Add acm support for cn (#15)

* Allow to use ACM in AWS China * fix Readme
lean-delivery · May 4, 2020 · 716310d · 716310d
1 parent 163f8f7
commit 716310d
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -30,6 +30,7 @@ module "alb" {
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
 | acm\_cert\_domain | Domain name for which ACM certificate was created | string | `` | no |
+| cn\_acm | Whether to use acm certificate in AWS China. Default set to false for backward compatibility | string | `false` | no |
 | default\_http\_tcp\_listeners\_count | Switch to configure default HTTP listener | string | `0` | no |
 | default\_http\_tcp\_listeners\_port | Port of default HTTP listener | string | `80` | no |
 | default\_https\_tcp\_listeners\_count | Switch to configure default HTTPs listener | string | `1` | no |
@@ -52,7 +53,8 @@ module "alb" {
 | vpc\_id | VPC id where the load balancer and other resources will be deployed | string | - | yes |
 | alb\_logs\_expiration\_days | s3 lifecycle rule expiration period | string | `5` | yes |
 | alb\_logs\_lifecycle\_rule\_enabled | Enable or disable s3 lifecycle rule | string | `false` | yes |
-| alb\_custom\_security\_group | Security group ID that override default-created security group | string | `None` | no |
+| alb\_custom\_security\_group | Switch to override default-created security group | string | `false` | no |
+| alb\_custom\_security\_group\_id | Security group ID that override default-created security group | string | `None` | no |
 
 ## Outputs
 

diff --git a/main.tf b/main.tf
@@ -90,13 +90,13 @@ data "aws_acm_certificate" "this" {
   domain      = "${var.acm_cert_domain}"
   statuses    = ["ISSUED", "PENDING_VALIDATION"]
   most_recent = "${var.most_recent_certificate}"
-  count       = "${data.aws_partition.current.partition == "aws" ? 1 : 0}"
+  count       = "${data.aws_partition.current.partition == "aws" ? 1 : "${var.cn_acm == true ? 1 : 0}" }"
 }
 
 data "aws_iam_server_certificate" "ss_cert" {
   name   = "${data.aws_region.current.name}.elb.amazonaws.com.cn"
   latest = true
-  count  = "${data.aws_partition.current.partition == "aws-cn" ? 1 : 0}"
+  count  = "${data.aws_partition.current.partition == "aws-cn" ? "${var.cn_acm == false ? 1 : 0}" : 0}"
 }
 
 module "alb" {

diff --git a/variables.tf b/variables.tf
@@ -155,3 +155,8 @@ variable "alb_custom_security_group_id" {
   description = "Security group ID that override default-created security group"
   default     = "None"
 }
+
+variable "cn_acm" {
+  default     = "false"
+  description = "Whether to use acm certificate with AWS China"
+}