diff options
Diffstat (limited to 'jinwei.me/infra/acm.tf')
| -rw-r--r-- | jinwei.me/infra/acm.tf | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/jinwei.me/infra/acm.tf b/jinwei.me/infra/acm.tf new file mode 100644 index 0000000..c6900cd --- /dev/null +++ b/jinwei.me/infra/acm.tf | |||
| @@ -0,0 +1,41 @@ | |||
| 1 | resource "aws_acm_certificate" "main" { | ||
| 2 | domain_name = "static.jinwei.me" | ||
| 3 | validation_method = "DNS" | ||
| 4 | |||
| 5 | subject_alternative_names = [ | ||
| 6 | "*.static.jinwei.me", | ||
| 7 | ] | ||
| 8 | } | ||
| 9 | |||
| 10 | resource "aws_acm_certificate_validation" "main" { | ||
| 11 | certificate_arn = aws_acm_certificate.main.arn | ||
| 12 | validation_record_fqdns = [cloudflare_record.acm.hostname] | ||
| 13 | } | ||
| 14 | |||
| 15 | |||
| 16 | # CloudFront requires ACM to be in us-east-1, so duplicate the resources. | ||
| 17 | resource "aws_acm_certificate" "us-east-1" { | ||
| 18 | provider = aws.us-east-1 | ||
| 19 | |||
| 20 | domain_name = "static.jinwei.me" | ||
| 21 | validation_method = "DNS" | ||
| 22 | |||
| 23 | subject_alternative_names = [ | ||
| 24 | "*.static.jinwei.me", | ||
| 25 | ] | ||
| 26 | } | ||
| 27 | |||
| 28 | resource "aws_acm_certificate_validation" "us-east-1" { | ||
| 29 | provider = aws.us-east-1 | ||
| 30 | |||
| 31 | certificate_arn = aws_acm_certificate.us-east-1.arn | ||
| 32 | validation_record_fqdns = [cloudflare_record.acm.hostname] | ||
| 33 | } | ||
| 34 | |||
| 35 | # Cloudflare validation record | ||
| 36 | resource "cloudflare_record" "acm" { | ||
| 37 | zone_id = data.cloudflare_zones.domain.zones[0].id | ||
| 38 | name = tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_name | ||
| 39 | type = tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_type | ||
| 40 | value = tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_value | ||
| 41 | } | ||