{"id":21261401,"url":"https://github.com/dflook/terraform-aws-acm-certificate","last_synced_at":"2026-05-06T17:34:45.008Z","repository":{"id":43646899,"uuid":"462826582","full_name":"dflook/terraform-aws-acm-certificate","owner":"dflook","description":"Terraform module for ACM DNS validated certificates","archived":false,"fork":false,"pushed_at":"2022-02-26T02:35:18.000Z","size":20,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-08-21T11:54:08.737Z","etag":null,"topics":["acm","aws","certificate","terraform"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dflook.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":["dflook"]}},"created_at":"2022-02-23T16:55:19.000Z","updated_at":"2024-11-11T23:11:06.000Z","dependencies_parsed_at":"2022-08-23T06:40:59.114Z","dependency_job_id":null,"html_url":"https://github.com/dflook/terraform-aws-acm-certificate","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/dflook/terraform-aws-acm-certificate","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dflook%2Fterraform-aws-acm-certificate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dflook%2Fterraform-aws-acm-certificate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dflook%2Fterraform-aws-acm-certificate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dflook%2Fterraform-aws-acm-certificate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dflook","download_url":"https://codeload.github.com/dflook/terraform-aws-acm-certificate/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dflook%2Fterraform-aws-acm-certificate/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32704558,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-06T08:33:17.875Z","status":"ssl_error","status_checked_at":"2026-05-06T08:33:17.221Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acm","aws","certificate","terraform"],"created_at":"2024-11-21T04:29:28.362Z","updated_at":"2026-05-06T17:34:44.993Z","avatar_url":"https://github.com/dflook.png","language":"Python","funding_links":["https://github.com/sponsors/dflook"],"categories":[],"sub_categories":[],"readme":"# dflook/acm-certificate/aws Terraform Module\n\nThis module creates an ACM issued DNS validated certificate.\nIt supports automatically creating the required validation records where the zone is hosted by Route53.\n\nThe [validation submodule](https://registry.terraform.io/modules/dflook/acm-certificate/aws/latest/submodules/validation) can be used with this resource to create the validation records in a Route53 Hosted Zone in another AWS account.\n\nThis module can also be used to create certificates that include names that can't have their validation records automatically created.\n\n## Input variables\n\n### `names`\n\n- Type: map(string)\n- Required\n\nThe names to include in the issued certificate, and their Route53 hosted zones to create the validation records.\n\nThe input is a map where the keys are the names to include in the certificate. The value for each key is the Hosted Zone id to create the validation record.\nIf the value for a key is `null`, the validation record is not created.\n\n### `common_name`\n\n- Type: string\n- Optional\n\nThe name to use as the Common Name of the issued certificate. If specified, this must be present in the `names` map. If not specified, one of the names in the `names` map is used.\nThis makes some cosmetic difference to how the certificate is presented in some clients/browsers. All `names` are included in the certificate as Subject Alternative Names.\nValidating certificates based on the common name has been deprecated for a long time.\n\n### `tags`\n\n- Type: map(string)\n- Optional\n\nTags to add to the certificate resource.\n\n### `wait_for_validation`\n\n- Type: bool\n- Optional, Default: true\n\nWhen true, wait until the certificate is validated before the `arn` output is available.\nThis can be set to false if some of the names in the certificate can't have their validation records automatically added by terraform.\n\n## Output\n\n### `arn`\n\n- Type: string\n\nThe ARN of the certificate. When `wait_for_validation` is true, the certificate will have been issued.\nWhen `wait_for_validation` is false, the certificate may not have been issued yet.\n\n### `common_name`\n\n- Type: string\n\nThe Common Name (CN) of the certificate.