You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 22, 2020. It is now read-only.
After a bit more digestion I see now that it would be more natural to use the certs here as an input to an aws_iam_server_certificate, which seems straightforward to configure. Also found relevant info on security implications in http://apparently.me.uk/terraform-certificate-authority/
@snakescott sounds like you figured this out already but just wanted to reply on a couple of things - you are right that it's probably better to pass this to something like aws_iam_server_certificate. A common scenario would be terminating SSL on an ELB/ALB with this and passing those requests to a non-HTTPS service on your instances created with aws_instance.
Glad you found Martin's example! Aside from that, my practice for handling private data in state is to ensure it's encrypted at rest or deleted otherwise. Also mark any key outputs you have as sensitive as well so that keys are not displayed in the clear when they shouldn't be, and delete the local state cache in .terraform/terraform.tfstate when you are using remote state and don't need to have it available.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Once certificates are created via a
resource "acme_certificate" ...
block, what happens next?aws_instance
? Or is this just the file provider and a lot of elbow grease?private_key_pem
being persisted to tfstate?Thanks!
The text was updated successfully, but these errors were encountered: