Create AWS ACM Terraform files

environments/dev/acm/main.tf

@@ -0,0 +1,20 @@
+provider "aws" {
+  region = var.region
+}
+
+module "acm" {
+  source = "../../../modules/acm"
+  region = var.region
+
+  domain_name                                 = var.domain_name
+  validation_method                           = var.validation_method
+  key_algorithm                               = var.key_algorithm
+  certificate_transparency_logging_preference = var.certificate_transparency_logging_preference
+  dns_domain_name = var.dns_domain_name
+
+  name        = var.name
+  environment = var.environment
+  owner       = var.owner
+  cost_center = var.cost_center
+  application = var.application
+}  

environments/dev/acm/outputs.tf

@@ -0,0 +1,19 @@
+output "cert_domain_name" {
+  description = "The valid domain name associated with the SSL/TLS certificate."
+  value       = module.acm.cert_domain_name
+}
+
+output "cert_expiry_date" {
+  description = "The expiration date of the SSL/TLS certificate."
+  value       = module.acm.cert_expiry_date
+}
+
+output "cert_renewal_eligibility" {
+  description = "Indicates if the SSL/TLS certificate is eligible for renewal."
+  value       = module.acm.cert_renewal_eligibility
+}
+
+output "cert_source" {
+  description = "The source or type of the SSL/TLS certificate (e.g., 'AMAZON_ISSUED', 'IMPORTED')."
+  value       = module.acm.cert_source
+}

environments/dev/acm/variables.tf

@@ -0,0 +1,60 @@
+variable "region" {
+  type        = string
+  description = "The AWS region where the Certificate Manager will be used."
+}
+
+variable "domain_name" {
+  type        = string
+  description = "The domain name associated with the SSL/TLS certificate."
+}
+
+variable "validation_method" {
+  type        = string
+  description = "The validation method used for certificate issuance (e.g., DNS, email)."
+}
+
+variable "key_algorithm" {
+  type        = string
+  description = "The cryptographic key algorithm used for the certificate (e.g., RSA, ECDSA)."
+}
+
+variable "certificate_transparency_logging_preference" {
+  type        = string
+  description = "The logging preference for certificate transparency (e.g., 'ENABLED' or 'DISABLED')."
+}
+
+variable "tags" {
+  default     = {}
+  type        = map(string)
+  description = "A map of extra tags to attach to the AWS resources."
+}
+
+variable "name" {
+  type        = string
+  description = "A user-defined name for the AWS resources."
+}
+
+variable "environment" {
+  type        = string
+  description = "The name of the environment associated with the AWS resources."
+}
+
+variable "owner" {
+  type        = string
+  description = "The name of the owner or responsible party for the AWS resources."
+}
+
+variable "cost_center" {
+  type        = string
+  description = "The identifier for the cost center associated with the AWS resources."
+}
+
+variable "application" {
+  type        = string
+  description = "The name of the application or project related to the AWS resources."
+}
+
+variable "dns_domain_name" {
+  type        = string
+  description = "Domain name of the Route 53"
+}

infra/acm/main.tf

@@ -0,0 +1,20 @@
+provider "aws" {
+  region = var.region
+}
+
+module "acm" {
+  source = "../../modules/acm"
+  region = var.region
+
+  domain_name                                 = var.domain_name
+  validation_method                           = var.validation_method
+  key_algorithm                               = var.key_algorithm
+  certificate_transparency_logging_preference = var.certificate_transparency_logging_preference
+  dns_domain_name = var.dns_domain_name
+
+  name        = var.name
+  environment = var.environment
+  owner       = var.owner
+  cost_center = var.cost_center
+  application = var.application
+}  

infra/acm/outputs.tf

@@ -0,0 +1,19 @@
+output "cert_domain_name" {
+  description = "The valid domain name associated with the SSL/TLS certificate."
+  value       = module.acm.cert_domain_name
+}
+
+output "cert_expiry_date" {
+  description = "The expiration date of the SSL/TLS certificate."
+  value       = module.acm.cert_expiry_date
+}
+
+output "cert_renewal_eligibility" {
+  description = "Indicates if the SSL/TLS certificate is eligible for renewal."
+  value       = module.acm.cert_renewal_eligibility
+}
+
+output "cert_source" {
+  description = "The source or type of the SSL/TLS certificate (e.g., 'AMAZON_ISSUED', 'IMPORTED')."
+  value       = module.acm.cert_source
+}

