search

terraform-aws-modules / terraform-aws-apigateway-v2

Terraform module to create AWS API Gateway v2 (HTTP/WebSocket) 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/apigateway-v2/aws
Apache License 2.0
151 stars 203 forks source link

Adding custom domain should not require create_certificate #126

Open mBlomsterberg opened 6 days ago

mBlomsterberg commented 6 days ago

Description

At the moment the module defaults to creating a certificate if custom domain is set. This is misleading as a certificate should be an active decision. Making this behavior problematic because it assumes an action (certificate creation) without explicit user intent. Certificates often come with associated costs, configurations, or compliance requirements, so creating them by default can lead to unintended consequences for the user. Instead, the module should require the user to explicitly opt in to certificate creation, ensuring they are aware of and actively choosing this functionality. This change would align the module's behavior with the principle of least surprise and better support user expectations.

Versions

Reproduction Code [Required]

create_domain_name          = true
 domain_name                     = "example.com" 
 # create_certificate             = false 
 domain_name_certificate_arn = "arn:aws:acm:eregion:accountcertificate/xxxxxxxxxxxx"

Affected resource: aws_apigatewayv2_domain_name


locals {
  create_certificate = local.create_domain_name && var.create_certificate
}

variable "create_certificate" {
  description = "Whether to create a certificate for the domain"
  type        = bool
  default     = true
}