Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
AFS
/
xdr-terraform-modules
2
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Koks: df47ad828b
Atzari Tagi
xdr-terraform-m...
/
base
/
CA_Infrastructure
/
root_CA
/
ca.tf

ca.tf 1.5 KB
Vēsture Neapstrādāts

12345678910111213141516171819202122232425262728293031323334353637383940414243444546 
  1. resource "aws_acmpca_certificate_authority" "root_CA" {
    2. 

  2.   type = "ROOT"
    3. 

  3.   certificate_authority_configuration {
    4. 

  4.     key_algorithm     = "EC_secp384r1"
    5. 

  5.     signing_algorithm = "SHA512WITHECDSA"
    6. 

  6. 

  7.     subject {
    8. 

  8.       common_name         = "XDR Root CA v2"
    9. 

  9.       country             = "US"
    10. 

  10.       organization        = "Accenture Federal Services"
    11. 

  11.       organizational_unit = "XDR"
    12. 

  12.     }
    13. 

  13.   }
    14. 

  14. 

  15.   revocation_configuration {
    16. 

  16.     crl_configuration {
    17. 

  17.       #custom_cname       = "crl.xdr.accenturefederalcyber.com" # Maybe we want to hide the S3 bucket? Adds cost and complexity so I'm going with YAGNI for now.
    18. 

  18.       enabled            = true
    19. 

  19.       expiration_in_days = 7
    20. 

  20.       s3_bucket_name     = aws_s3_bucket.crl.id
    21. 

  21.     }
    22. 

  22.   }
    23. 

  23. 

  24.   tags       = merge(local.standard_tags, var.tags)
    25. 

  25.   depends_on = [aws_s3_bucket_policy.crl]
    26. 

  26. }
    27. 

  27. 

  28. resource "aws_acmpca_certificate" "root_certificate" {
    29. 

  29.   certificate_authority_arn   = aws_acmpca_certificate_authority.root_CA.arn
    30. 

  30.   certificate_signing_request = aws_acmpca_certificate_authority.root_CA.certificate_signing_request
    31. 

  31.   signing_algorithm           = "SHA512WITHECDSA"
    32. 

  32. 

  33.   template_arn = "arn:${var.aws_partition}:acm-pca:::template/RootCACertificate/V1"
    34. 

  34. 

  35.   validity {
    36. 

  36.     type  = "YEARS"
    37. 

  37.     value = 20
    38. 

  38.   }
    39. 

  39. }
    40. 

  40. 

  41. resource "aws_acmpca_certificate_authority_certificate" "root_certificate" {
    42. 

  42.   certificate_authority_arn = aws_acmpca_certificate_authority.root_CA.arn
    43. 

  43. 

  44.   certificate       = aws_acmpca_certificate.root_certificate.certificate
    45. 

  45.   certificate_chain = aws_acmpca_certificate.root_certificate.certificate_chain
    46. 

  46. }
    47.