certs.tf

# ==============================================================================
# Certificate for SSL and storing in Parameter store for retrieval in other ops
# ==============================================================================

provider "acme" {
  server_url = "https://acme-v02.api.letsencrypt.org/directory"
}

resource "tls_private_key" "private_key" {
  algorithm = "RSA"
}

resource "acme_registration" "reg" {
  account_key_pem = tls_private_key.private_key.private_key_pem
  email_address   = "info@examplesite.com"
}

resource "acme_certificate" "certificate" {
  account_key_pem = acme_registration.reg.account_key_pem
  common_name     = "examplesite.com"
  subject_alternative_names = [
    "*.examplesite.com"
  ]
  dns_challenge {
    provider = "route53"
  }
}

# Save values to aws ssm
resource "aws_ssm_parameter" "certificate" {
  name  = "/infra/core/certificate"
  type  = "SecureString"
  value = acme_certificate.certificate.certificate_pem
}

resource "aws_ssm_parameter" "certificate_chain" {
  name  = "/infra/core/certificate_chain"
  type  = "SecureString"
  value = acme_certificate.certificate.issuer_pem
}

resource "aws_ssm_parameter" "cert_private_key" {
  name  = "/infra/core/cert_private_key"
  type  = "SecureString"
  value = acme_certificate.certificate.private_key_pem
}