Feat: Add new attributes to AWS ACM Certificate resource

Author: arzian-cd

examples/generate-certificate-dns/example.tf

@@ -12,8 +12,12 @@ locals {
 module "acm" {
   source = "./../../"
 
-  name                      = "certificate"
-  environment               = "test"
-  domain_name               = "clouddrove.com"
-  subject_alternative_names = ["www.${local.domain}", "*.${local.domain}"]
+  name                         = "certificate"
+  environment                  = "test"
+  domain_name                  = "clouddrove.com"
+  subject_alternative_names    = ["www.${local.domain}", "*.${local.domain}"]
+  key_algorithm                = "RSA_2048"
+  transparency_logging_enabled = false
 }
+
+

examples/generate-certificate-dns/outputs.tf

@@ -23,4 +23,7 @@ output "validation_route53_record_fqdns" {
   description = "List of FQDNs built using the zone domain and name."
 }
 
-
+output "certificate_transparency_logging_preference" {
+  value       = module.acm.certificate_transparency_logging_preference
+  description = "Certificate transparency logging preference."
+}

main.tf

@@ -45,6 +45,7 @@ resource "aws_acm_certificate" "cert" {
   domain_name               = var.domain_name
   validation_method         = var.validation_method
   subject_alternative_names = var.subject_alternative_names
+  key_algorithm             = var.key_algorithm
   tags                      = module.labels.tags
 
   dynamic "validation_option" {
@@ -56,6 +57,14 @@ resource "aws_acm_certificate" "cert" {
     }
   }
 
+  dynamic "options" {
+    for_each = var.transparency_logging_enabled != null ? [1] : []
+    content {
+      certificate_transparency_logging_preference = var.transparency_logging_enabled ? "ENABLED" : "DISABLED"
+    }
+  }
+
+
   lifecycle {
     create_before_destroy = true
   }

outputs.tf

@@ -26,8 +26,12 @@ output "acm_certificate_status" {
   description = "Status of the certificate."
 }
 
-
 output "validation_route53_record_fqdns" {
   value       = [for record in aws_route53_record.default : record.fqdn]
   description = "List of FQDNs built using the zone domain and name."
+}
+
+output "certificate_transparency_logging_preference" {
+  value       = try(aws_acm_certificate.cert[0].options[0].certificate_transparency_logging_preference, null)
+  description = "Certificate transparency logging preference."
 }

variables.tf

@@ -128,4 +128,15 @@ variable "private_zone" {
   description = "Used with name field to get a private Hosted Zone."
 }
 
+variable "key_algorithm" {
+  type        = string
+  default     = null
+  description = "used to generate the public/private key pair for the certificate. Valid values: RSA_2048, RSA_4096, EC_prime256v1, EC_secp384r1, EC_secp521r1."
+}
+
+variable "transparency_logging_enabled" {
+  type        = bool
+  default     = false
+  description = "Whether to enable certificate transparency logging. Defaults to true. Set to false to disable."
+}