search

hashicorp / terraform-aws-consul-ecs

Consul Service Mesh on AWS ECS (Elastic Container Service)
https://www.consul.io/docs/ecs
Mozilla Public License 2.0
52 stars 31 forks source link

consul_https_ca_cert_arn using ACM #155

Closed polewskm closed 1 year ago

polewskm commented 1 year ago

How are we supposed to specify consul_https_ca_cert_arn when Consul's certificate is from ACM? In that use-case, we don't have access to the CA.

polewskm commented 1 year ago

I figured it out.

For any traffic going through our ALB, I added the AWS root CAs.

Then I concatenated our private CA.

Luckily both the acl-controller and mesh-task allow a CA file with multiple certificates.

cthain commented 1 year ago

Thanks for the issue @polewskm. I'm glad to hear that you got it resolved!

Thanks for posting your solution, it may be helpful for others with the same use case.