From 05cd8488b78e662e5527071cb2e2f139d4e74484 Mon Sep 17 00:00:00 2001 From: artpasut Date: Fri, 25 Mar 2022 12:09:26 +0700 Subject: [PATCH] initial acm module --- .editorconfig | 31 ++++++++++++++++ .gitignore | 66 ++++++++++++++++++++++++++++++++++ .pre-commit-config.yaml | 29 +++++++++++++++ README.md | 79 +++++++++++++++++++++++++++++++++++++++++ locals.tf | 4 +++ main.tf | 22 ++++++++++++ outputs.tf | 4 +++ variables.tf | 9 +++++ versions.tf | 10 ++++++ 9 files changed, 254 insertions(+) create mode 100644 .editorconfig create mode 100644 .gitignore create mode 100644 .pre-commit-config.yaml create mode 100644 locals.tf create mode 100644 main.tf create mode 100644 outputs.tf create mode 100644 variables.tf create mode 100644 versions.tf diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..a6acfd7 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,31 @@ +# EditorConfig is awesome: http://EditorConfig.org +# Uses editorconfig to maintain consistent coding styles + +# top-most EditorConfig file +root = true + +# Unix-style newlines with a newline ending every file +[*] +charset = utf-8 +end_of_line = lf +indent_size = 2 +indent_style = space +insert_final_newline = true +max_line_length = 80 +trim_trailing_whitespace = true + +[*.{tf,tfvars}] +indent_size = 2 +indent_style = space + +[*.md] +max_line_length = 0 +trim_trailing_whitespace = false + +# Tab indentation (no size specified) +[Makefile] +tab_width = 2 +indent_style = tab + +[COMMIT_EDITMSG] +max_line_length = 0 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..50955f8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,66 @@ +.DS_Store +example/ + +.terraform.lock.hcl + +# Created by https://www.toptal.com/developers/gitignore/api/terraform,visualstudiocode +# Edit at https://www.toptal.com/developers/gitignore?templates=terraform,visualstudiocode + +### Terraform ### +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +# +*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc + +### VisualStudioCode ### +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +!.vscode/*.code-snippets + +# Local History for Visual Studio Code +.history/ + +# Built Visual Studio Code Extensions +*.vsix + +### VisualStudioCode Patch ### +# Ignore all local history of files +.history +.ionide + +# Support for Project snippet scope + +# End of https://www.toptal.com/developers/gitignore/api/terraform,visualstudiocode diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..093121e --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,29 @@ +repos: + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.62.3 + hooks: + - id: terraform_fmt + - id: terraform_validate + - id: terraform_docs + args: + - '--args=--lockfile=false' + - id: terraform_tflint + args: + - '--args=--only=terraform_deprecated_interpolation' + - '--args=--only=terraform_deprecated_index' + - '--args=--only=terraform_unused_declarations' + - '--args=--only=terraform_comment_syntax' + - '--args=--only=terraform_documented_outputs' + - '--args=--only=terraform_documented_variables' + - '--args=--only=terraform_typed_variables' + - '--args=--only=terraform_module_pinned_source' + - '--args=--only=terraform_naming_convention' + - '--args=--only=terraform_required_version' + - '--args=--only=terraform_required_providers' + - '--args=--only=terraform_standard_module_structure' + - '--args=--only=terraform_workspace_remote' + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.1.0 + hooks: + - id: check-merge-conflict + - id: end-of-file-fixer diff --git a/README.md b/README.md index 6a1b5fb..68335ac 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,81 @@ # terraform-aws-acm + AWS Certificate manager Terraform + +## Usage + +```terraform +provider "aws" { + alias = "virginia" + region = "us-east-1" + access_key = var.aws_virginia_access_key + secret_key = var.aws_virginia_secret_key +} + +provider "aws" { + alias = "singapore" + region = "ap-southeast-1" + access_key = var.aws_singapore_access_key + secret_key = var.aws_singapore_secret_key +} + +module "acm_singapore" { + source = "" + providers = { + aws = aws.singapore + } + acm_domain_name = ["domain1", "domain2"] + route53_zone_id = "" +} + +module "acm_virginia" { + source = "" + providers = { + aws = aws.virginia + } + acm_domain_name = ["domain1", "domain2"] + route53_zone_id = "" +} +``` + + + +## Requirements + +| Name | Version | +| ------------------------------------------------------------------------ | -------- | +| [terraform](#requirement_terraform) | >= 1.0.0 | +| [aws](#requirement_aws) | >= 4.0.0 | + +## Providers + +| Name | Version | +| ------------------------------------------------ | -------- | +| [aws](#provider_aws) | >= 4.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +| --------------------------------------------------------------------------------------------------------------------------------------------- | -------- | +| [aws_acm_certificate.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate) | resource | +| [aws_acm_certificate_validation.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate_validation) | resource | +| [aws_route53_record.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +| ------------------------------------------------------------------------------ | ---------------------------------------------------- | -------------- | ------- | :------: | +| [acm_domain_name](#input_acm_domain_name) | Domain name for request certificate. | `list(string)` | n/a | yes | +| [route53_zone_id](#input_route53_zone_id) | Hosted zone ID matches with domain name certificate. | `string` | n/a | yes | + +## Outputs + +| Name | Description | +| -------------------------------------------------------------------------------- | --------------- | +| [certificate_arn](#output_certificate_arn) | Certificate ARN | + + diff --git a/locals.tf b/locals.tf new file mode 100644 index 0000000..4bef2c0 --- /dev/null +++ b/locals.tf @@ -0,0 +1,4 @@ +locals { + domains_validation_options_set_index = { for index, value in aws_acm_certificate.this : index => [for index, value in value.domain_validation_options : value] } + domains_validation_options = { for index, value in local.domains_validation_options_set_index : index => value[0] } +} diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..23dcbe0 --- /dev/null +++ b/main.tf @@ -0,0 +1,22 @@ +resource "aws_acm_certificate" "this" { + for_each = { for index, domain in var.acm_domain_name : index => domain } + domain_name = each.value + validation_method = "DNS" +} + +resource "aws_route53_record" "this" { + for_each = local.domains_validation_options + + allow_overwrite = true + name = each.value.resource_record_name + records = [each.value.resource_record_value] + ttl = 60 + type = each.value.resource_record_type + zone_id = var.route53_zone_id +} + +resource "aws_acm_certificate_validation" "this" { + count = length(aws_route53_record.this) + certificate_arn = aws_acm_certificate.this[count.index].arn + validation_record_fqdns = [aws_route53_record.this[count.index].fqdn] +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..d7d93f3 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,4 @@ +output "certificate_arn" { + value = aws_acm_certificate_validation.this[*].certificate_arn + description = "Certificate ARN" +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..0e12a63 --- /dev/null +++ b/variables.tf @@ -0,0 +1,9 @@ +variable "acm_domain_name" { + description = "Domain name for request certificate." + type = list(string) +} + +variable "route53_zone_id" { + description = "Hosted zone ID matches with domain name certificate." + type = string +} diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..97f0cf5 --- /dev/null +++ b/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.0.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.0.0" + } + } +}