AFS
/
xdr-terraform-modules


			
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879
							#----------------------------------------------------------------------------
# Private DNS Certificate
#----------------------------------------------------------------------------


resource "aws_acm_certificate" "cert" {
  domain_name       = "sensu.${var.dns_info["private"]["zone"]}"
  validation_method = "DNS"

  lifecycle {
    create_before_destroy = true
  }

  tags = merge(var.standard_tags, var.tags)
}

resource "aws_acm_certificate_validation" "cert" {
  certificate_arn         = aws_acm_certificate.cert.arn
  validation_record_fqdns = [for record in aws_route53_record.cert_validation: record.fqdn]
}

resource "aws_route53_record" "cert_validation" {
  provider = aws.mdr-common-services-commercial

  for_each = {
    for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
      name   = dvo.resource_record_name
      record = dvo.resource_record_value
      type   = dvo.resource_record_type
    }
  }

  allow_overwrite = true
  name            = each.value.name
  records         = [each.value.record]
  ttl             = 60
  type            = each.value.type
  zone_id         = var.dns_info["public"]["zone_id"]
}

#----------------------------------------------------------------------------
# Public DNS Certificate
#----------------------------------------------------------------------------


resource "aws_acm_certificate" "cert_public" {
  domain_name       = "sensu.${var.dns_info["public"]["zone"]}"
  validation_method = "DNS"

  lifecycle {
    create_before_destroy = true
  }

  tags = merge(var.standard_tags, var.tags)
}

resource "aws_acm_certificate_validation" "cert_public" {
  certificate_arn         = aws_acm_certificate.cert_public.arn
  validation_record_fqdns = [for record in aws_route53_record.cert_validation_public: record.fqdn]
}

resource "aws_route53_record" "cert_validation_public" {
  provider = aws.mdr-common-services-commercial

  for_each = {
    for dvo in aws_acm_certificate.cert_public.domain_validation_options : dvo.domain_name => {
      name   = dvo.resource_record_name
      record = dvo.resource_record_value
      type   = dvo.resource_record_type
    }
  }

  allow_overwrite = true
  name            = each.value.name
  records         = [each.value.record]
  ttl             = 60
  type            = each.value.type
  zone_id         = var.dns_info["public"]["zone_id"]
}