Skip to content

virsas/mod-terraform-aws-acm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
output.tf
output.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

mod-terraform-aws-acm

Terraform module to create ACM certificates

Dependencies

Variables

  • profile - The profile from ~/.aws/credentials file used for authentication. By default it is the default profile.
  • accountID - ID of your AWS account. It is a required variable normally used in JSON files or while assuming a role.
  • region - The region for the resources. By default it is eu-west-1.
  • assumeRole - Enable / Disable role assume. This is disabled by default and normally used for sub organization configuration.
  • assumableRole - The role the user will assume if assumeRole is enabled. By default, it is OrganizationAccountAccessRole.
  • create_cert - If certificate should be created. By default it is set to true, only in case of import, this should be disabled.
  • import_cert - For import, please set this value to true, disable creation and provide the name of the cert in cert object.
  • cert_path - By default the certs are located in ./cert/acm directory with names NAME and extensions .crt .key and -ca.crt.
  • cert - Certificate for domain name and its alternatives. Eg.: cert = { domain = 'example.org', alternatives = ['*.example.org']}
  • validation - Method for certificate validation. DNS or EMAIL are valid options. In the case of DNS, route53 zone must be provided too. By default, we will validate the domain by email.
  • zone - The Route53 zone ID, in case DNS method is selected.
  • ttl - The Route53 record TTL

Example

Route53 validation for single domain with subdomains (DNS or Email validation)

variable "acm_example_cert" {
  default = { name = "example", domain = "example.org", alternatives = [ "www.example.org", "api.example.org", "app.example.org" ] }
}

module "acm_example" {
  source   = "git::https://github.com/virsas/mod-terraform-aws-acm.git?ref=v3.0.2"

  profile = "default"
  accountID = var.accountID
  region = "us-east-1"

  validation = "DNS"
  zone = module.route53_example_org.zone_id

  cert = var.acm_example_cert
}

output "acm_example_arn" {
    value = module.acm_example.arn
}

Route53 validation for multi domain certification (EMAIL validation only)

variable "acm_multi_cert" {
  default = { name = "example", domain = "example.org", alternatives = [ "*.example.org", "example.com", "*.example.com" ] }
}

module "acm_multi" {
  source   = "git::https://github.com/virsas/mod-terraform-aws-acm.git?ref=v3.0.2"

  profile = "default"
  accountID = var.accountID
  region = "us-east-1"

  cert = var.acm_multi_cert
}

output "acm_multi_arn" {
    value = module.acm_multi.arn
}

Cert import

variable "acm_import_cert" {
  default = { name = "google", domain = "", alternatives = [] }
}

module "acm_import" {
  source   = "git::https://github.com/virsas/mod-terraform-aws-acm.git?ref=v3.0.2"

  profile = "default"
  accountID = var.accountID
  region = "us-east-1"

  create_cert = false
  import_cert = true

  cert_path = "./certs"

  cert = var.acm_import_cert
}

output "acm_import_arn" {
    value = module.acm_import.arn
}

Outputs

  • id
  • arn
  • domain_name
  • status
  • validation_emails (populated only for email validation)
  • validation_domains (populated only for dns validation)

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages