Added ACM (#3)

goruha · web-flow · commit 8a3f61703437 · 2019-03-18T07:03:15.000+06:00
* Added ACM
diff --git a/README.md b/README.md
@@ -83,11 +83,13 @@ Available targets:
   lint                                Lint terraform code
 
 ```
-
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| acm_enabled | Set to false to prevent the acm module from creating any resources | string | `true` | no |
+| acm_primary_domain | A domain name for which the certificate should be issued | string | - | yes |
+| acm_san_domains | A list of domains that should be SANs in the issued certificate | list | `<list>` | no |
 | attributes | Additional attributes (e.g. `1`) | list | `<list>` | no |
 | chamber_format | Format to store parameters in SSM, for consumption with chamber | string | `/%s/%s` | no |
 | chamber_service | `chamber` service name. See [chamber usage](https://github.com/segmentio/chamber#usage) for more details | string | `` | no |
@@ -133,6 +135,8 @@ Available targets:
 
 | Name | Description |
 |------|-------------|
+| acm_arn | The ARN of the certificate |
+| acm_domain_validation_options | CNAME records that are added to the DNS zone to complete certificate validation |
 | aurora_postgres_cluster_name | Aurora Postgres Cluster Identifier |
 | aurora_postgres_database_name | Aurora Postgres Database name |
 | aurora_postgres_master_hostname | Aurora Postgres DB Master hostname |
diff --git a/acm.tf b/acm.tf
@@ -0,0 +1,36 @@
+variable "acm_enabled" {
+  description = "Set to false to prevent the acm module from creating any resources"
+  default     = "true"
+}
+
+variable "acm_primary_domain" {
+  description = "A domain name for which the certificate should be issued"
+}
+
+variable "acm_san_domains" {
+  type = "list"
+  default =  []
+  description = "A list of domains that should be SANs in the issued certificate"
+}
+
+resource "aws_acm_certificate" "default" {
+  count                     = "${var.acm_enabled ? 1 : 0}"
+  domain_name               = "${var.acm_primary_domain}"
+  validation_method         = "DNS"
+  subject_alternative_names = ["${var.acm_san_domains}"]
+  tags                      = "${var.tags}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+output "acm_arn" {
+  value       = "${join("", aws_acm_certificate.default.*.arn)}"
+  description = "The ARN of the certificate"
+}
+
+output "acm_domain_validation_options" {
+  value       = "${flatten(aws_acm_certificate.default.*.domain_validation_options)}"
+  description = "CNAME records that are added to the DNS zone to complete certificate validation"
+}
diff --git a/docs/terraform.md b/docs/terraform.md
@@ -1,8 +1,10 @@
-
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| acm_enabled | Set to false to prevent the acm module from creating any resources | string | `true` | no |
+| acm_primary_domain | A domain name for which the certificate should be issued | string | - | yes |
+| acm_san_domains | A list of domains that should be SANs in the issued certificate | list | `<list>` | no |
 | attributes | Additional attributes (e.g. `1`) | list | `<list>` | no |
 | chamber_format | Format to store parameters in SSM, for consumption with chamber | string | `/%s/%s` | no |
 | chamber_service | `chamber` service name. See [chamber usage](https://github.com/segmentio/chamber#usage) for more details | string | `` | no |
@@ -48,6 +50,8 @@
 
 | Name | Description |
 |------|-------------|
+| acm_arn | The ARN of the certificate |
+| acm_domain_validation_options | CNAME records that are added to the DNS zone to complete certificate validation |
 | aurora_postgres_cluster_name | Aurora Postgres Cluster Identifier |
 | aurora_postgres_database_name | Aurora Postgres Database name |
 | aurora_postgres_master_hostname | Aurora Postgres DB Master hostname |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -8,7 +8,6 @@ module "vpc" {
   stage      = "${var.stage}"
   name       = "${var.name}"
   attributes = "${var.attributes}"
-  tags       = "${local.tags}"
   cidr_block = "${var.vpc_cidr_block}"
 }
 
@@ -19,7 +18,6 @@ module "subnets" {
   stage               = "${var.stage}"
   name                = "${var.name}"
   attributes          = "${var.attributes}"
-  tags                = "${local.tags}"
   region              = "${var.region}"
   vpc_id              = "${module.vpc.vpc_id}"
   igw_id              = "${module.vpc.igw_id}"
@@ -28,7 +26,7 @@ module "subnets" {
 }
 
 module "codefresh_backing_services" {
-  source          = "git::https://github.com/cloudposse/terraform-aws-codefresh-backing-services.git?ref=0.1.0"
+  source          = "../../"
   enabled         = "true"
   name            = "${var.name}"
   namespace       = "${var.namespace}"
@@ -38,6 +36,10 @@ module "codefresh_backing_services" {
   subnet_ids      = ["${module.subnets.private_subnet_ids}"]
   security_groups = ["${module.vpc.vpc_default_security_group_id}"]
 
+  acm_enabled        = "true"
+  acm_primary_domain = "example.com"
+  acm_san_domains    = ["*.example.com"]
+
   chamber_format  = "/%s/%s"
   chamber_service = "codefresh-backing-services"
   kms_key_id      = "${format("alias/%s-%s-chamber", var.namespace, var.stage)}"
