Feature: Add ability to create CA Audit Report

[japm94]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

It's not possible even if using CloudFormation to create a certificate authority audit report, only using AWS Console or CLI.

New or Affected Resource(s)

• aws_acmpca_certificate_authority

Potential Terraform Configuration

resource "aws_acmpca_certificate_authority_audit_report" "example" {
    audit_report_response_format = "JSON"
    s3_bucket_name               = aws_s3_bucket.example.id
    certificate_authority_arn    = aws_acmpca_certificate_authority.example.arn
    depends_on                   = [aws_s3_bucket.example.id]
}

References

• AWS Golang SDK
• AWS ACM PCA

[mattburgess]

Hi @japm94 - I'm interested in the use case here. From what I can tell from the documentation, this doesn't seem particularly well suited to being controlled via Terraform. For example, once your aws_acmpa_certificate_authority_audit_report.example resource has been created what is going to trigger another report to be generated? I'm presuming here that you would want them generated on a frequent/regular basis?

The API is also missing the ability to update and delete audit reports, which the Terraform provider will normally expect to be present in order to fully manage these resources. Those omissions are likely by design - this is an audit report after all so modifications are generally frowned upon and deletions need to be handled with care.

Given the above, I suspect this may well be why you've found no support for this in CloudFormation either.

[japm94]

Hi @mattburgess, thank you for the explanation.

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!