cf2tf icon indicating copy to clipboard operation
cf2tf copied to clipboard

Published 20 hours ago verified publisher icon DontShaveTheYak

aws_acmpca_certificate generation improperly creates validity block.

Open aaron-loz opened this issue 1 week ago • 0 comments

The Issue

When running cf2tf on a yaml file that includes RootCACertificate as a resource, the validity block created has the wrong syntax around the validity argument:

resource "aws_acmpca_certificate" "root_ca_certificate" {
  certificate_authority_arn = aws_acmpca_certificate_authority.root_ca.id
  certificate_signing_request = aws_acmpca_certificate_authority.root_ca.certificate_signing_request
  signing_algorithm = "SHA256WITHRSA"
  template_arn = "arn:aws:acm-pca:::template/RootCACertificate/V1"
  #### issue below.
  validity = {
    Type = "YEARS"
    Value = 10
  }
### issue above.
}

This causes additional work for a dev to convert to the proper syntax, wherein the validity does not have an equal sign before the curly brace, and "Type" and "Value" arguments should be lowercased.

How to recreate

  1. In a yaml file, add this cloudformations block:
Resources:
  RootCACertificate:
    Type: AWS::ACMPCA::Certificate
    Properties:
      CertificateAuthorityArn:
        Ref: RootCA
      CertificateSigningRequest:
        Fn::GetAtt:
          - RootCA
          - CertificateSigningRequest
      SigningAlgorithm: SHA256WITHRSA
      TemplateArn: arn:aws:acm-pca:::template/RootCACertificate/V1
      Validity:
        Type: YEARS
        Value: 10
  1. run cf2tf

aaron-loz avatar Feb 15 '25 22:02 aaron-loz