feat(acm): Add reference to existing ACM certificate

- Use conditional in aws_lb_listener.this to refer to certificate_arn argument - Add input variables acm_create_certificate and acm_certificate_arn - Update README.md
cambridge-collection · Oct 1, 2024 · 139774d · 139774d
1 parent ea03c9e
commit 139774d
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -97,6 +97,8 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_acm_certificate_arn"></a> [acm\_certificate\_arn](#input\_acm\_certificate\_arn) | ARN of an existing certificate in Amazon Certificate Manager | `string` | `null` | no |
+| <a name="input_acm_create_certificate"></a> [acm\_create\_certificate](#input\_acm\_create\_certificate) | Whether to create a certificate in Amazon Certificate Manager | `bool` | `true` | no |
 | <a name="input_alb_access_logs_bucket"></a> [alb\_access\_logs\_bucket](#input\_alb\_access\_logs\_bucket) | Name of the S3 Bucket for ALB access logs | `string` | `""` | no |
 | <a name="input_alb_access_logs_enabled"></a> [alb\_access\_logs\_enabled](#input\_alb\_access\_logs\_enabled) | Whether to enable access logging for the ALB | `bool` | `false` | no |
 | <a name="input_alb_access_logs_prefix"></a> [alb\_access\_logs\_prefix](#input\_alb\_access\_logs\_prefix) | Prefix for objects in S3 bucket for ALB access logs | `string` | `""` | no |

diff --git a/data.tf b/data.tf
@@ -38,12 +38,3 @@ data "aws_route53_zone" "existing" {
 
   zone_id = var.route53_zone_id_existing
 }
-
-data "aws_acm_certificate" "existing" {
-  count = var.acm_create_certificate ? 0 : 1
-
-  domain      = var.acm_certificate_domain_name
-  statuses    = ["ISSUED"]
-  types       = ["IMPORTED"]
-  most_recent = true
-}
diff --git a/loadbalancer.tf b/loadbalancer.tf
@@ -28,7 +28,7 @@ resource "aws_lb_listener" "https" {
   port              = 443
   protocol          = "HTTPS"
   ssl_policy        = var.alb_listener_ssl_policy
-  certificate_arn   = var.acm_create_certificate ? aws_acm_certificate.default.0.arn : data.aws_acm_certificate.existing.0.arn
+  certificate_arn   = var.acm_create_certificate ? aws_acm_certificate.default.0.arn : var.acm_certificate_arn
 
   default_action {
     type = "fixed-response"

diff --git a/variables.tf b/variables.tf
@@ -275,8 +275,8 @@ variable "acm_create_certificate" {
   default     = true
 }
 
-variable "acm_certificate_domain_name" {
+variable "acm_certificate_arn" {
   type        = string
-  description = "Domain name of an existing certificate in Amazon Certificate Manager. Use if domain name of the certificate is different to domain_name of the service"
+  description = "ARN of an existing certificate in Amazon Certificate Manager"
   default     = null
 }