feat:add new variables to acm module

arzian-cd · arzian-cd · commit 988d1edea208 · 2025-06-04T17:54:02.000Z
diff --git a/examples/generate-certificate-dns/example.tf b/examples/generate-certificate-dns/example.tf
@@ -3,7 +3,7 @@ provider "aws" {
 }
 
 locals {
-  domain = "clouddrove.com"
+  domain = "ld.clouddrove.ca"
 }
 
 ##-----------------------------------------------------------------------------
@@ -12,8 +12,11 @@ locals {
 module "acm" {
   source = "./../../"
 
-  name                      = "certificate"
-  environment               = "test"
-  domain_name               = "clouddrove.com"
-  subject_alternative_names = ["www.${local.domain}", "*.${local.domain}"]
-}
+  name                         = "certificate"
+  environment                  = "test"
+  enable_dns_validation        = true
+  domain_name                  = "ld.clouddrove.ca"
+  subject_alternative_names    = ["www.${local.domain}", "*.${local.domain}"]
+  key_algorithm                = "RSA_2048"
+  transparency_logging_enabled = false
+}
diff --git a/examples/generate-certificate-dns/outputs.tf b/examples/generate-certificate-dns/outputs.tf
@@ -23,4 +23,7 @@ output "validation_route53_record_fqdns" {
   description = "List of FQDNs built using the zone domain and name."
 }
 
-
+output "certificate_transparency_logging_preference" {
+  value       = module.acm
+  description = "Certificate transparency logging preference."
+}
diff --git a/main.tf b/main.tf
@@ -45,6 +45,7 @@ resource "aws_acm_certificate" "cert" {
   domain_name               = var.domain_name
   validation_method         = var.validation_method
   subject_alternative_names = var.subject_alternative_names
+  key_algorithm             = var.key_algorithm
   tags                      = module.labels.tags
 
   dynamic "validation_option" {
@@ -56,6 +57,14 @@ resource "aws_acm_certificate" "cert" {
     }
   }
 
+  dynamic "options" {
+    for_each = var.transparency_logging_enabled != null ? [1] : []
+    content {
+      certificate_transparency_logging_preference = var.transparency_logging_enabled ? "ENABLED" : "DISABLED"
+    }
+  }
+
+
   lifecycle {
     create_before_destroy = true
   }
@@ -65,7 +74,7 @@ resource "aws_acm_certificate" "cert" {
 ## Most commonly, this resource is used together with aws_route53_record and aws_acm_certificate to request a DNS validated certificate, deploy the required validation records and wait for validation to complete.
 ##----------------------------------------------------------------------------------
 resource "aws_acm_certificate_validation" "cert" {
-  count                   = var.enable && var.validate_certificate ? 1 : 0
+  count                   = var.enable && var.enable_dns_validation && var.validate_certificate ? 1 : 0
   certificate_arn         = join("", aws_acm_certificate.cert[*].arn)
   validation_record_fqdns = flatten([aws_route53_record.default[*].fqdn, var.validation_record_fqdns])
 
@@ -84,13 +93,13 @@ data "aws_route53_zone" "default" {
 ## A Route 53 record contains authoritative DNS information for a specified DNS name. DNS records are most commonly used to map a name to an IP Address..
 ##----------------------------------------------------------------------------------
 resource "aws_route53_record" "default" {
-  for_each = {
+  for_each = var.enable_dns_validation ? {
     for record in aws_acm_certificate.cert[0].domain_validation_options[*] : record.domain_name => {
       name   = record.resource_record_name
       record = record.resource_record_value
       type   = record.resource_record_type
     }
-  }
+  } : {}
 
   allow_overwrite = var.allow_overwrite
   name            = each.value.name
diff --git a/outputs.tf b/outputs.tf
@@ -26,8 +26,12 @@ output "acm_certificate_status" {
   description = "Status of the certificate."
 }
 
-
 output "validation_route53_record_fqdns" {
   value       = [for record in aws_route53_record.default : record.fqdn]
   description = "List of FQDNs built using the zone domain and name."
+}
+
+output "certificate_transparency_logging_preference" {
+  value       = try(aws_acm_certificate.cert[0].options[0].certificate_transparency_logging_preference, null)
+  description = "Certificate transparency logging preference."
 }
diff --git a/variables.tf b/variables.tf
@@ -128,4 +128,15 @@ variable "private_zone" {
   description = "Used with name field to get a private Hosted Zone."
 }
 
+variable "key_algorithm" {
+  type        = string
+  default     = null
+  description = "used to generate the public/private key pair for the certificate. Valid values: RSA_2048, RSA_4096, EC_prime256v1, EC_secp384r1, EC_secp521r1."
+}
+
+variable "transparency_logging_enabled" {
+  type        = bool
+  default     = false
+  description = "Whether to enable certificate transparency logging. Defaults to true. Set to false to disable."
+}
 

Original file line number	Diff line number	Diff line change
`@@ -23,4 +23,7 @@ output "validation_route53_record_fqdns" {`
`23`	`23`	`description = "List of FQDNs built using the zone domain and name."`
`24`	`24`	`}`
`25`	`25`
`26`		`-`
	`26`	`+output "certificate_transparency_logging_preference" {`
	`27`	`+ value = module.acm`
	`28`	`+ description = "Certificate transparency logging preference."`
	`29`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -26,8 +26,12 @@ output "acm_certificate_status" {`
`26`	`26`	`description = "Status of the certificate."`
`27`	`27`	`}`
`28`	`28`
`29`		`-`
`30`	`29`	`output "validation_route53_record_fqdns" {`
`31`	`30`	`value = [for record in aws_route53_record.default : record.fqdn]`
`32`	`31`	`description = "List of FQDNs built using the zone domain and name."`
	`32`	`+}`
	`33`	`+`
	`34`	`+output "certificate_transparency_logging_preference" {`
	`35`	`+ value = try(aws_acm_certificate.cert[0].options[0].certificate_transparency_logging_preference, null)`
	`36`	`+ description = "Certificate transparency logging preference."`
`33`	`37`	`}`