» vault_aws_auth_backend_cert

Manages a certificate to be used with an AWS Auth Backend in Vault.

This resource sets the AWS public key and the type of document that can be verified against the key that Vault can then use to verify the instance identity documents making auth requests.

For more information, see the Vault docs.

» Example Usage

resource "vault_auth_backend" "aws" {
  type = "aws"
}

resource "vault_aws_auth_backend_cert" "cert" {
  backend         = "${vault_auth_backend.aws.path}"
  cert_name       = "my-cert"
  aws_public_cert = "${file("${path.module}/aws_public_key.crt})"
  type            = "pkcs7"
}

» Argument Reference

The following arguments are supported:

  • cert_name - (Required) The name of the certificate.

  • aws_public_cert - (Required) The Base64 encoded AWS Public key required to verify PKCS7 signature of the EC2 instance metadata. You can find this key in the AWS documentation.

  • type - (Optional) Either "pkcs7" or "identity", indicating the type of document which can be verified using the given certificate. Defaults to "pkcs7".

  • backend - (Optional) The path the AWS auth backend being configured was mounted at. Defaults to aws.

» Attributes Reference

No additional attributes are exported by this resource.

» Import

AWS auth backend certificates can be imported using auth/, the backend path, /config/certificate/, and the cert_name e.g.

$ terraform import vault_aws_auth_backend_cert.example auth/aws/config/certificate/my-cert