chancez · May 28, 2020 21:13
diff --git a/main.tf b/main.tf
 provider "aws" {
  alias = "certificate_requester"
 }

 provider "aws" {
  alias = "route53_cert_validator"
 }

 resource "aws_acm_certificate" "cert" {
  provider                  = aws.certificate_requester
  domain_name               = var.domain_name
  subject_alternative_names = var.subject_alternative_names
  validation_method         = "DNS"

  tags = var.tags

  lifecycle {
    create_before_destroy = true
  }
 }

 resource "aws_acm_certificate_validation" "cert" {
  provider                = aws.certificate_requester
  certificate_arn         = aws_acm_certificate.cert.arn
  validation_record_fqdns = [aws_route53_record.cert_validation.fqdn]
 }

 resource "aws_route53_record" "cert_validation" {
  provider = aws.route53_cert_validator

  zone_id = var.zone_id
  name    = aws_acm_certificate.cert.domain_validation_options.0.resource_record_name
  type    = aws_acm_certificate.cert.domain_validation_options.0.resource_record_type
  records = [aws_acm_certificate.cert.domain_validation_options.0.resource_record_value]
  ttl     = 60
 }
diff --git a/outputs.tf b/outputs.tf
 output "certificate" {
  value = aws_acm_certificate.cert
 }

 output "certificate_validation" {
  value = aws_acm_certificate_validation.cert
 }
diff --git a/usage-example.tf b/usage-example.tf
 module "acm_certificate" {
  source = "../../../modules/acm_certificate_dns_validated"
  providers = {
    aws.certificate_requester  = aws
    aws.route53_cert_validator = aws
  }

  zone_id                   = module.cluster_domain.zone_id
  domain_name               = local.cluster_domain
  subject_alternative_names = ["*.${local.cluster_domain}"]

  tags = {
    environment = local.environment
  }
 }
diff --git a/variables.tf b/variables.tf
 variable "zone_id" {
  type        = string
  description = "Route53 zone_id to create certificate validation records within."
 }

 variable "domain_name" {
  type        = string
  description = "A domain name for which the certificate should be issued."
 }

 variable "subject_alternative_names" {
  type        = list(string)
  description = "A list of domains that should be SANs in the issued certificate."
 }

 variable "tags" {
  type    = map(string)
  default = {}
 }
	provider "aws" {
	alias = "certificate_requester"
	}

	provider "aws" {
	alias = "route53_cert_validator"
	}

	resource "aws_acm_certificate" "cert" {
	provider = aws.certificate_requester
	domain_name = var.domain_name
	subject_alternative_names = var.subject_alternative_names
	validation_method = "DNS"

	tags = var.tags

	lifecycle {
	create_before_destroy = true
	}
	}

	resource "aws_acm_certificate_validation" "cert" {
	provider = aws.certificate_requester
	certificate_arn = aws_acm_certificate.cert.arn
	validation_record_fqdns = [aws_route53_record.cert_validation.fqdn]
	}

	resource "aws_route53_record" "cert_validation" {
	provider = aws.route53_cert_validator

	zone_id = var.zone_id
	name = aws_acm_certificate.cert.domain_validation_options.0.resource_record_name
	type = aws_acm_certificate.cert.domain_validation_options.0.resource_record_type
	records = [aws_acm_certificate.cert.domain_validation_options.0.resource_record_value]
	ttl = 60
	}
	output "certificate" {
	value = aws_acm_certificate.cert
	}

	output "certificate_validation" {
	value = aws_acm_certificate_validation.cert
	}
	module "acm_certificate" {
	source = "../../../modules/acm_certificate_dns_validated"
	providers = {
	aws.certificate_requester = aws
	aws.route53_cert_validator = aws
	}

	zone_id = module.cluster_domain.zone_id
	domain_name = local.cluster_domain
	subject_alternative_names = ["*.${local.cluster_domain}"]

	tags = {
	environment = local.environment
	}
	}
	variable "zone_id" {
	type = string
	description = "Route53 zone_id to create certificate validation records within."
	}

	variable "domain_name" {
	type = string
	description = "A domain name for which the certificate should be issued."
	}

	variable "subject_alternative_names" {
	type = list(string)
	description = "A list of domains that should be SANs in the issued certificate."
	}

	variable "tags" {
	type = map(string)
	default = {}
	}