I am attempting to upload a public key to cloudfront with terraform using aws_cloudfront_public_key like this:
//main.tf
...
resource "aws_cloudfront_public_key" "public_key" {
name = "public-key"
comment = "Public key for signed URLs"
encoded_key = filebase64("${path.module}/public_key.pem")
}
resource "aws_cloudfront_key_group" "cloudfront_key_group" {
name = "cloudfront_key_group"
items = [aws_cloudfront_public_key.public_key.id]
}
...
When running terraform apply I get:
╷
│ Error: creating CloudFront Public Key (public-key): operation error CloudFront: CreatePublicKey, https response error StatusCode: 400, RequestID: 8cd90d09-7ab2-44d8-b450-9aff65070a5c, InvalidArgument: Your request contains empty/invalid/out of limits RSA Encoded Key
│
│ with aws_cloudfront_public_key.public_key,
│ on main.tf line 1, in resource "aws_cloudfront_public_key" "public_key":
│ 1: resource "aws_cloudfront_public_key" "public_key" {
│
╵
Additional Info:
I created a public key as described here:
openssl genrsa -out private_key.pem 2048
openssl rsa -pubout -in private_key.pem -out public_key.pem
This is a key I got this way:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA86bP1o/cQLLkgyv4Hxei
oDmV8QLa9gKJefk81M7UleU14IclhtoYcS+HTa/bw6SAGWlwplm3nh3H3mlyPqd+
Mij+5p+wz9gyOb/04kreB4hFMNjLa+ef6ploRCEB5AxN/0rr9gOL5NdEAlfK7xfk
/kejsfj1Pi1L/1NRV7kmPsTxSw6krYZngiNXmIbJYJokQGFN9R79yK4T0R5mVIdd
yM0JCsqRvJhbFDjeA5WHdzIEP816Xk+NKYfxzFO12gJ7y+CqXr1w5Ggs0F3dMHH2
h1HP0UJDO/JA+4Ka9lJR3j189BJBJBzPQkn1UJGeQhVOkooV9njxP3hFVlSIgXoK
9wIDAQAB
-----END PUBLIC KEY-----
The file includes a trailing newline. It is in the root directory of my project were main.tf resides.
If I manually paste the key via
https://console.aws.amazon.com/cloudfront/v4/home -> Public keys -> Create public key
Then the key is created without issue.
I have no idea what the issue is and I would be grateful for any help!
It should be
encoded_key = file("${path.module}/public_key.pem")
not
encoded_key = filebase64("${path.module}/public_key.pem")