Skip to content

ibm-cloud-architecture/codepattern-certificate-management

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Manage SSL certificates for IBM Cloud VPC Application Load Balancer

Architecture Goals

  1. Given an IBM Cloud VPC Application Load Balancer as a Service (LBaaS), create the minimum required services/configurations to provide a certificate for the Listener.
  2. Demonstrate how the IBM Cloud Certificate Management Service (CMS) is required to order/hold the certificate.
  3. Show how to create an auth policy between LBaaS and CMS is also defined to enable the LBaaS LISTENER to read/write to the CMS.

Description

This code pattern provides the necessary scripts to provision a basic VPC network with an Application Load Balancer as a service, and instance of IBM Certificate Manager Service (CMS) with access control policies for roles and for LBaaS to read from CMS. Then a certificate is ordered and loaded into the CMS service instance.

Serviced-scenario


Process

When you run this script it will

  • create a certifcate manager instance

    • requests a certificate
    • loads certificate into cms
  • create an instance of a VPC with

    • prefix address for a single zone
    • subnet in the zone
    • single VSI attached to subnet
    • LBaaS attached to subnet with a back end pool and listener
      • listener listens on https, port 443 and uses the certificate in the cms instance
  • creates an access group

  • assigns access policy for

    • access group to access cms
    • LBaas to access cms to read certificate

Releases

No releases published

Packages

No packages published

Languages