mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 09:44:51 +00:00
1265d4cf63
* Add single AMI build/setup * Add ACM support to Terraform and Letsencrypt support to single AMI * Finish Letsencrypt support for Single AMI, also add ACM to Single AMI and tidy up Terraform versioning * Fix Letsencrypt cert acquistion, reduce startup timers from 5 minutes to 3 minutes, tweaks for ACM/non-ACM in Terraform * Remove AWS-based license from Enterprise AMI to convert to BYOL * Tidy up - move Cloudformation into a separate subdirectory and remove old Terraform code * Updated TIG stack to latest versions and tested * Tidy up CloudFormation builds and improve instructions * Fix VPC variable name
31 lines
1.4 KiB
HCL
31 lines
1.4 KiB
HCL
// If you already have your own ACM certificate that you'd like to use, set the "use_acm" variable to "true" and then
|
|
// import the existing ACM certificate with:
|
|
// terraform import aws_acm_certificate.cert <certificate_arn>
|
|
// NOTE: using non-Amazon issued certificates in this manner is a bad idea as they cannot be automatically recreated by
|
|
// Terraform if they are deleted. In this instance we recommend setting up ACM on the proxy 2load balancer yourself.
|
|
|
|
// Define an ACM cert we can use for the proxy
|
|
resource "aws_acm_certificate" "cert" {
|
|
domain_name = "${var.route53_domain}"
|
|
validation_method = "DNS"
|
|
count = "${var.use_acm ? 1 : 0}"
|
|
|
|
lifecycle {
|
|
create_before_destroy = true
|
|
}
|
|
}
|
|
|
|
resource "aws_route53_record" "cert_validation" {
|
|
name = "${aws_acm_certificate.cert.domain_validation_options.0.resource_record_name}"
|
|
type = "${aws_acm_certificate.cert.domain_validation_options.0.resource_record_type}"
|
|
zone_id = "${data.aws_route53_zone.proxy.zone_id}"
|
|
records = ["${aws_acm_certificate.cert.domain_validation_options.0.resource_record_value}"]
|
|
ttl = 60
|
|
count = "${var.use_acm ? 1 : 0}"
|
|
}
|
|
|
|
resource "aws_acm_certificate_validation" "cert" {
|
|
certificate_arn = "${aws_acm_certificate.cert.arn}"
|
|
validation_record_fqdns = ["${aws_route53_record.cert_validation.fqdn}"]
|
|
count = "${var.use_acm ? 1 : 0}"
|
|
} |