How to attach pre-uploaded SSL cert to ELB in CloudFormation template?

pquery picture pquery · Feb 25, 2013 · Viewed 19.6k times · Source

I've been trying to attach a SSL certificate that I'm currently using for one of my Elastic Load Balancing Instances on a new Cloud Formation Template but each time I get:
Server Certificate not found for the key
And then the Cloudformation template starts to roll back at that point.

            "Listeners" : [ 
         {
          "LoadBalancerPort" : "443",
          "InstancePort" : "80",
          "SSLCertificateId" : "start_certname_com",
          "Protocol" : "HTTPS"
         },...

Amazon is asking for the The ARN of the SSL certificate to use. and I believe this is correct since this is the exact string which appears in the dropdown of the current set up ELB which takes 443 to port 80 on the instances.

Am I missing something on my Listener?

Answer

gene_wood picture gene_wood · Nov 16, 2013

You can derive the ARN for a certificate in CloudFormation with only the certificate name. No need to run a command line tool and hard code the value into your CloudFormation template.

    "Parameters":{
      "Path":{
         "Description":"AWS Path",
         "Default":"/",
         "Type":"String"
      }
    }
     ...
        "Listeners" : [ 
     {
      "LoadBalancerPort" : "443",
      "InstancePort" : "80",
      "SSLCertificateId" : {
        "Fn::Join":[
           "",
           [
              "arn:aws:iam::",
              {
                 "Ref":"AWS::AccountId"
              },
              ":server-certificate",
              {
                 "Ref":"Path"
              },
              "start_certname_com"
           ]
        ]
      },
      "Protocol" : "HTTPS"
     },...

This determines your account id with the {"Ref":"AWS::AccountId"} pseudo parameter and combines it with the other elements needed to form the ARN. Note that I'm using a variable called Path in case you've set a path for your certificate. If not the default of "/" works fine.

This solution was mentioned by @Tristan and is an extension of merrix143243's solution