diff --git a/README.md b/README.md
index 2eb8400..2e1c1f5 100644
--- a/README.md
+++ b/README.md
@@ -21,14 +21,15 @@ This module will create cdn endpoint with alias and SSL-certificate and optional
| Name | Source | Version |
|------|--------|---------|
-| [certificate](#module\_certificate) | github.com/terraform-aws-modules/terraform-aws-acm | v5.0.0 |
-| [certificate-validations](#module\_certificate-validations) | github.com/terraform-aws-modules/terraform-aws-acm | v5.0.0 |
-| [cloudfront](#module\_cloudfront) | github.com/terraform-aws-modules/terraform-aws-cloudfront | v3.2.1 |
+| [certificate](#module\_certificate) | github.com/terraform-aws-modules/terraform-aws-acm | v5.0.1 |
+| [certificate-validations](#module\_certificate-validations) | github.com/terraform-aws-modules/terraform-aws-acm | v5.0.1 |
+| [cloudfront](#module\_cloudfront) | github.com/terraform-aws-modules/terraform-aws-cloudfront | v3.4.0 |
## Resources
| Name | Type |
|------|------|
+| [aws_acm_certificate_validation.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate_validation) | resource |
| [aws_cloudfront_function.functions](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_function) | resource |
| [aws_route53_record.additional_records](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
@@ -58,6 +59,7 @@ This module will create cdn endpoint with alias and SSL-certificate and optional
| [s3\_origin\_name](#input\_s3\_origin\_name) | Name of S3-bucket to be used as origin | `string` | `""` | no |
| [s3\_origin\_policy\_restrict\_access](#input\_s3\_origin\_policy\_restrict\_access) | Folder/files to add as an condition to the S3-bucket policy resource | `string` | `"/*"` | no |
| [tags](#input\_tags) | Map of custom tags for the provisioned resources | `map(string)` | `{}` | no |
+| [validation\_timeout](#input\_validation\_timeout) | Define maximum timeout to wait for the validation to complete | `string` | `null` | no |
## Outputs
diff --git a/main.tf b/main.tf
index dd10f78..3f4357b 100644
--- a/main.tf
+++ b/main.tf
@@ -8,6 +8,11 @@ moved {
to = aws_route53_record.this[0]
}
+moved {
+ from = module.certificate.aws_acm_certificate_validation.this[0]
+ to = aws_acm_certificate_validation.this
+}
+
locals {
origin_hostname_options = {
use_host = var.s3_origin_hostname != "" ? var.s3_origin_hostname : null
@@ -73,9 +78,8 @@ data "aws_s3_bucket" "s3_origin" {
}
module "certificate" {
- source = "github.com/terraform-aws-modules/terraform-aws-acm?ref=v5.0.0"
- #for_each = local.r53_map
- tags = var.tags
+ source = "github.com/terraform-aws-modules/terraform-aws-acm?ref=v5.0.1"
+ tags = var.tags
domain_name = local.r53_map["single"].hostname
zone_id = local.r53_map["single"].zone_id
@@ -83,22 +87,23 @@ module "certificate" {
subject_alternative_names = [for s in values(local.r53_map) : s.hostname]
create_route53_records = false
create_certificate = var.create
+ validate_certificate = false
providers = {
aws = aws.us-east-1
}
}
module "certificate-validations" {
- source = "github.com/terraform-aws-modules/terraform-aws-acm?ref=v5.0.0"
+ source = "github.com/terraform-aws-modules/terraform-aws-acm?ref=v5.0.1"
for_each = local.r53_map
tags = var.tags
- domain_name = each.value.hostname
- zone_id = each.value.zone_id
- validation_method = "DNS"
- #subject_alternative_names = [for k,s in values(var.r53_zone_hostname_map) : s.hostname if k > 0]
+ domain_name = each.value.hostname
+ zone_id = each.value.zone_id
+ validation_method = "DNS"
create_route53_records_only = true && var.create
create_certificate = false
+ validate_certificate = false
acm_certificate_domain_validation_options = [for s in module.certificate.acm_certificate_domain_validation_options : s if s.domain_name == each.value.hostname]
providers = {
aws = aws.us-east-1
@@ -106,7 +111,7 @@ module "certificate-validations" {
}
module "cloudfront" {
- source = "github.com/terraform-aws-modules/terraform-aws-cloudfront?ref=v3.2.1"
+ source = "github.com/terraform-aws-modules/terraform-aws-cloudfront?ref=v3.4.0"
tags = var.tags
aliases = [for s in values(local.r53_map) : s.hostname]
@@ -134,7 +139,7 @@ module "cloudfront" {
origin = merge(local.origin_oai, local.origin_oac)
default_cache_behavior = {
- target_origin_id = "s3_origin_oac"
+ target_origin_id = keys(merge(local.origin_oai, local.origin_oac))[0]
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
@@ -222,6 +227,18 @@ resource "aws_route53_record" "additional_records" {
}
}
+resource "aws_acm_certificate_validation" "this" {
+ certificate_arn = module.certificate.acm_certificate_arn
+
+ validation_record_fqdns = flatten([
+ for val in module.certificate-validations : val.validation_route53_record_fqdns
+ ])
+
+ timeouts {
+ create = var.validation_timeout
+ }
+}
+
resource "aws_cloudfront_function" "functions" {
for_each = var.cf_functions
diff --git a/outputs.tf b/outputs.tf
index 296cbc8..35565fa 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,6 +1,6 @@
output "certificate_arn" {
description = "ARN of ACM SSL certificate created for CloudFront"
- value = module.certificate.acm_certificate_arn
+ value = aws_acm_certificate_validation.this.certificate_arn
}
output "cloudfront_arn" {
diff --git a/variables.tf b/variables.tf
index e065e25..f504ba4 100644
--- a/variables.tf
+++ b/variables.tf
@@ -112,3 +112,9 @@ variable "create" {
type = bool
default = true
}
+
+variable "validation_timeout" {
+ description = "Define maximum timeout to wait for the validation to complete"
+ type = string
+ default = null
+}