-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathacm.tf
68 lines (56 loc) · 1.78 KB
/
acm.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# ---------------------------------------------
# Certificate
# ---------------------------------------------
# for tokyo region
resource "aws_acm_certificate" "tokyo_cert" {
domain_name = "*.${var.domain}"
validation_method = "DNS"
tags = {
Name = "${var.project}-${var.environment}-wildcard-sslcert"
Project = var.project
Env = var.environment
}
lifecycle {
create_before_destroy = true
}
depends_on = [
aws_route53_zone.route53_zone
]
}
resource "aws_route53_record" "route53_acm_dns_resolve" {
for_each = {
for dvo in aws_acm_certificate.tokyo_cert.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
type = dvo.resource_record_type
record = dvo.resource_record_value
}
}
allow_overwrite = true
zone_id = aws_route53_zone.route53_zone.id
name = each.value.name
type = each.value.type
ttl = 600
records = [each.value.record]
}
resource "aws_acm_certificate_validation" "cert_valid" {
certificate_arn = aws_acm_certificate.tokyo_cert.arn
validation_record_fqdns = [for record in aws_route53_record.route53_acm_dns_resolve : record.fqdn]
}
# --------------------------------------------------------------------------------------------------------
# for virginia region
resource "aws_acm_certificate" "virginia_cert" {
provider = aws.virginia
domain_name = "*.${var.domain}"
validation_method = "DNS"
tags = {
Name = "${var.project}-${var.environment}-wildcard-sslcert"
Project = var.project
Env = var.environment
}
lifecycle {
create_before_destroy = true
}
depends_on = [
aws_route53_zone.route53_zone
]
}