Domovská stránka Prehľadávať Pomoc
Registrovať Prihlásiť sa
AFS
/
xdr-terraform-modules
2
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Prechádzať zdrojové kódy

Merge pull request #235 from mdr-engineering/feature/ftd_MSOCI-1799_RedoAs3072Bit

Updates CA Infrastructure to Use EC Crypto and Better Names
Frederick Damstra 4 rokov pred
rodič
4404253102 743739c3a0
commit
f867a1eed7
4 zmenil súbory, kde vykonal 13 pridanie a 9 odobranie
Rozdelené zobrazenie Ukázať štatistiku rozdielnych dát
  1. 4 5
      base/CA_Infrastructure/root_CA/ca.tf
  2. 4 4
      base/CA_Infrastructure/subordinate_CA/ca.tf
  3. 0 0
      base/CA_Infrastructure/subordinate_CA/main.tf
  4. 5 0
      base/CA_Infrastructure/subordinate_CA/vars.tf

+ 4 - 5
base/CA_Infrastructure/root_CA/ca.tf
Zobraziť súbor 

@@ -1,15 +1,14 @@
 
 resource "aws_acmpca_certificate_authority" "root_CA" {
 
   type = "ROOT"
 
   certificate_authority_configuration {
 
-    key_algorithm     = "RSA_4096"
 
-    signing_algorithm = "SHA512WITHRSA"
 
+    key_algorithm     = "EC_secp384r1"
 
+    signing_algorithm = "SHA512WITHECDSA"
 
 
     subject {
 
-      common_name = "XDR Root CA"
 
+      common_name = "XDR Root CA v2"
 
       country = "US"
 
       organization = "Accenture Federal Services"
 
       organizational_unit = "XDR"
 
-      
     }
 
   }
 
 
@@ -29,7 +28,7 @@ resource "aws_acmpca_certificate_authority" "root_CA" {
 
 resource "aws_acmpca_certificate" "root_certificate" {
 
   certificate_authority_arn   = aws_acmpca_certificate_authority.root_CA.arn
 
   certificate_signing_request = aws_acmpca_certificate_authority.root_CA.certificate_signing_request
 
-  signing_algorithm           = "SHA512WITHRSA"
 
+  signing_algorithm           = "SHA512WITHECDSA"
 
 
   template_arn = "arn:${var.aws_partition}:acm-pca:::template/RootCACertificate/V1"

+ 4 - 4
base/CA_Infrastructure/subordinate_CA/ca.tf
Zobraziť súbor 

@@ -9,7 +9,7 @@ resource "aws_acmpca_certificate_authority_certificate" "subordinate" {
 
 resource "aws_acmpca_certificate" "subordinate" {
 
   certificate_authority_arn   = var.root_authority_arn
 
   certificate_signing_request = aws_acmpca_certificate_authority.subordinate.certificate_signing_request
 
-  signing_algorithm           = "SHA512WITHRSA"
 
+  signing_algorithm           = "SHA512WITHECDSA"
 
 
   template_arn = "arn:${var.aws_partition}:acm-pca:::template/SubordinateCACertificate_PathLen0/V1"
 
 
@@ -24,11 +24,11 @@ resource "aws_acmpca_certificate_authority" "subordinate" {
 
   type = "SUBORDINATE"
 
 
   certificate_authority_configuration {
 
-    key_algorithm     = "RSA_2048"
 
-    signing_algorithm = "SHA512WITHRSA"
 
+    key_algorithm     = "EC_secp384r1"
 
+    signing_algorithm = "SHA512WITHECDSA"
 
 
     subject {
 
-      common_name = "XDR Subordinate CA #1"
 
+      common_name = "XDR ${var.purpose} Subordinate CA v2"
 
       country = "US"
 
       organization = "Accenture Federal Services"
 
       organizational_unit = "XDR"

+ 0 - 0
base/CA_Infrastructure/subordinate_CA/main.tf
Zobraziť súbor


+ 5 - 0
base/CA_Infrastructure/subordinate_CA/vars.tf
Zobraziť súbor 

@@ -1,3 +1,8 @@
 
+variable "purpose" { 
+  description = "String that will be appended to the CN that describes the purpose of this subordinate cert."
 
+  type = string
 
+}
 
+
 
 variable "c2_accounts" { type = map }
 
 variable "root_authority_arn" { type = string }