diff options
Diffstat (limited to 'jinwei.me/infra/acm.tf')
-rw-r--r-- | jinwei.me/infra/acm.tf | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/jinwei.me/infra/acm.tf b/jinwei.me/infra/acm.tf new file mode 100644 index 0000000..c6900cd --- /dev/null +++ b/jinwei.me/infra/acm.tf | |||
@@ -0,0 +1,41 @@ | |||
1 | resource "aws_acm_certificate" "main" { | ||
2 | domain_name = "static.jinwei.me" | ||
3 | validation_method = "DNS" | ||
4 | |||
5 | subject_alternative_names = [ | ||
6 | "*.static.jinwei.me", | ||
7 | ] | ||
8 | } | ||
9 | |||
10 | resource "aws_acm_certificate_validation" "main" { | ||
11 | certificate_arn = aws_acm_certificate.main.arn | ||
12 | validation_record_fqdns = [cloudflare_record.acm.hostname] | ||
13 | } | ||
14 | |||
15 | |||
16 | # CloudFront requires ACM to be in us-east-1, so duplicate the resources. | ||
17 | resource "aws_acm_certificate" "us-east-1" { | ||
18 | provider = aws.us-east-1 | ||
19 | |||
20 | domain_name = "static.jinwei.me" | ||
21 | validation_method = "DNS" | ||
22 | |||
23 | subject_alternative_names = [ | ||
24 | "*.static.jinwei.me", | ||
25 | ] | ||
26 | } | ||
27 | |||
28 | resource "aws_acm_certificate_validation" "us-east-1" { | ||
29 | provider = aws.us-east-1 | ||
30 | |||
31 | certificate_arn = aws_acm_certificate.us-east-1.arn | ||
32 | validation_record_fqdns = [cloudflare_record.acm.hostname] | ||
33 | } | ||
34 | |||
35 | # Cloudflare validation record | ||
36 | resource "cloudflare_record" "acm" { | ||
37 | zone_id = data.cloudflare_zones.domain.zones[0].id | ||
38 | name = tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_name | ||
39 | type = tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_type | ||
40 | value = tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_value | ||
41 | } | ||