diff --git a/acmpca-eks-cert-manager/README.md b/acmpca-eks-cert-manager/README.md index de7072c..a55081e 100644 --- a/acmpca-eks-cert-manager/README.md +++ b/acmpca-eks-cert-manager/README.md @@ -5,7 +5,7 @@ This module creates an ACM-PCA certificate, using the `acmpca` submodule in this EKS setup for cert-manager. See the general [documentation](../acmpca) for more low-level details. All the requirements and pre-requisities for the for the [acmpca](../acmpca) submodule apply to this submodule. -This creates a certificate with the subject of **C=US,O=U.S. Census Bureau,OU=PKI-EKS,CN={clustername} Issuer {region\_short}**. +This creates a certificate with the subject of **C=US,O=U.S. Census Bureau,OU=PKI-EKS,CN={region\_short} {clustername} Issuer**. This module returns: diff --git a/acmpca-eks-cert-manager/main.tf b/acmpca-eks-cert-manager/main.tf index 5b85b4e..6b0a1fa 100644 --- a/acmpca-eks-cert-manager/main.tf +++ b/acmpca-eks-cert-manager/main.tf @@ -5,7 +5,7 @@ * EKS setup for cert-manager. See the general [documentation](../acmpca) for more low-level details. All the requirements and pre-requisities * for the for the [acmpca](../acmpca) submodule apply to this submodule. * -* This creates a certificate with the subject of **C=US,O=U.S. Census Bureau,OU=PKI-EKS,CN={clustername} Issuer {region_short}**. +* This creates a certificate with the subject of **C=US,O=U.S. Census Bureau,OU=PKI-EKS,CN={region_short} {clustername} Issuer**. * * This module returns: * @@ -29,11 +29,16 @@ locals { module "certificate" { source = "../acmpca" - certificate_cn = format("%v Issuer %v", var.cluster_name, local.region_short) + certificate_cn = format("%v %v Issuer", local.region_short, var.cluster_name) contact_email = var.contact_email create_files = false certificate_authority_mode = "general" certificate_type = "subordinate-ca" certificate_subject_overrides = { ou = "PKI-EKS" } validity_days = 365 + + tags = merge( + var.tags, + local.base_tags, + ) }