I was recently working on a cloudformation template that needed an ELB with an HTTPS listener. My company already has a wildcard cert uploaded to IAM for use in staging environments, so I wanted to use that cert rather than create a new one.
The classic load balancer and the newer Application Load Balancer look a little different for creating HTTPS listeners, but both require you to include the certificate ARN in your template.
I spent some time poking around in the console, looking for how to find the ARN of a certificate you've uploaded with no success. As far as I can tell, there's no where besides editing an ELB listener to see the certificates that you've uploaded.
Finally I turned to the AWS CLI and found "get-server-certificate" which returns the ARN of a certificate uploaded to IAM.
If you already have the AWS CLI setup with your secret keys, it's pretty straightforward
As it turns out, the ARN of a certificate is just the combination of your account number and the name you gave it.
The classic load balancer and the newer Application Load Balancer look a little different for creating HTTPS listeners, but both require you to include the certificate ARN in your template.
I spent some time poking around in the console, looking for how to find the ARN of a certificate you've uploaded with no success. As far as I can tell, there's no where besides editing an ELB listener to see the certificates that you've uploaded.
Finally I turned to the AWS CLI and found "get-server-certificate" which returns the ARN of a certificate uploaded to IAM.
If you already have the AWS CLI setup with your secret keys, it's pretty straightforward
aws iam get-server-certificate --server-certificate-name wildcard-****And it will kick back the relevant data
As it turns out, the ARN of a certificate is just the combination of your account number and the name you gave it.
And lastly, because I insist on believing that lots of people use Powershell for AWS management when maybe none of you do, here's the same command in good ol' PS.
(Get-IAMServerCertificate -servercertificatename wildcard-***********).ServerCertificateMetadata
Interestingly, the powershell tools have a few different objects built in so you won't get the metadata by default.
No comments:
Post a Comment