-
Notifications
You must be signed in to change notification settings - Fork 9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[New]: ALB Mutual Authentication #34568
Comments
Community NoteVoting for Prioritization
Volunteering to Work on This Issue
|
Hi @dallasanta I've created a PR for this with a minimal implementation : #34584 so far just allowing the creation of a trust_store resource/data source and binding to a load balancer, plan to follow on with a PR for for the revocation or add in to the depending on how long the review / merge cycle is. |
thanks @matt-mercer for the implementation! I think it would be helpful to have the s3 config in the state file as I can see it's a valid use case to modify the trust store. I'm afraid I'm not a reviewer on this project so I don't think I can help getting it over the line. |
@dallasanta totally agree .. I just don't know there's an easy way to achieve this, I've seen some closed issues that look 'similar' to what it would be good to do ... on the flip side , it's probably OK, if a modify-trust-store action fires on apply that re-deploys the same CA cert .. just noisy / slightly scary when you're not expecting a change. Though, for my own use-case I'm intially thinking I'll manage the trust-store itself outside of terraform and just use the data-source to bind to the load balancer .. rather than get the churn, until this can be addressed |
@dallasanta actually it works fine .. the ca_certificates_bundle_s3_bucket / ca_certificates_bundle_s3_key are automatically saved into state .. so repeat applys don't trigger change .. think you'd just get an initial one post import .. |
This functionality has been released in v5.30.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Description
Given that AWS has launched a new functionality to enable Mutual Authentication on ALBs (https://aws.amazon.com/blogs/aws/mutual-authentication-for-application-load-balancer-to-reliably-verify-certificate-based-client-identities/)
And aws-sdk-go already supports that
And CloudFormation has already implemented that through the following resources:
Then AWS provider should have its own implementation
Requested Resource(s) and/or Data Source(s)
Potential Terraform Configuration
No response
References
No response
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: