Domovská stránka Prehľadávať Pomoc
Registrovať Prihlásiť sa
AFS
/
xdr-terraform-modules
2
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Strom: 041220532e
Branche Tagy
xdr-terraform-m...
/
base
/
github
/
certificate.tf

certificate.tf 2.4 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 
  1. #----------------------------------------------------------------------------
    2. 

  2. # Private DNS Certificate
    3. 

  3. #----------------------------------------------------------------------------
    4. 

  4. resource "aws_acm_certificate" "cert" {
    5. 

  5.   domain_name       = "*.github.${var.dns_info["private"]["zone"]}"
    6. 

  6.   validation_method = "DNS"
    7. 

  7. 

  8.   subject_alternative_names = [
    9. 

  9.     "github.${var.dns_info["private"]["zone"]}"
    10. 

  10.   ]
    11. 

  11. 

  12.   tags = merge(var.standard_tags, var.tags)
    13. 

  13. }
    14. 

  14. 

  15. resource "aws_acm_certificate_validation" "cert" {
    16. 

  16.   certificate_arn         = aws_acm_certificate.cert.arn
    17. 

  17.   validation_record_fqdns = [for record in aws_route53_record.cert_validation: record.fqdn]
    18. 

  18. }
    19. 

  19. 

  20. resource "aws_route53_record" "cert_validation" {
    21. 

  21.   provider = aws.mdr-common-services-commercial
    22. 

  22. 

  23.   for_each = {
    24. 

  24.     for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
    25. 

  25.       name   = dvo.resource_record_name
    26. 

  26.       record = dvo.resource_record_value
    27. 

  27.       type   = dvo.resource_record_type
    28. 

  28.     }
    29. 

  29.   }
    30. 

  30. 

  31.   allow_overwrite = true
    32. 

  32.   name            = each.value.name
    33. 

  33.   records         = [each.value.record]
    34. 

  34.   ttl             = 60
    35. 

  35.   type            = each.value.type
    36. 

  36.   zone_id         = var.dns_info["public"]["zone_id"]
    37. 

  37. }
    38. 

  38. 

  39. #----------------------------------------------------------------------------
    40. 

  40. # Public DNS Certificate
    41. 

  41. #----------------------------------------------------------------------------
    42. 

  42. resource "aws_acm_certificate" "cert_public" {
    43. 

  43.   domain_name       = "*.github.${var.dns_info["public"]["zone"]}"
    44. 

  44.   validation_method = "DNS"
    45. 

  45. 

  46.   subject_alternative_names = [
    47. 

  47.     "github.${var.dns_info["public"]["zone"]}"
    48. 

  48.   ]
    49. 

  49. 

  50.   tags = merge(var.standard_tags, var.tags)
    51. 

  51. }
    52. 

  52. 

  53. resource "aws_acm_certificate_validation" "cert_public" {
    54. 

  54.   certificate_arn         = aws_acm_certificate.cert_public.arn
    55. 

  55.   validation_record_fqdns = [for record in aws_route53_record.cert_validation_public: record.fqdn]
    56. 

  56. }
    57. 

  57. 

  58. resource "aws_route53_record" "cert_validation_public" {
    59. 

  59.   provider = aws.mdr-common-services-commercial
    60. 

  60. 

  61.   for_each = {
    62. 

  62.     for dvo in aws_acm_certificate.cert_public.domain_validation_options : dvo.domain_name => {
    63. 

  63.       name   = dvo.resource_record_name
    64. 

  64.       record = dvo.resource_record_value
    65. 

  65.       type   = dvo.resource_record_type
    66. 

  66.     }
    67. 

  67.   }
    68. 

  68. 

  69.   allow_overwrite = true
    70. 

  70.   name            = each.value.name
    71. 

  71.   records         = [each.value.record]
    72. 

  72.   ttl             = 60
    73. 

  73.   type            = each.value.type
    74. 

  74.   zone_id         = var.dns_info["public"]["zone_id"]
    75. 

  75. }
    76.