infra/acm/variables.tf

@@ -0,0 +1,60 @@
+variable "region" {
+  type        = string
+  description = "The AWS region where the Certificate Manager will be used."
+}
+
+variable "domain_name" {
+  type        = string
+  description = "The domain name associated with the SSL/TLS certificate."
+}
+
+variable "validation_method" {
+  type        = string
+  description = "The validation method used for certificate issuance (e.g., DNS, email)."
+}
+
+variable "key_algorithm" {
+  type        = string
+  description = "The cryptographic key algorithm used for the certificate (e.g., RSA, ECDSA)."
+}
+
+variable "certificate_transparency_logging_preference" {
+  type        = string
+  description = "The logging preference for certificate transparency (e.g., 'ENABLED' or 'DISABLED')."
+}
+
+variable "tags" {
+  default     = {}
+  type        = map(string)
+  description = "A map of extra tags to attach to the AWS resources."
+}
+
+variable "name" {
+  type        = string
+  description = "A user-defined name for the AWS resources."
+}
+
+variable "environment" {
+  type        = string
+  description = "The name of the environment associated with the AWS resources."
+}
+
+variable "owner" {
+  type        = string
+  description = "The name of the owner or responsible party for the AWS resources."
+}
+
+variable "cost_center" {
+  type        = string
+  description = "The identifier for the cost center associated with the AWS resources."
+}
+
+variable "application" {
+  type        = string
+  description = "The name of the application or project related to the AWS resources."
+}
+
+variable "dns_domain_name" {
+  type        = string
+  description = "Domain name of the Route 53"
+}

infra/route53/main.tf

@@ -0,0 +1,17 @@
+provider "aws" {
+  region = var.region
+}
+
+module "route53" {
+  source = "../../modules/route53"
+  region = var.region
+
+  dns_domain_name = var.dns_domain_name
+
+  name        = var.name
+  environment = var.environment
+  owner       = var.owner
+  cost_center = var.cost_center
+  application = var.application
+
+}  

infra/route53/outputs.tf

@@ -0,0 +1,14 @@
+output "zone_id" {
+  description = "The Zone ID of the Hosted Zone"
+  value       = module.route53.zone_id
+}
+
+output "name_servers" {
+  description = "The list of Name Servers of the Hosted Zone"
+  value       = module.route53.name_servers
+}
+
+output "tags_all" {
+  description = "The list of Tags associated with the Hosted Zone"
+  value       = module.route53.tags_all
+}

infra/route53/variables.tf

@@ -0,0 +1,40 @@
+variable "region" {
+  type        = string
+  description = "The AWS region where the Certificate Manager will be used."
+}
+
+variable "tags" {
+  default     = {}
+  type        = map(string)
+  description = "A map of extra tags to attach to the AWS resources."
+}
+
+variable "name" {
+  type        = string
+  description = "A user-defined name for the AWS resources."
+}
+
+variable "environment" {
+  type        = string
+  description = "The name of the environment associated with the AWS resources."
+}
+
+variable "owner" {
+  type        = string
+  description = "The name of the owner or responsible party for the AWS resources."
+}
+
+variable "cost_center" {
+  type        = string
+  description = "The identifier for the cost center associated with the AWS resources."
+}
+
+variable "application" {
+  type        = string
+  description = "The name of the application or project related to the AWS resources."
+}
+
+variable "dns_domain_name" {
+  type        = string
+  description = "Domain name of the Route 53"
+}

modules/acm/main.tf

@@ -0,0 +1,46 @@
+resource "aws_acm_certificate" "ssl_cert" {
+  domain_name       = var.domain_name
+  validation_method = var.validation_method
+  key_algorithm     = var.key_algorithm
+
+  lifecycle {
+    create_before_destroy = true
+  }
+
+  options {
+    certificate_transparency_logging_preference = var.certificate_transparency_logging_preference
+  }
+
+  tags = merge(
+    {
+      Name        = "${var.environment}-${var.application}-SSL-Cert"
+      Environment = var.environment
+      Owner       = var.owner
+      CostCenter  = var.cost_center
+      Application = var.application
+    },
+    var.tags
+  )
+}
+
+data "aws_route53_zone" "dns_zone" {
+  name         = var.dns_domain_name
+  private_zone = false
+}
+
+resource "aws_route53_record" "acm_record" {
+  for_each = {
+    for dvo in aws_acm_certificate.ssl_cert.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    }
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 300
+  type            = each.value.type
+  zone_id         = data.aws_route53_zone.dns_zone.zone_id 
+}

modules/acm/outputs.tf

@@ -0,0 +1,19 @@
+output "cert_domain_name" {
+  description = "The valid domain name associated with the SSL/TLS certificate."
+  value       = aws_acm_certificate.ssl_cert.domain_name
+}
+
+output "cert_expiry_date" {
+  description = "The expiration date of the SSL/TLS certificate."
+  value       = aws_acm_certificate.ssl_cert.not_after
+}
+
+output "cert_renewal_eligibility" {
+  description = "Indicates if the SSL/TLS certificate is eligible for renewal."
+  value       = aws_acm_certificate.ssl_cert.renewal_eligibility
+}
+
+output "cert_source" {
+  description = "The source or type of the SSL/TLS certificate (e.g., 'AMAZON_ISSUED', 'IMPORTED')."
+  value       = aws_acm_certificate.ssl_cert.type
+}