generated from terraform-modules/template_aws_submodules
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
92 additions
and
1 deletion.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,92 @@ | ||
| <!-- BEGIN_TF_DOCS --> | ||
| # About : aws-certificate/acm | ||
|
|
||
| This module creates and ACM certificate, using the general purpose (ca1) ACM-PCA in the local region. It will automatically | ||
| include the DNS name in the SAN. You may add additonal SAN fully qualified domain names, but only DNS names are supported | ||
| in the SAN for an ACM certificate. | ||
|
|
||
| It returns the ACM ARN. | ||
|
|
||
| # Usage | ||
| This shows the module call with how you would use it. | ||
|
|
||
| ```hcl | ||
| module "cert" { | ||
| source = "git@github.e.it.census.gov:terraform-modules/aws-certificates//acm" | ||
| certificate_dns = "test.domain.census.gov" | ||
| contact_email = "cio.engineering.alert.list@census.gov" | ||
| ## optional | ||
| ## add additional names to SAN | ||
| # certificate_san = "otherdomain.domain.census.gov" | ||
| } | ||
| # associating it with the ALB listener | ||
| resource "aws_lb_listener" "app_443" { | ||
| count = module.cert.certificate_arn != null ? 1 : 0 | ||
| load_balancer_arn = aws_lb.app.arn | ||
| port = 443 | ||
| protocol = "HTTPS" | ||
| ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" | ||
| certificate_arn = module.cert.certificate_arn | ||
| default_action { | ||
| type = "forward" | ||
| target_group_arn = aws_lb_target_group.app.arn | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| The output value to look at is `certificate_arn`. This is null if the certificate is incomplete or failed to load into ACM, or | ||
| the ARN if completed. You'll use the ARN for an AWS LB Listener. | ||
|
|
||
| ## Requirements | ||
|
|
||
| | Name | Version | | ||
| |------|---------| | ||
| | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 | | ||
| | <a name="requirement_http"></a> [http](#requirement\_http) | >= 2.1.0 | | ||
| | <a name="requirement_local"></a> [local](#requirement\_local) | >= 2.1.0 | | ||
| | <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.1.0 | | ||
| | <a name="requirement_tls"></a> [tls](#requirement\_tls) | >= 3.1.0 | | ||
|
|
||
| ## Providers | ||
|
|
||
| | Name | Version | | ||
| |------|---------| | ||
| | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 | | ||
|
|
||
| ## Modules | ||
|
|
||
| No modules. | ||
|
|
||
| ## Resources | ||
|
|
||
| | Name | Type | | ||
| |------|------| | ||
| | [aws_acm_certificate.certificate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate) | resource | | ||
| | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | | ||
| | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | ||
| | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | | ||
| | [aws_ssm_parameter.ca_longterm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source | | ||
| | [aws_ssm_parameter.ca_shortterm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source | | ||
|
|
||
| ## Inputs | ||
|
|
||
| | Name | Description | Type | Default | Required | | ||
| |------|-------------|------|---------|:--------:| | ||
| | <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no | | ||
| | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no | | ||
| | <a name="input_certificate_dns"></a> [certificate\_dns](#input\_certificate\_dns) | DNS Name to be used for the certificate. For ACM certificate, the subject and CN may not be customized. | `string` | n/a | yes | | ||
| | <a name="input_certificate_san"></a> [certificate\_san](#input\_certificate\_san) | The Subject Alternate Names (SAN), a list of FQDNs to include in the ACM Certificate. Only DNS names are supported. See docs at https://docs.aws.amazon.com/cli/latest/reference/acm/request-certificate.html | `list(string)` | `[]` | no | | ||
| | <a name="input_contact_email"></a> [contact\_email](#input\_contact\_email) | Email address in @census.gov of contact for the certificate. This is strongly recommended to be a group email address. | `string` | n/a | yes | | ||
| | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no | | ||
| | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no | | ||
|
|
||
| ## Outputs | ||
|
|
||
| | Name | Description | | ||
| |------|-------------| | ||
| | <a name="output_certificate_arn"></a> [certificate\_arn](#output\_certificate\_arn) | ARN of created ACM Certificate | | ||
| <!-- END_TF_DOCS --> |