serverapps:configmgmt:terraform:acmcert
文書の過去の版を表示しています。
AWS Certificate Manager(ACM)による証明書の取得とドメイン検証
実際のスクリプト
# zone apex domain:サブドメインを含まないものを書く
variable "aws_acm_domain_name" {
description = "Domain Name"
default = "example.com"
}
# 取得対象のFQDN(サブドメイン付き)
variable "aws_acm_sub_domain_name" {
description = "Sub Domain Name"
default = "ex.example.com"
}
# 検証方法(mailはterraform外部で手作業が必要なので非推奨)
variable "aws_acm_validation_method" {
description = "validation method"
default = "DNS"
}
# tagはお好みでどうぞ
variable "aws_acm_env_tag" {
description = "enviroment tag"
default = "sample"
}
# 証明書発行リクエスト
resource "aws_acm_certificate" "cert" {
domain_name = "${var.aws_acm_sub_domain_name}"
validation_method = "${var.aws_acm_validation_method}"
tags {
Environment = "${var.aws_acm_env_tag}"
}
lifecycle {
# lifecycleにこれを入れておくのが推奨されています
create_before_destroy = true
}
}
# Route53で管理されているドメインの情報を持ってきます
data "aws_route53_zone" "zone" {
name = "${var.aws_acm_domain_name}"
private_zone = false
}
# DNSによる検証用レコードの登録
resource "aws_route53_record" "cert_validation" {
name = "${aws_acm_certificate.cert.domain_validation_options.0.resource_record_name}"
type = "${aws_acm_certificate.cert.domain_validation_options.0.resource_record_type}"
zone_id = "${data.aws_route53_zone.zone.id}"
records = ["${aws_acm_certificate.cert.domain_validation_options.0.resource_record_value}"]
ttl = 60
}
# 検証
resource "aws_acm_certificate_validation" "cert" {
certificate_arn = "${aws_acm_certificate.cert.arn}"
validation_record_fqdns = ["${aws_route53_record.cert_validation.fqdn}"]
}
serverapps/configmgmt/terraform/acmcert.1539219899.txt.gz · 最終更新: 2018/10/11 01:04 by hayashi