Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/manicminer/terraform-aws-acm-certificate
Terraform module to create and validate AWS ACM certificates with DNS validation via Route53
https://github.com/manicminer/terraform-aws-acm-certificate
Last synced: 23 days ago
JSON representation
Terraform module to create and validate AWS ACM certificates with DNS validation via Route53
- Host: GitHub
- URL: https://github.com/manicminer/terraform-aws-acm-certificate
- Owner: manicminer
- License: other
- Created: 2018-05-24T19:06:06.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2019-12-11T21:56:57.000Z (almost 5 years ago)
- Last Synced: 2024-10-04T17:30:29.704Z (about 1 month ago)
- Language: HCL
- Size: 5.86 KB
- Stars: 11
- Watchers: 3
- Forks: 10
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# AWS Certificate Manager (ACM) Terraform module
A Terraform module which requests and validates ACM certificates on AWS, using DNS validation with Route53.
## Usage
```hcl
module "acm_ops" {
source = "modules/aws_acm_certificate"
domain_names = ["ops.acme.net", "*.ops.acme.net"]
zone_id = "${data.aws_route53_zone.external.id}"
providers = {
"aws.acm" = "aws",
"aws.route53" = "aws",
}
}
module "acm_marketing" {
source = "modules/aws_acm_certificate"
domain_names = ["acme.com", "*.acme.com"]
zone_id = "${data.aws_route53_zone.acme.id}"
providers = {
"aws.acm" = "aws.marketing",
"aws.route53" = "aws.ops",
}
}
```
## Providers
| Name | Description |
|------|-------------|
| aws.acm | AWS provider to use for issuing the certificate |
| aws.route53 | AWS provider to use for publishing validation records to Route53 |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| domain_names | List of one to ten domain names to associate with the certificate | list | `` | yes |
| zone_id | Route53 zone ID of the zone in which to create validation records | string | `` | no |
| zone_ids | Map having domain names as keys, Route53 zone ID as values | string | `` | no |
Either one of `zone_id` or `zone_ids` should be specified. Use `zone_id` when your domain(s) are all contained in a single zone, e.g. for subdomains. Use `zone_ids` when you are issuing a cert for multiple domains served from different zones, e.g. different TLDs.
### Single zone example
```hcl
module "my_acm_certificate" {
source = "..."
domain_names = ["foo.net", "*.foo.net"]
zone_id = "${data.aws_route53_zone.foo_net.zone_id}"
providers = {
"aws.acm" = "aws.us-east-1"
"aws.route53" = "aws.us-east-1"
}
}
```
### Multi zone example
Note that you'll need to specify a zone ID for each unique domain, including subdomains and wildcards
```hcl
module "my_acm_certificate" {
source = "..."
domain_names = ["foo.net", "*.foo.net", "bar.org", "foo.bar.org"]
zone_ids = {
"foo.net" = "${data.aws_route53_zone.foo_net.zone_id}"
"*.foo.net" = "${data.aws_route53_zone.foo_net.zone_id}"
"bar.org" = "${data.aws_route53_zone.bar_org.zone_id}"
"foo.bar.org" = "${data.aws_route53_zone.bar_org.zone_id}"
}
providers = {
"aws.acm" = "aws.us-east-1"
"aws.route53" = "aws.us-east-1"
}
}
```
## Outputs
| Name | Description |
|------|-------------|
| arn | The ARN of the certificate |
## Known Issues
Due to Terraform insisting on [evaluating both sides of a ternary statement][tf_11574], currently the map lookup for `zone_ids` has a defualt value, so if you omit a domain from this attribute, your plan will pass but you'll get a `NoSuchHostedZone` error when applying. If this happens, you can add the missing domain then re-plan and re-apply safely.
## License
Apache License v2. See [LICENSE](LICENSE).
[tf_11574]: https://github.com/hashicorp/terraform/issues/11574