Added letsencrypt template

figurate · Sep 5, 2020 · 1eea428 · 1eea428
1 parent fba2edd
commit 1eea428
Show file tree

Hide file tree

Showing 5 changed files with 69 additions and 0 deletions.
diff --git a/modules/letsencrypt/README.md b/modules/letsencrypt/README.md
@@ -0,0 +1,25 @@
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| acme | n/a |
+| tls | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| common\_name | Certificate common name | `any` | n/a | yes |
+| email\_address | Email address associated with Letsencrypt certificate | `any` | n/a | yes |
+| server\_url | URL of the Letsencrypt server | `string` | `"https://acme-staging-v02.api.letsencrypt.org/directory"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| certificate\_arn | ARN of generated ACM certificate |
+
diff --git a/modules/letsencrypt/main.tf b/modules/letsencrypt/main.tf
@@ -0,0 +1,25 @@
+resource "tls_private_key" "ca_cert" {
+  algorithm = "RSA"
+}
+
+resource "acme_registration" "registration" {
+  account_key_pem = tls_private_key.ca_cert.private_key_pem
+  email_address   = var.email_address
+}
+
+resource "acme_certificate" "certificate" {
+  account_key_pem = acme_registration.registration.account_key_pem
+  common_name     = var.common_name
+
+  dns_challenge {
+    provider = "route53"
+  }
+}
+
+module "certificate" {
+  source = "../.."
+
+  private_key      = tls_private_key.ca_cert.private_key_pem
+  certificate_body = acme_certificate.certificate.certificate_pem
+  certificate_name = var.common_name
+}
diff --git a/modules/letsencrypt/outputs.tf b/modules/letsencrypt/outputs.tf
@@ -0,0 +1,4 @@
+output "certificate_arn" {
+  value       = module.certificate.certificate_arn
+  description = "ARN of generated ACM certificate"
+}
diff --git a/modules/letsencrypt/provider.tf b/modules/letsencrypt/provider.tf
@@ -0,0 +1,3 @@
+provider "acme" {
+  server_url = var.server_url
+}
diff --git a/modules/letsencrypt/vars.tf b/modules/letsencrypt/vars.tf
@@ -0,0 +1,12 @@
+variable "common_name" {
+  description = "Certificate common name"
+}
+
+variable "email_address" {
+  description = "Email address associated with Letsencrypt certificate"
+}
+
+variable "server_url" {
+  description = "URL of the Letsencrypt server"
+  default     = "https://acme-staging-v02.api.letsencrypt.org/directory"
+}