search

terraform-aws-modules / terraform-aws-acm

Terraform module to create AWS ACM resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/acm/aws
Apache License 2.0
182 stars 229 forks source link

feat: Cross-account DNS and ACM resource creation #108

Closed dannyibishev closed 2 years ago

dannyibishev commented 2 years ago

Description

The proposed changes will allow both cross-account and single account ACM creation with DNS validation.

Motivation and Context

I needed to create my ACM certificates in account B but my hosted zone belongs to Account A. These changes allowed me to meet this requirement.

Breaking Changes

I believe the two providers will now always be required and need to be explicitly passed down.

In the module call, people will now need to pass the providers block with the two required providers.

  providers = {
    aws.acm = aws.account_b,
    aws.dns = aws.account_a
  }

or if they use a single account then the following block should still work

  providers = {
    aws.acm = aws,
    aws.dns = aws
  }

How Has This Been Tested?

I have tested by calling the fork with my branch

module "acm" {
  source = "git@github.com:Pod-Point/terraform-aws-acm.git?ref=patch-cross-account-provider"

  providers = {
    aws.acm = aws.<ommited>,
    aws.dns = aws.<ommited>
  }

  domain_name = var.project_domain
  zone_id     = var.pod_point_hosted_zone_id

  subject_alternative_names = var.additional_aliased_domains

  wait_for_validation                = true
  validation_allow_overwrite_records = false
}
github-actions[bot] commented 2 years ago

This PR has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this PR will be closed in 10 days

dannyibishev commented 2 years ago

Any chance this can be looked at

Fodoj commented 2 years ago

Would be great to see this one merged! How does it handle the case of using single account? Does the user still need to path 2 providers even if it's the same one?

mustafa89 commented 2 years ago

@antonbabenko any chance this can be merged?

antonbabenko commented 2 years ago

This issue has been resolved in version 4.1.0 :tada:

mputilin commented 2 years ago

Thanks for the feature! Already updated our code - works like a charm. No need to create validation records manually anymore.

antonbabenko commented 2 years ago

Thank you for the confirmation, @mputilin !

github-actions[bot] commented 1 year ago

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.