Added support for locally-signed certificate imported to ACM

Author: Ben Fortuna

Makefile

@@ -11,12 +11,15 @@ clean:
 
 test:
 	$(TERRAFORM) init && $(TERRAFORM) validate && \
+		$(TERRAFORM) init modules/locally_signed && $(TERRAFORM) validate modules/locally_signed && \
 		$(TERRAFORM) init modules/self_signed && $(TERRAFORM) validate modules/self_signed
 
 docs:
 	docker run --rm -v "${PWD}:/work" tmknom/terraform-docs markdown ./ >./README.md && \
+		docker run --rm -v "${PWD}:/work" tmknom/terraform-docs markdown ./modules/locally_signed >./modules/locally_signed/README.md && \
 		docker run --rm -v "${PWD}:/work" tmknom/terraform-docs markdown ./modules/self_signed >./modules/self_signed/README.md
 
 format:
 	$(TERRAFORM) fmt -list=true ./ && \
+		$(TERRAFORM) fmt -list=true ./modules/locally_signed && \
 		$(TERRAFORM) fmt -list=true ./modules/self_signed

modules/locally_signed/README.md

@@ -0,0 +1,24 @@
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| tls | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| common\_name | Certificate common name | `any` | n/a | yes |
+| country | Certificate country | `any` | n/a | yes |
+| organization | Certificate organization | `any` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| certificate\_arn | ARN of generated ACM certificate |
+

modules/locally_signed/main.tf

@@ -0,0 +1,50 @@
+resource "tls_private_key" "ca_cert" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "ca_cert" {
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+  key_algorithm         = "RSA"
+  private_key_pem       = tls_private_key.ca_cert.private_key_pem
+  is_ca_certificate     = true
+  validity_period_hours = 2160
+  subject {
+    common_name  = var.common_name
+    organization = var.organization
+    country      = var.country
+  }
+}
+
+resource "tls_cert_request" "certificate" {
+  key_algorithm   = "RSA"
+  private_key_pem = tls_private_key.ca_cert.private_key_pem
+  subject {
+    common_name  = var.common_name
+    organization = var.organization
+    country      = var.country
+  }
+}
+
+resource "tls_locally_signed_cert" "certificate" {
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+  ca_cert_pem           = tls_self_signed_cert.ca_cert.cert_pem
+  ca_key_algorithm      = tls_self_signed_cert.ca_cert.key_algorithm
+  ca_private_key_pem    = tls_private_key.ca_cert.private_key_pem
+  cert_request_pem      = tls_cert_request.certificate.cert_request_pem
+  validity_period_hours = 2160
+}
+
+module "certificate" {
+  source = "../.."
+
+  private_key      = tls_private_key.ca_cert.private_key_pem
+  certificate_body = tls_locally_signed_cert.certificate.cert_pem
+}

modules/locally_signed/outputs.tf

@@ -0,0 +1,4 @@
+output "certificate_arn" {
+  value       = module.certificate.certificate_arn
+  description = "ARN of generated ACM certificate"
+}

modules/locally_signed/vars.tf

@@ -0,0 +1,11 @@
+variable "common_name" {
+  description = "Certificate common name"
+}
+
+variable "organization" {
+  description = "Certificate organization"
+}
+
+variable "country" {
+  description = "Certificate country"
+}