terraform-aws-acm icon indicating copy to clipboard operation
terraform-aws-acm copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

feat: Cross-account DNS and ACM resource creation

Open dannyibishev opened this issue 2 years ago β€’ 4 comments

Description

The proposed changes will allow both cross-account and single account ACM creation with DNS validation.

Motivation and Context

I needed to create my ACM certificates in account B but my hosted zone belongs to Account A. These changes allowed me to meet this requirement.

Breaking Changes

I believe the two providers will now always be required and need to be explicitly passed down.

In the module call, people will now need to pass the providers block with the two required providers.

  providers = {
    aws.acm = aws.account_b,
    aws.dns = aws.account_a
  }

or if they use a single account then the following block should still work

  providers = {
    aws.acm = aws,
    aws.dns = aws
  }

How Has This Been Tested?

I have tested by calling the fork with my branch

module "acm" {
  source = "[email protected]:Pod-Point/terraform-aws-acm.git?ref=patch-cross-account-provider"

  providers = {
    aws.acm = aws.<ommited>,
    aws.dns = aws.<ommited>
  }

  domain_name = var.project_domain
  zone_id     = var.pod_point_hosted_zone_id

  subject_alternative_names = var.additional_aliased_domains

  wait_for_validation                = true
  validation_allow_overwrite_records = false
}
  • [x] I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • [ ] I have tested and validated these changes using one or more of the provided examples/* projects
  • [x] I have executed pre-commit run -a on my pull request

dannyibishev avatar May 10 '22 11:05 dannyibishev

This PR has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this PR will be closed in 10 days

github-actions[bot] avatar Jun 19 '22 00:06 github-actions[bot]

Any chance this can be looked at

dannyibishev avatar Jun 20 '22 08:06 dannyibishev

Would be great to see this one merged! How does it handle the case of using single account? Does the user still need to path 2 providers even if it's the same one?

Fodoj avatar Jul 19 '22 10:07 Fodoj

@antonbabenko any chance this can be merged?

mustafa89 avatar Aug 10 '22 21:08 mustafa89

This issue has been resolved in version 4.1.0 :tada:

antonbabenko avatar Aug 26 '22 14:08 antonbabenko

Thanks for the feature! Already updated our code - works like a charm. No need to create validation records manually anymore.

mputilin avatar Sep 08 '22 08:09 mputilin

Thank you for the confirmation, @mputilin !

antonbabenko avatar Sep 08 '22 08:09 antonbabenko

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Nov 15 '22 02:11 github-actions[bot]