From 1b399556e3037736280c36919c1467a2c152999a Mon Sep 17 00:00:00 2001
From: Vlad Vitan <23100181+vlasebian@users.noreply.github.com>
Date: Wed, 9 Oct 2024 13:19:12 +0200
Subject: [PATCH] doc: Add description for new aws template param
 (TLSCertificateSecretARN) (#1382)

* doc: Add info for new aws template param (TLSCertificateSecretARN)

* doc: Add info about TLS in the prerequistes for the ami deployment guide
---
 .../host/aws/ami/deployment-guide/_index.md               | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/doc/content/the-things-stack/host/aws/ami/deployment-guide/_index.md b/doc/content/the-things-stack/host/aws/ami/deployment-guide/_index.md
index 21aa8da833..21407b535e 100644
--- a/doc/content/the-things-stack/host/aws/ami/deployment-guide/_index.md
+++ b/doc/content/the-things-stack/host/aws/ami/deployment-guide/_index.md
@@ -39,6 +39,7 @@ The following are necessary to complete this guide:
 4. A LoRaWAN® compliant Gateway
 5. A LoRaWAN compliant End Device
 6. Access to a name server for DNS mapping
+7. (Optional) An AWS Secret containing TLS certificate data, if a custom TLS certificate is needed
 
 ## Deployment using AWS Cloud Formation
 
@@ -80,9 +81,10 @@ This template allows the user to customize the deployment. The following is a li
 |SendGrid API Key*|API key for [SendGrid](https://sendgrid.com/) to send emails.|-|
 |Amazon ElastiCache KMS Key ID*|Key used for Redis at-rest encryption. Leave empty to disable encryption. (Warning) A change to this field requires manual migration of the database.|-|
 |Amazon ElastiCache Password*|Password used to access Redis. Leave empty to disable TLS connection. (Warning) A change to this field requires manual migration of the database.|-|
-|TLS Certificate|TLS certificate to use. If left empty, TLS certificates from Let's Encrypt will automatically be requested.|-|
-|TLS Certificate Key|TLS certificate key to use. If left empty, TLS certificates from Let's Encrypt will automatically be requested.|-|
-|TLS Certificate CA|TLS certificate CA to use. If left empty, TLS certificates from Let's Encrypt will automatically be requested.|-|
+|TLS Certificate*|TLS certificate to use. If left empty, TLS certificates from Let's Encrypt will automatically be requested.|-|
+|TLS Certificate Key*|TLS certificate key to use. If left empty, TLS certificates from Let's Encrypt will automatically be requested.|-|
+|TLS Certificate CA*|TLS certificate CA to use. If left empty, TLS certificates from Let's Encrypt will automatically be requested.|-|
+|ARN of an AWS Secret containing the TLS certificate data*|TLS certificate data specified as an AWS secret. If this secret is specified, TLSCertificate, TLSCertificateCA and TLSCertificateKey values will be ignored. The AWS secret must have 3 key/value pairs with the key names: cert, key, ca.|-|
 
 > \* Optional field