From 5e879d64f7441a78de9b0ae3383be64d2fe36a79 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Fri, 31 May 2024 09:31:38 -0400
Subject: [PATCH] udpate validity_days condition

---
 acmpca-iam-rolesanywhere/README.md    | 2 +-
 acmpca-iam-rolesanywhere/variables.tf | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/acmpca-iam-rolesanywhere/README.md b/acmpca-iam-rolesanywhere/README.md
index 86e8d59..cdf7368 100644
--- a/acmpca-iam-rolesanywhere/README.md
+++ b/acmpca-iam-rolesanywhere/README.md
@@ -133,7 +133,7 @@ certificate_subject = {
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
 | <a name="input_role_name"></a> [role\_name](#input\_role\_name) | IAM RolesAnywhere Role Name (including r- prefix if necessary) | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
-| <a name="input_validity_days"></a> [validity\_days](#input\_validity\_days) | Number of days for which the certificate is valid. For the short lived certificate, this must be <= 7 | `number` | `365` | no |
+| <a name="input_validity_days"></a> [validity\_days](#input\_validity\_days) | Number of days for which the certificate is valid, 1 to 365. For the short lived certificate, this must be <= 7. Default is 365 days (also the maximum). | `number` | `365` | no |
 
 ## Outputs
 
diff --git a/acmpca-iam-rolesanywhere/variables.tf b/acmpca-iam-rolesanywhere/variables.tf
index 7652c8f..43b7799 100644
--- a/acmpca-iam-rolesanywhere/variables.tf
+++ b/acmpca-iam-rolesanywhere/variables.tf
@@ -9,13 +9,13 @@ variable "contact_email" {
 }
 
 variable "validity_days" {
-  description = "Number of days for which the certificate is valid. For the short lived certificate, this must be <= 7"
+  description = "Number of days for which the certificate is valid, 1 to 365. For the short lived certificate, this must be <= 7. Default is 365 days (also the maximum)."
   type        = number
   default     = 365
 
   validation {
-    condition     = var.validity_days > 0
-    error_message = "validity_days must be larger than 0."
+    condition     = var.validity_days > 0 && var.validity_days <= 365
+    error_message = "validity_days must be larger than 0 and less than or equal to 365 (1 year)."
   }
 }