diff --git a/terraform/outputs.tf b/terraform/outputs.tf index da4d85c..0214cd1 100644 --- a/terraform/outputs.tf +++ b/terraform/outputs.tf @@ -134,7 +134,7 @@ output "secrets_planet_api_key_policy_arn" { } output "acm_certificate" { - value = aws_acm_certificate.globalforestwatch[0].arn + value = aws_acm_certificate.globalforestwatch_new[0].arn } output "aurora_cluster_instance_class" { diff --git a/terraform/standalone.tf b/terraform/standalone.tf index fd7cd34..fc7b296 100644 --- a/terraform/standalone.tf +++ b/terraform/standalone.tf @@ -1,3 +1,7 @@ +# We generate certificates outside of AWS and manually registered it with the account. +# We imported the existing certificate into TF state +# I suspect ^ is only true of staging/prod, not dev - Daniel + resource "aws_acm_certificate" "globalforestwatch" { domain_name = "*.globalforestwatch.org" validation_method = "DNS" @@ -13,13 +17,28 @@ resource "aws_acm_certificate" "globalforestwatch" { count = 1 } +resource "aws_acm_certificate" "globalforestwatch_new" { + domain_name = "*.globalforestwatch.org" + validation_method = "DNS" + + tags = merge({ + "Name" = "Global Forest Watch Wildcard" + }, + local.tags) + + lifecycle { + create_before_destroy = true + } + count = 1 +} + # Need to create new private keys outside of TF and AWS # Note: Adding new keys will destroy the Bastion host and recreate it with new user data resource "aws_key_pair" "all" { for_each = { jterry_gfw = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCOGcXvYQel176C7gXPPsz8/tOotAJ8yfj4I2e1Uw0KMLgMao/9Yl9DZg9obBO7nG1DiDW9YUt2hpQkB2PpzP5N9yMriL4WXEhLroCWKj/vljRIDZjS3ZG+pPLs2Li9eFLDc0WGb9D+dxVG7Emwg8O/mTVbaAdklC4D1cwKQx7V7kU19K4jTTCA7aqagtI7X6FNh0fJGfVz0aQ01ECZmUNCkVZy+LYhk2wxSDuXV9DIha0akPXZCWqOtICPln+tquM9befLevCcuDpwVOkh1wrAP7EkRQtL8x8lIadenQpHgXoeoNGGp7x10Dywlw2u6Hm4b0mGITu4P1JTf0O2mmDd jterry_gfw", - dmannarino_gfw = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC61msySjQ7S9dKxuqg5V9erJJsUQm1fJCa6pwvZKrfaq1LrmLjvvAwdzOhVEXqQEYYAM00D2eSJyT74VKKdMtpAVnk24PtbtOUy54pqOA+pDuNVOUbL045ZOKqmmoD4omGHBj8jiowmV/zOI9Y1qtlSXoiIT8VQ/uCtKTsY4FMRhBuphpeAWQfEXLI0RfSrw/b7w4pI/zYjzg4mvN17LovS31ZpRWAGK/T6MVyDdeMjF4GEB1P+fjy7tGuKDCTXwGinVKnY8diUihCdyQqQY/Y/5P33NX890F0CX8IGeIWsayk1PNjTw7EJELnJgHVPRYEnz6+Tqru7KmlrVc8V5m7 dmannarino_gfw", + dmannarino_gfw = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCLq0/1vhgRfispsHZHrX2H8Mz/HgtTSOiVlMmaUZE0xYPmTBf0cjpHggEN/vwM7FtAkoqozzkdA9PmlBXYye/7orNBGgOR/kXp2ssmyw80inrrCNgd5u6xKWwsydMXJZgvUHWu8PclM3xDNIkFr44ZwpUUJ4xoOzQNOoDjjL6te9rM6ZDXknQLYNf9gm6Isy584TP/kgtUGeS3megv0b+IE187AdLxllPRWCKp8rIWPBFFbP4TBiqWi5WJSJh+r8Z6DjfU/OTPPFgdiuaXjlHr/eGgKDx6merneLmt+rjb/dOxNbQErRzaCY0mZT9umod1vTZJS/4hV31ieXWr+ntF dmannarino_gfw", snegusse_gfw = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHwKzgoKejAQHhT9Uw8WcXoq8e8YkJ9N4L/fCRkNqarvZfn6uo+u4iq5W0UEVOnjBgANCrCtkmV/z6xlZ6P+ncrqJbimYSfNxE5KAkSvfsCKOfxcKI3y3uoM+SSSC61A4IK4/RgckYcR71KZeQ21/2WyPTnqyJSweseDvyp26fAoGcFjErUJdfU/bYC5PkQ6rg3F2yfVufCvRIRVUf5ZM4tFDgGAosut3sB7xjiplz2vEZAmA9l6f3IcKFEFHAHuje+FFy9lLtG/i3PZD3WICrcAboprw42tnPHXqgP++UTYZHknw5DFfZPtcXV+OON97ObdmgRuWLCDbHFpuuvpOjZ8EiBAHL7gNTcrmx38rsHtWD/yIFBuXFkpHKfGPHrXNBYEaQwKnCBhs5GKuFNNkCPx1M1gOlIAuTDowOcvEjULIeCNdrOVVjVVxkcls00/G6bTmmZIZIOz3v3SqtJBp/0id9P8xPVwMeqkVhH7RvGoSPoYgg2FUkvr/vM5owlb0= solomon.negusse@wri.org", gtempus_gfw = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCEdC0wsDmfQ2OFazxOqOSMn4hULT91irwpqLHpXac4r2xwZD+w+IvdFUouaQKEyI01Gki8uWlLXjfj0HSBrL+PKIwS4KsXkvgnqi/TTh2pJuOUIowV7IyO36ZtTP9wTIBteaG7HtNPTk/KUkdlNg1NA9Ds720OhLkf0Y4x2EUxln7bTaruCPTEP1YrAlmDsjHR3saw+xYKaElZk0SO6FTqd96GLpZ1kNJx/85nV0vV19NoL7MU84XhaVp5D8fNrxw4G6tm5orrUCWdfOA6mCgcYWS2bY/Ukq/zTTFb26irwGUJDAoCSiFQ8ljUlhSW1qoLhITPAjtSszUiTpIPmAst gtempus_gfw"