Feature/base repo

JordiiBru · May 20, 2024 · 79deb3e · 79deb3e
2 parents da6dc6c + d08eeb2
commit 79deb3e
Showing 8 changed files with 211 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,46 @@
+**/terragrunt_variables.tf
+**/.terraform.lock.hcl
+**/*.zip
+**/backend.tf
+
+# Created by https://www.toptal.com/developers/gitignore/api/terraform,terragrunt
+# Edit at https://www.toptal.com/developers/gitignore?templates=terraform,terragrunt
+
+### Terraform ###
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+### Terragrunt ###
+# terragrunt cache directories
+**/.terragrunt-cache/*
+
+# End of https://www.toptal.com/developers/gitignore/api/terraform,terragrunt
+
+### VSCode ###
+.vscode/
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -0,0 +1,4 @@
+# More on CODEOWNERS files: https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
+
+# Path    # Maintainer
+* @JordiiBru
diff --git a/README.md b/README.md
@@ -1 +1,34 @@
-# aws-acm
+# aws-acm
+Terraform module to create an ACM (AWS Certificate Manager) certificate with Route 53 resources for DNS validation.
+
+## Required Variables
+
+| Name          | Description                                     | Type   | Validation                                     | Default |
+|---------------|-------------------------------------------------|--------|------------------------------------------------|---------|
+| `stage`       | Stage of development                            | string | `test`, `dev`, `staging`, `prod`               | N/A     |
+| `purpose`     | Short description about the created resource    | string | Must match the regex `^[a-zA-Z0-9-_]*$`        | N/A     |
+| `owner`       | Owner of the deployed infrastructure            | string | Must have more than three characters           | N/A     |
+| `domain_name` | Name of the domain                              | string | Must have more than three characters           | N/A     |
+
+## Optional Variables
+
+| Name            | Description             | Type   | Default |
+|-----------------|-------------------------|--------|---------|
+| `validate_cert` | Validate the certificate| bool   | `false` |
+
+## Usage
+
+```hcl
+module "acm" {
+  source = "../"
+
+  # Required variables
+  stage       = "test"
+  owner       = "wanda"
+  purpose     = "tfg"
+  domain_name = "domain.com"
+
+  # Required variables
+  validate_cert = true
+}
+```
diff --git a/examples/basic-acm.tf b/examples/basic-acm.tf
@@ -0,0 +1,12 @@
+module "acm" {
+  source = "../"
+
+  # Required variables
+  stage       = "test"
+  owner       = "wanda"
+  purpose     = "tfg"
+  domain_name = "jordibru.cloud"
+
+  # Required variables
+  validate_cert = true
+}
diff --git a/main.tf b/main.tf
@@ -0,0 +1,42 @@
+data "aws_route53_zone" "domain_created" {
+  name = var.domain_name
+}
+
+resource "aws_acm_certificate" "domain_certificate" {
+  domain_name       = var.domain_name
+  validation_method = "DNS"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+
+  tags = {
+    terraform = true
+    stage     = var.stage
+    owner     = var.owner
+  }
+}
+
+# record validation
+resource "aws_route53_record" "cert_validations" {
+  for_each = var.validate_cert ? {
+    for dvo in aws_acm_certificate.domain_certificate.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    }
+  } : {}
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 60
+  type            = each.value.type
+  zone_id         = data.aws_route53_zone.domain_created.zone_id
+}
+
+resource "aws_acm_certificate_validation" "validations" {
+  count                   = var.validate_cert ? 1 : 0
+  certificate_arn         = aws_acm_certificate.domain_certificate.arn
+  validation_record_fqdns = [for record in aws_route53_record.cert_validations : record.fqdn]
+}
diff --git a/output.tf b/output.tf
@@ -0,0 +1,8 @@
+# More on: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#attribute-reference
+output "certificate_arn" {
+  value = aws_acm_certificate.domain_certificate[*].arn
+}
+
+output "domain_validation_options" {
+  value = aws_acm_certificate.domain_certificate[*].domain_validation_options
+}
diff --git a/providers.tf b/providers.tf
@@ -0,0 +1,15 @@
+terraform {
+  required_version = ">= 1.5.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+  }
+}
+
+provider "aws" {
+  region  = "eu-west-1"
+  profile = "aws-jordi-account"
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,50 @@
+# REQUIRED VARIABLES
+
+variable "stage" {
+  description = "Stage of development"
+  type        = string
+
+  validation {
+    condition     = can(regex("^(test|dev|stagin|prod)$", var.stage))
+    error_message = "Stage must be dev, staging or prod."
+  }
+}
+
+variable "purpose" {
+  description = "Short description about the created resource"
+  type        = string
+  default     = null
+
+  validation {
+    condition     = can(regex("^([a-zA-Z0-9-_]*)$", var.purpose))
+    error_message = "Only the expression [a-zA-Z0-9-_]* is allowed."
+  }
+}
+
+variable "owner" {
+  description = "Owner of the deployed infrastructure"
+  type        = string
+  default     = null
+
+  validation {
+    condition     = length(var.owner) >= 3
+    error_message = "You must define an owner with more than three letters."
+  }
+}
+
+variable "domain_name" {
+  description = "Name of the domain"
+  type        = string
+  default     = null
+  validation {
+    condition     = length(var.domain_name) >= 3
+    error_message = "You must define a domain name that exists on the account."
+  }
+}
+
+# OPTIONAL VARIABLES
+variable "validate_cert" {
+  description = "Validate the certificate"
+  type        = bool
+  default     = false
+}