Skip to content

Commit 14c44d5

Browse files
nyerglernyergler
committed
Updated eks-complete example README wrt TLS certs
1 parent c5fb2cf commit 14c44d5

File tree

1 file changed

+12
-16
lines changed

1 file changed

+12
-16
lines changed

terraform/examples/eks-complete/README.md

Lines changed: 12 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -42,8 +42,8 @@ This example differs from the comprehensive guide in that it:
4242
**Does NOT manage DNS or TLS certificates**
4343

4444
- You must manually create CNAME records pointing to the ALB
45-
- TLS can be handled externally (CloudFlare, CloudFront) or by providing an ACM certificate ARN
46-
- See step 3d in the Quick Start below for TLS options
45+
- TLS requires providing an ACM certificate ARN
46+
- See the TLS Configuration section below for details
4747

4848
**Uses simplified configuration**
4949

@@ -132,19 +132,11 @@ kubectl get pods -n polytomic
132132
# HTTP by default; HTTPS if certificate_arn was provided
133133
```
134134

135-
## TLS Configuration Options
135+
## TLS Configuration
136136

137-
This example does not manage TLS certificates by default. Choose one of these options:
137+
This example does not manage TLS certificates by default. To enable HTTPS, provide an ACM certificate ARN.
138138

139-
### Option 1: External TLS Termination (Recommended)
140-
141-
Use CloudFlare, CloudFront, or another CDN to handle TLS:
142-
143-
- The ALB serves HTTP on port 80
144-
- Your CDN terminates TLS and forwards to ALB
145-
- No ACM certificate needed
146-
147-
### Option 2: ACM Certificate
139+
### Using an ACM Certificate
148140

149141
If you have an ACM certificate in the same AWS account/region:
150142

@@ -156,9 +148,13 @@ module "eks_helm" {
156148
}
157149
```
158150

159-
### Option 3: Manual Certificate Creation
151+
The ALB will be configured to:
152+
- Listen on port 443 (HTTPS) with the certificate
153+
- Redirect HTTP (port 80) to HTTPS
154+
155+
### Creating an ACM Certificate
160156

161-
Uncomment the certificate resources at the bottom of [app/main.tf](app/main.tf), then:
157+
If you need to create a certificate, uncomment the certificate resources at the bottom of [app/main.tf](app/main.tf), then:
162158

163159
```bash
164160
cd app
@@ -170,7 +166,7 @@ aws acm describe-certificate --certificate-arn <arn> | \
170166
jq -r '.Certificate.DomainValidationOptions[0].ResourceRecord'
171167
```
172168

173-
Add the CNAME validation record to your DNS provider, then the certificate will be issued.
169+
Add the CNAME validation record to your DNS provider, then the certificate will be issued and can be used with the `certificate_arn` parameter.
174170

175171
## Configuration Files
176172

0 commit comments

Comments
 (0)