Service Catalog Version 0.85.5Last updated in version 0.77.0
TLS Scripts
Overview
This service contains scripts that simplify the process of creating and managing TLS certificates, JVM key stores and trust stores, and RDS CA certificates.
Features
Bash scripts that simplify working with TLS certificates. You will typically only need these scripts to configure end-to-end encryption in your Reference Architecture.
- Simplify creating self-signed TLS certificates
- Encrypt TLS certificates using KMS
- Upload TLS certificates to AWS for use with ELBs
- Download CA public keys for validating RDS TLS connections
- Simplify creating key stores and trust stores to manage TLS certificates for JVM apps
- Run from a Docker container so you don’t need to install any dependencies locally
Learn
note
This repo is a part of the Gruntwork Service Catalog, a collection of reusable, battle-tested, production ready infrastructure code. If you’ve never used the Service Catalog before, make sure to read How to use the Gruntwork Service Catalog!
About TLS
- How does TLS/SSL work?
- What are commercial or public Certificate Authorities?
- How does Gruntwork generate a TLS cert for private services?
About the scripts specifically
- How does create-tls-cert work?
- How does download-rds-ca-certs work?
- How does generate-trust-stores work?
Deploy
Running
- How do I run these scripts using Docker?
- How do I create self-signed TLS certs?
- Should I store certs in AWS Secrets Manager or Amazon Certificate Manager?
- Generating self-signed certs for local dev and testing
- Generating self-signed certs for prod, encrypting certs locally with KMS
- Generating self-signed certs for prod, using AWS Secrets Manager for storage
- Generating self-signed certs for prod, using Amazon Certificate Manager for storage
- How do I download CA public keys for validating RDS TLS connections?
- How do I generate key stores and trust stores to manage TLS certificates for JVM apps?
Testing
Reference
- Inputs
- Outputs