From 460cbfa732972c96348038ae1d5b76b65dcb3046 Mon Sep 17 00:00:00 2001 From: Navfarm Date: Mon, 28 Aug 2023 19:15:40 +0800 Subject: [PATCH 1/2] Updating the ACM Module of Custom Domain to use custom key_algorithms --- modules/custom_domain/main.tf | 6 ++++++ modules/custom_domain/variables.tf | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/modules/custom_domain/main.tf b/modules/custom_domain/main.tf index 95ab10d..9b5c7ed 100644 --- a/modules/custom_domain/main.tf +++ b/modules/custom_domain/main.tf @@ -44,6 +44,12 @@ resource "aws_acm_certificate" "cert" { lifecycle { create_before_destroy = true } + + options { + certificate_transparency_logging_preference = "ENABLED" + } + + key_algorithm = var.key_algorithm } moved { diff --git a/modules/custom_domain/variables.tf b/modules/custom_domain/variables.tf index b803bc4..e12afda 100644 --- a/modules/custom_domain/variables.tf +++ b/modules/custom_domain/variables.tf @@ -25,6 +25,12 @@ variable "cert_arn" { default = "" } +variable "key_algorithm" { + description = "Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data" + type = string + default = "EC_prime256v1" +} + variable "path_mappings" { description = "List of stages the usage plan can be used " type = map( From fc7a233cc3b81d2cec10ef698bf94d2a1830efbe Mon Sep 17 00:00:00 2001 From: Navfarm Date: Mon, 28 Aug 2023 20:10:26 +0800 Subject: [PATCH 2/2] Updating the ACM Module of Custom Domain to use custom key_algorithms --- .tflint.hcl | 2 +- modules/custom_domain/README.md | 5 +++-- modules/custom_domain/variables.tf | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.tflint.hcl b/.tflint.hcl index e6e4db9..0c6a7b5 100644 --- a/.tflint.hcl +++ b/.tflint.hcl @@ -1,6 +1,6 @@ plugin "aws" { enabled = true - version = "0.13.2" + version = "0.24.1" source = "github.com/terraform-linters/tflint-ruleset-aws" } diff --git a/modules/custom_domain/README.md b/modules/custom_domain/README.md index 8def765..04b6790 100644 --- a/modules/custom_domain/README.md +++ b/modules/custom_domain/README.md @@ -12,13 +12,13 @@ Provisions option to create ACM certifcation. Cert validation needs to be done o | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | ~> 4.0 | +| [aws](#requirement\_aws) | >= 4.67.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | 4.67.0 | +| [aws](#provider\_aws) | 5.14.0 | ## Modules @@ -41,6 +41,7 @@ No modules. | [create\_acm\_cert](#input\_create\_acm\_cert) | Create ACM cert. create\_acm\_cert and cert\_arn Mutually exclusive. | `bool` | `false` | no | | [domain\_name](#input\_domain\_name) | Custom domain name | `string` | n/a | yes | | [endpoint\_type](#input\_endpoint\_type) | Endpoint type. | `string` | `"REGIONAL"` | no | +| [key\_algorithm](#input\_key\_algorithm) | Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data | `string` | `"RSA_2048"` | no | | [path\_mappings](#input\_path\_mappings) | List of stages the usage plan can be used | 
map(
    object({
      api_id     = string
      stage_name = string
      base_path  = string
    })
  )
| n/a | yes | | [security\_policy](#input\_security\_policy) | TLS Security Policy for the domain | `string` | `"TLS_1_2"` | no | diff --git a/modules/custom_domain/variables.tf b/modules/custom_domain/variables.tf index e12afda..b48fbf0 100644 --- a/modules/custom_domain/variables.tf +++ b/modules/custom_domain/variables.tf @@ -28,7 +28,7 @@ variable "cert_arn" { variable "key_algorithm" { description = "Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data" type = string - default = "EC_prime256v1" + default = "RSA_2048" } variable "path_mappings" {