Terraform - 错误:将 ACM PCA 证书与证书颁发机构关联

Terraform - Error: associating ACM PCA Certificate with Certificate Authority

提问人:S Parker 提问时间:4/22/2023 更新时间:4/22/2023 访问量:442

问:

我是 Terraform 的菜鸟,我有一个使用此代码的阻止程序。我遵循了 terraform 文档,该文档建议使用 ACM PCA 颁发可续订证书,使用参数创建一个aws_acm_certificate。我的目标是使用 ACMPCA 创建根 CA,安装 CA 证书并使用 ACM 请求私有 CA。虽然已部署,但它处于失败状态,我在下面遇到了错误,我不知道如何解决这个问题。certificate_authority_arnACM resource

法典

provider "aws" {
    region = "us-east-1"
}




# Create a root CA with ACM PCA
resource "aws_acmpca_certificate_authority" "pca_cert" {
    type = "ROOT"
    certificate_authority_configuration {
        key_algorithm     = "RSA_2048"
        signing_algorithm = "SHA256WITHRSA"

        subject {
            common_name = "cf-demo.com"
        }
    }
    permanent_deletion_time_in_days = 7
}

# Install the root CA certificate
resource "aws_acmpca_certificate_authority_certificate" "cert_authority_certificate" {
    certificate_authority_arn = aws_acmpca_certificate_authority.pca_cert.arn
    certificate               = aws_acm_certificate.demo_acm_cert.arn
}


# Use ACM to request the certificate
resource "aws_acm_certificate" "demo_acm_cert" {
    domain_name       = "cf-demo.com"
    certificate_authority_arn = aws_acmpca_certificate_authority.pca_cert.arn
}


# Grant permissions to ACM to access the certificate authority
resource "aws_acmpca_permission" "root_ca_permission" {
    certificate_authority_arn = aws_acmpca_certificate_authority.pca_cert.arn
    actions                   = ["IssueCertificate", "GetCertificate", "ListPermissions"]
    principal                 = "acm.amazonaws.com"
}

错误:

Error: associating ACM PCA Certificate with Certificate Authority (arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx): ValidationException: 1 validation error detected: Value at 'certificate' failed to satisfy constraint: Member must satisfy regular expression pattern: -----BEGIN CERTIFICATE-----\r?\n([A-Za-z0-9/+]{64}\r?\n)*[A-Za-z0-9/+]{1,64}={0,2}\r?\n-----END CERTIFICATE-----(\r?\n)?.
│       status code: 400, request id: xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
│ 
│   with aws_acmpca_certificate_authority_certificate.cert_authority_certificate,
│   on cert.tf line 32, in resource "aws_acmpca_certificate_authority_certificate" "cert_authority_certificate":
│   32: resource "aws_acmpca_certificate_authority_certificate" "cert_authority_certificate" {

我尝试将资源与一起使用,但我得到了."aws_acmpca_certificate""aws_acm_certificate""Error: Cycle"

Terraform terraform-provider-aws 证书颁发机构 aws-acm

评论

答:

2赞 Robert Hafner 4/22/2023 #1

资源的参数需要实际证书,而不是 ARN。使用 certificate 属性,而不是 arn 属性。aws_acmpca_certificate_authority_certificatecertificatepca_cert

# Install the root CA certificate
resource "aws_acmpca_certificate_authority_certificate" "cert_authority_certificate" {
    certificate_authority_arn = aws_acmpca_certificate_authority.pca_cert.arn
    certificate               = aws_acmpca_certificate_authority.pca_cert.certificate
}

评论

0赞 S Parker 4/22/2023
根据文档,不是属性,因此我收到了以下错误。 │ 错误:不支持的属性 │ │ 在第 34 行 cert.tf 资源“aws_acmpca_certificate_authority_certificate”“cert_authority_certificate”: │ 34:certificate = aws_acm_certificate.demo_acm_cert.certificate │ │ 此对象没有参数、嵌套块或名为“certificate”的导出属性。certificateACM>>
0赞 Robert Hafner 4/22/2023
我更新了答案 - 你不应该在那里使用acm_certificate,你应该使用aws_acmpca_certificate_authority资源。

上一个:将请求从域代理到另一个域 cloudflare/aws

下一个:无法通过 HTTPS 访问在具有 Google 域的 AWS 上运行的 Commento 服务