From 716310dc5f3eaa05ce3485fa48581eafe955d83c Mon Sep 17 00:00:00 2001
From: Artsiom Ihnatovich <41552160+ignatovich-artem@users.noreply.github.com>
Date: Mon, 4 May 2020 14:57:20 +0300
Subject: [PATCH] Add acm support for cn (#15)

* Allow to use ACM in AWS China
* fix Readme
---
 README.md    | 4 +++-
 main.tf      | 4 ++--
 variables.tf | 5 +++++
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 167e31d..2512357 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,7 @@ module "alb" {
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
 | acm\_cert\_domain | Domain name for which ACM certificate was created | string | `` | no |
+| cn\_acm | Whether to use acm certificate in AWS China. Default set to false for backward compatibility | string | `false` | no |
 | default\_http\_tcp\_listeners\_count | Switch to configure default HTTP listener | string | `0` | no |
 | default\_http\_tcp\_listeners\_port | Port of default HTTP listener | string | `80` | no |
 | default\_https\_tcp\_listeners\_count | Switch to configure default HTTPs listener | string | `1` | no |
@@ -52,7 +53,8 @@ module "alb" {
 | vpc\_id | VPC id where the load balancer and other resources will be deployed | string | - | yes |
 | alb\_logs\_expiration\_days | s3 lifecycle rule expiration period | string | `5` | yes |
 | alb\_logs\_lifecycle\_rule\_enabled | Enable or disable s3 lifecycle rule | string | `false` | yes |
-| alb\_custom\_security\_group | Security group ID that override default-created security group | string | `None` | no |
+| alb\_custom\_security\_group | Switch to override default-created security group | string | `false` | no |
+| alb\_custom\_security\_group\_id | Security group ID that override default-created security group | string | `None` | no |
 
 ## Outputs
 
diff --git a/main.tf b/main.tf
index 28aefd3..33c5337 100644
--- a/main.tf
+++ b/main.tf
@@ -90,13 +90,13 @@ data "aws_acm_certificate" "this" {
   domain      = "${var.acm_cert_domain}"
   statuses    = ["ISSUED", "PENDING_VALIDATION"]
   most_recent = "${var.most_recent_certificate}"
-  count       = "${data.aws_partition.current.partition == "aws" ? 1 : 0}"
+  count       = "${data.aws_partition.current.partition == "aws" ? 1 : "${var.cn_acm == true ? 1 : 0}" }"
 }
 
 data "aws_iam_server_certificate" "ss_cert" {
   name   = "${data.aws_region.current.name}.elb.amazonaws.com.cn"
   latest = true
-  count  = "${data.aws_partition.current.partition == "aws-cn" ? 1 : 0}"
+  count  = "${data.aws_partition.current.partition == "aws-cn" ? "${var.cn_acm == false ? 1 : 0}" : 0}"
 }
 
 module "alb" {
diff --git a/variables.tf b/variables.tf
index c9ba9a2..9c93c68 100644
--- a/variables.tf
+++ b/variables.tf
@@ -155,3 +155,8 @@ variable "alb_custom_security_group_id" {
   description = "Security group ID that override default-created security group"
   default     = "None"
 }
+
+variable "cn_acm" {
+  default     = "false"
+  description = "Whether to use acm certificate with AWS China"
+}