWS Certificate (ACM) and validated it with my domain in AWSRoute53 using DNS validation, all using infrastructure as code tool Terraform.

This is how I created an HTTPS AWS Certificate (ACM) and validated it with my domain in AWSRoute53 using DNS validation, all using infrastructure as code tool Terraform.

Prerequisites

Add a variable for yourΒ domain

variable "root_domain_name" {
  type    = string
  default = "helloworld.info"
}
Enter fullscreen mode Exit fullscreen mode
  • Replace the above helloworld.info with your domain

Route53

I had an imported route 53 already like so. See terraform docs for more info

resource "aws_route53_zone" "hello_world_zone" {
  name = var.root_domain_name
}
Create an ACM Certificate
resource "aws_acm_certificate" "hello_certificate" {
  domain_name       = var.root_domain_name
  validation_method = "DNS"
  lifecycle {
    create_before_destroy = true
  }
}
Enter fullscreen mode Exit fullscreen mode
  • This creates a AWS ACM certificate for the domain name you set as variable
  • Sets validation mode to DNS

Add DNSΒ records

resource "aws_route53_record" "hello_cert_dns" {
  allow_overwrite = true
  name =  tolist(aws_acm_certificate.hello_certificate.domain_validation_options)[0].resource_record_name
  records = [tolist(aws_acm_certificate.hello_certificate.domain_validation_options)[0].resource_record_value]
  type = tolist(aws_acm_certificate.hello_certificate.domain_validation_options)[0].resource_record_type
  zone_id = aws_route53_zone.hello_world_zone.zone_id
  ttl = 60
}
Enter fullscreen mode Exit fullscreen mode
  • This adds DNS records from the resource above and inputs them into your Route53 host zone. Similar way you would do this as if you did it manually

Validate the certificcate

resource "aws_acm_certificate_validation" "hello_cert_validate" {
  certificate_arn = aws_acm_certificate.hello_certificate.arn
  validation_record_fqdns = [aws_route53_record.hello_cert_dns.fqdn]
}
Enter fullscreen mode Exit fullscreen mode
  • This validates your ACM certificate with your domain name

Run Terraform

terraform fmt
terraform validate
terraform plan
terraform apply
Enter fullscreen mode Exit fullscreen mode

Check ACM

  • In AWS Console > Certificate Manager
  • You should have the status as issued

Hope this helps😁

Feel free to comment with questions or feedback✌️

Happy coding,

Az πŸ‘¨πŸΎβ€πŸ’»

Credits

Top comments (0)

Take a look at this:

Settings

Go to your customization settings to nudge your home feed to show content more relevant to your developer experience level. πŸ›