This Terraform module creates TLS/SSL certificate in Amazon Certificate Manager (ACM), and validates it with DNS by creating required Route 53 validation record in the given Route 53 hosted zone.
This module creates the following resources:
This module has been upgraded to support Terraform 0.12. The last version compatible with 0.11 is version 2019.2.15.2-8.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| environment | the operational environment of this infrastructure | string | None |
yes |
| cluster | cluster that this infrastructure will operate | string | None |
yes |
| service | service that this cluster will operate | string | None |
yes |
| project | project being worked on | string | None |
yes |
| certificate_name | display name of the ACM certificate | string | None |
yes |
| domain_name | X.509 primary commonName (CN) for which the certificate is issued |
string | None |
yes |
| domain_zone_name | Zone name of the domain_name variable. If not declared the zone name will be extracted from the domain_name. If the domain_name equals the zone name then you MUST use this variable | string | Empty |
no |
| san_zone_map_sandbox | map of X.509 subjectAltNames (SANs) to Route53 DNS zone names; one key per SAN |
map | {} | no |
| san_zone_map_hbogo | map of X.509 subjectAltNames (SANs) to Route53 DNS zone names; one key per SAN |
map | {} | no |
| san_zone_map_nonprod | map of X.509 subjectAltNames (SANs) to Route53 DNS zone names; one key per SAN |
map | {} | no |
| san_zone_map_detoknonprod | map of X.509 subjectAltNames (SANs) to Route53 DNS zone names; one key per SAN |
map | {} | no |
| san_zone_map_detokprod | map of X.509 subjectAltNames (SAN) to Route53 DNS zone names; one key per SAN |
map | {} | no |
| san_zone_map_prod | map of X.509 subjectAltNames (SAN) to Route53 DNS zone names; one key per SAN |
map | {} | no |
| san_zone_map_mgmt | map of X.509 subjectAltNames (SAN) to Route53 DNS zone names; one key per SAN |
map | {} | no |
| flag_certdnsrecord_sandbox | create a DNS record for automatic ACM validation? | bool | false |
no |
| flag_certdnsrecord_hbogo | create a DNS record for automatic ACM validation? | bool | false |
no |
| flag_certdnsrecord_nonprod | create a DNS record for automatic ACM validation? | bool | false |
no |
| flag_certdnsrecord_detoknonprod | create a DNS record for automatic ACM validation? | bool | false |
no |
| flag_certdnsrecord_detokprod | create a DNS record for automatic ACM validation? | bool | false |
no |
| flag_certdnsrecord_prod | create a DNS record for automatic ACM validation? | bool | false |
no |
| flag_certdnsrecord_mgmt | create a DNS record for automatic ACM validation? | bool | false |
no |
| enable_validation | should we run the validation step? (used for testing) | bool | true |
no |
| Name | Description |
|---|---|
| acm_certificate_arn | arn of acm certificate |
| certificate_domains | List of domain names covered by the certificate |
| acm_certificate_dns_validation_records | records which are used to validate acm certificate |
| Name | Description |
|---|---|
| aws | The account the certificaite will be created in |
| aws.dns | The account that the core validation record is created in |
| aws.mgmt | The mgmt account for alternates in the mgmt account |
| aws.nonprod | The nonprod account for alternates in the nonprod account |
| aws.detoknonprod | The detoknonprod account for alternates in the detoknonprod account |
| aws.detokproduction | The detokproduction account for alternates in the detokproduction account |
| aws.sandbox | The sandbox account for alternates in the sandbox account |
| aws.hbogo | The hbogo account for alternates in the hbogo account |
| aws.production | The production account for alternates in the production account |