SSL/TLS certificates for Amazon EC2 instances

[ewbankkit]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

ACM for Nitro Enclaves is an enclave application that allows you to use public and private SSL/TLS certificates with your web applications and servers running on Amazon EC2 instances with AWS Nitro Enclaves.

To support such applications a new resource to associate an EC2 instance's IAM role with an ACM certificate is required.

New or Affected Resource(s)

• aws_ec2_enclave_certificate_iam_role_association

Potential Terraform Configuration

resource "aws_ec2_enclave_certificate_iam_role_association" "example" {
  certificate_arn = aws_acm_certificate.example.arn
  role_arn        = aws_iam_role.example.arn
}

References

Announcement. User Guide.

Requires AWS SDK v1.35.17:

• https://github.com/terraform-providers/terraform-provider-aws/pull/15905

Relates: #15909.

[pkruk]

I can take a look on that!

[pkruk]

I will present a PR in a few days, when I will finish polishing and tests :)

[cutler-scott-newrelic]

Any update to this? Or workarounds? It looks like this is still required per AWS documentation (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html - See Step 4)

[jbouse]

Any work progressing on this feature? It appears that the EC2 instance option to enable enclaves and the pre-req SDK changes have been made but they do not complete the solution as you have to be able to associate the ACM certificate to the IAM Role before you can use it as documented and referenced to previously.