\n\n### `certificate`\n\n- Type: `aws_acm_certificate`\n\nThe underlying [aws_acm_certificate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate) resource. \nThis should be passed to the `validation` submodule if needed to create validation records using a different AWS provider, such as when using a Route53 zone in another account.\n\nThe `domain_validation_options` attribute could also be used to create validation records in other DNS providers.\n\n## Examples\n\nSee the full [examples](https://github.com/dflook/terraform-aws-acm-certificate/tree/main/examples) for more.\n\n### A single name\n\nThis example creates a certificate for a single name.\nThe Hosted Zone id is provided, so the certificate is automatically validated and issued.\n\nThe `arn` output is available once the certificate is ready to use.\n\n```hcl\nmodule \"certificate\" {\n  source = \"dflook/acm-certificate/aws\"\n  version = \"1.0.0\"\n\n  names = {\n    \"hello.example.com\" : data.aws_route53_zone.example_com.zone_id\n  }\n}\n```\n\n### Certificate with names from multiple Hosted Zones\n\nThis creates a certificate that includes the names:\n  - `example.com`\n  - a wildcard for subdomains of `example.com`\n  - `hello.example.org`, which is a separate Hosted Zone in the same account\n\nThis also explicitly sets which of the names should be the Common Name of the certificate.\n\n```hcl\nmodule \"certificate\" {\n  source = \"dflook/acm-certificate/aws\"\n  version = \"1.0.0\"\n\n  common_name = \"hello.example.org\"\n  \n  names = {\n    \"example.com\" : data.aws_route53_zone.example_com.zone_id\n    \"*.example.com\" : data.aws_route53_zone.example_com.zone_id\n\n    \"hello.example.org\" : data.aws_route53_zone.example_org.zone_id\n  }\n}\n```\n\n### Certificate with names from multiple Hosted Zones in multiple AWS accounts\n\nThis creates a certificate that includes a name that belongs to a Hosted Zone in another AWS account.\nThe additional name must be in the `names` input variable with the zone id set to `null`, which prevents the module from trying to create the validation record itself.\n\nYou can use the [validation submodule](https://registry.terraform.io/modules/dflook/acm-certificate/aws/latest/submodules/validation) to create the validation records in the other account by passing in an aws provider configured for the correct account.\n\n```hcl\nmodule \"my_cert\" {\n  source = \"dflook/acm-certificate/aws\"\n  version = \"1.0.0\"\n\n  common_name = \"example.org\"\n  \n  names = {\n    \"example.com\" : data.aws_route53_zone.example_com.zone_id\n    \"example.org\" : null\n  }\n}\n\nmodule \"certificate_validate_second_zone\" {\n  source = \"dflook/acm-certificate/aws//modules/validation\"\n  version = \"1.0.0\"\n\n  providers = {\n    aws = aws.account-2\n  }\n\n  certificate = module.my_cert.certificate\n\n  names = {\n    \"example.org\" : data.aws_route53_zone.example_org.zone_id\n  }\n}\n```\n\n### Certificate that is not validated\n\nThis creates a certificate that can't yet be validated and issued. Perhaps the DNS zone is managed manually and not using terraform.\n\nThe validation record is created in the provided Hosted Zone but we can't create the validation record for the second zone.\nBy setting `wait_for_validation` to `false`, terraform finished as soon as the certificate is created (but not yet validated or issued).\n\nThe `domain_validation_options` output shows the validation records that need to be created.\nSoon after the validation records have been created for the second zone, the certificate will be validated and ready to use.\n\n```hcl\nmodule \"my_cert\" {\n  source = \"dflook/acm-certificate/aws\"\n  version = \"1.0.0\"\n  \n  wait_for_validation = false\n  \n  names = {\n    \"example.com\" : data.aws_route53_zone.example_com.zone_id    \n    \"example.org\" : null\n  }\n}\n\noutput \"domain_validation_options\" {\n  value = module.my_cert.certificate.domain_validation_options\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdflook%2Fterraform-aws-acm-certificate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdflook%2Fterraform-aws-acm-certificate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdflook%2Fterraform-aws-acm-certificate/lists"}