0

I'm having issues when trying to match a certificate I have created at AWS ACM in a classic load balancer in terraform.

According to the documentation and examples, terraform expects me to provide a SSL certificate I have uploaded to AWS IAM. See documentation But this doesn't makes a lot of sense, because I have my certificate in ACM. Someone know how I can configure this certificate with terraform?

This is the error I'm getting

Error: Error creating ELB: ValidationError: Secure Listeners need to specify a SSLCertificateId
    status code: 400, request id: c16d2c09-32b7-484f-9c51-e8a2d8fed1fe

  on modules/ec2/loadbalancer.tf line 3, in resource "aws_elb" "bar":
   3: resource "aws_elb" "sprint0_elb" {

resource "aws_elb" "bar" {
  name               = "foobar-terraform-elb"
  availability_zones = ["us-east-2a", "us-east-2b", "us-east-2c"]

  access_logs {
    bucket        = "foo"
    bucket_prefix = "bar"
    interval      = 60
  }

  listener {
    instance_port     = 8000
    instance_protocol = "http"
    lb_port           = 80
    lb_protocol       = "http"
  }

  listener {
    instance_port      = 8000
    instance_protocol  = "http"
    lb_port            = 443
    lb_protocol        = "https"
    ssl_certificate_id = "arn:aws:acm:us-east-1:xxxxxxxxxxxxxxx:certificate/xxxxxx-xxxx-xxx-xxx-xxxxxxxxxx"
  }
Diego
  • 916
  • 1
  • 13
  • 36
  • You have two leading " opening and closing an empty string on your `ssl_certificate_id`, could it be that? – Anthony Neace Nov 09 '19 at 00:45
  • Nope, that was a mistake of copy paste :( – Diego Nov 09 '19 at 00:48
  • 1
    You're trying to attach an ACM certificate in another region. You can't do this. Create another ACM certificate in us-west-2 and it will be fine. I'd also recommend using the `aws_acm_certificate` data source to look up your certificate instead of hardcoding it. – ydaetskcoR Nov 09 '19 at 07:05
  • Can you try this: certificate_arn = “${aws_acm_certificate.acm_certificate.arn}” ? – James Dean Nov 09 '19 at 07:15
  • @JamesDean there's not that option in the documentation for the listers, https://www.terraform.io/docs/providers/aws/r/elb.html#ssl_certificate_id – Diego Nov 09 '19 at 17:18

0 Answers0