Skip to content

Latest commit

 

History

History

amazon-issued-cert

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
migrations.tf
migrations.tf
 
 
outputs.tf
outputs.tf
 
 
resource-group.tf
resource-group.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

amazon-issued-cert

This module creates following resources.

  • aws_acm_certificate
  • aws_acm_certificate_validation (Optional)
  • aws_route53_record (Optional)

Requirements

Name Version
terraform >= 1.6
aws >= 4.58

Providers

Name Version
aws 5.26.0

Modules

Name Source Version
resource_group tedilabs/misc/aws//modules/resource-group ~> 0.10.0

Resources

Name Type
aws_acm_certificate.this resource
aws_acm_certificate_validation.dns resource
aws_acm_certificate_validation.email resource
aws_route53_record.validation resource

Inputs

Name Description Type Default Required
domain_name (Required) A domain name for which the certificate should be issued. FQDN (Fully qualified domain name), such as www.example.com, that you want to secure with an ACM certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. string n/a yes
name (Required) The name of the certificate. string n/a yes
certificate_transparency_logging_enabled (Optional) Whether to add the certificate to a certificate transparency log. Transparency makes it possible to detect SSL/TLS certificates that have been mistakenly or maliciously issued. Certificates that have not been logged typically produce an error message in a browser. Defaults to true. bool true no
dns_validation (Optional) The configuration for the DNS validation. dns_validation as defined below.
(Optional) enabled - Whether to process DNS validation by creating the necessary domain records in the module. Defaults to false.
(Optional) managed_zones - List of Hosted Zones to automatically manage the records for DNS validation as a map. The key is the name of Hosted Zone. The value is the ID of Hosted Zone.		 
object({
    enabled       = optional(bool, false)
    managed_zones = optional(map(string), {})
  })
 {} no
email_validation (Optional) The configuration for the Email validation. email_validation as defined below.
(Optional) enabled - Whether to process Email validation by waiting the manual approval. Defaults to false.		 
object({
    enabled = optional(bool, false)
  })
 {} no
key_algorithm (Optional) The algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. RSA is the default key algorithm for ACM certificates. Elliptic Curve Digital Signature Algorithm (ECDSA) keys are smaller, offering security comparable to RSA keys but with greater computing efficiency. However, ECDSA is not supported by all network clients. Some AWS services may require RSA keys, or only support ECDSA keys of a particular size, while others allow the use of either RSA and ECDSA keys to ensure that compatibility is not broken. Supported values are RSA_1024, RSA_2048, RSA_3072, RSA_4096, ECDSA_P256, ECDSA_P384, ECDSA_P521. Defaults to RSA_2048. string "RSA_2048" no
module_tags_enabled (Optional) Whether to create AWS Resource Tags for the module informations. bool true no
resource_group_description (Optional) The description of Resource Group. string "Managed by Terraform." no
resource_group_enabled (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. bool true no
resource_group_name (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with AWS or aws. string "" no
subject_alternative_names (Optional) A list of additional FQDNs (Fully qualified domain names) to be included in SANs of the issued certificate. list(string) [] no
tags (Optional) A map of tags to add to all resources. map(string) {} no
validation_method (Optional) Which method to use for validation. Valid values are DNS or EMAIL. Only support DNS validation method in this module. string "DNS" no

Outputs

Name Description
arn The ARN of the certificate.
certificate_transparency_logging_enabled Whether or not the certificate transparency logging is enabled.
domain_name The domain name for which the certificate is issued.
effective_date Effective date and time of the certificate. Start of the validity period of the certificate.
expiration_date Expiration date and time of the certificate.
id The ID of the certificate.
key_algorithm The algorithm of the public and private key pair to encrypt data.
name The name of the certificate.
renewal The configuration for the certificate renewal.
eligibility - Whether the certificate is eligible for managed renewal.
summary - The information about the status of ACM's managed renewal for the certificate.
status Status of the certificate.
subject_alternative_names The list of additional FQDNs (Fully qualified domain names) to be included in SANs of the issued certificate.
type The type of the certificate.
validation The configuration for the certificate validation.
method - The method to use to validate the domain ownership for requesting a public certificate.
domain_records - A map of domain validation records which can be used to complete certificate validation. Can have more than one element, e.g. if SANs are defined. Only set if validation.method is DNS.
emails - A list of addresses that received a validation E-Mail. Only set if validation.method is EMAIL.