Skip to content
/ terraform-aws-acm-multiple-hosted-zone Public
forked from ringanta/terraform-aws-acm-multiple-hosted-zone

Terraform module to create ACM certificate with multiple Route53 hosted zone

0 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

laterpay/terraform-aws-acm-multiple-hosted-zone

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
examples
examples
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Terraform AWS Certificate Manager (ACM) with Multiple Hosted Zone Module

Terraform module to create an ACM resource that contains domains from multiple Route53 hosted zone. ACM validation is using Route53 only. This module supports terraform version 0.12 only.

Usage

The domain_name and subject_alternative_names variables consist of map (object) of string and list of map of string. Each object must consist zone and domain keys.

  • The zone key contains name of hosted zone where the domain belong. The hosted must be a public one on Route53 in the same AWS account with the requested certificate.
  • The domain key contains domain name that will be used in the certificate whether in the domain name or subject alternative names section.
module "acm" {
    source = "../../"

    domain_name = {
        zone = "example.com"
        domain = "example.com"
    }
    subject_alternative_names = [
        {
            zone = "example.com"
            domain = "*.example.com"
        },
        {
            zone = "example.org"
            domain = "example.org"
        },
        {
            zone =  "example.org"
            domain = "*.example.org"
        }
    ]

    tags = {
        Name = "Test ACM multiple hosted zone"
    }
}

Examples

Recreating ACM Certificate

Due to the hashicorp/terraform-provider-aws#8531 issue, this module implement a workaround that makes existing ACM certificate won't be recreated when we change the subject alternatives name. So make sure to taint the certificate using terraform taint command before adjusting the subject alternatives name. Here is the steps:

  1. Taint exisiting certificate using terraform taint module.acm.aws_acm_certificate.self command.
  2. Adjust value of the subject_alternatives_name variable.
  3. Run terraform plan -out=tfplan.out and review the execution plan.
  4. Apply the change using terraform apply tfplan.out.

Inputs

Name Description Type Default Required
domain_name Domain name for the ACM certificate map(string) n/a yes
subject_alternative_names List of subject alternative names for the ACM certificate list(map(string)) n/a yes
tags Key and value pair that will be added as tag map(string) {} no
validate_certificate Whether to validate certificate bool true no
validation_allow_overwrite_records Whether to allow overwrite of Route53 records bool true no
validation_set_records Whether to configure Route53 records for validation bool true no

Outputs

Name Description
certificate_arn The ARN of the certificate
certificate_domain_validation_options A list of attributes to feed into other resources to complete certificate validation
certificate_domains List of domain names covered by the certificate

About

Terraform module to create ACM certificate with multiple Route53 hosted zone

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages

  • HCL 100.0%