From 9704172f10626a7d43cd5f385f365cce6010747b Mon Sep 17 00:00:00 2001
From: Richard Onyon <onyon@Richards-MacBook-Pro.local>
Date: Sun, 13 Feb 2022 12:51:51 -0800
Subject: [PATCH] Initial commit.

---
 README.md    | 38 ++++++++++++++++++++++++++++++++++++++
 main.tf      | 13 +++++++++++++
 outputs.tf   |  4 ++++
 variables.tf | 15 +++++++++++++++
 4 files changed, 70 insertions(+)
 create mode 100644 README.md
 create mode 100644 main.tf
 create mode 100644 outputs.tf
 create mode 100644 variables.tf

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..848b432
--- /dev/null
+++ b/README.md
@@ -0,0 +1,38 @@
+# Terraform Create AWS ACM Certificate For Multiple Domains
+
+The [Terraform documentation for `acm_certificate_validation`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate_validation) 
+only supports a single domain in the request. This module allows you to support multiple
+domains in the request as long as they are the APEX or *.APEX domain. This will
+reduce code complexity and cost by allowing you to have a single certificate
+with more domains.
+
+```
+resource "aws_acm_certificate" "certificate" {
+  domain_name       = "mydomain.dev"
+  validation_method = "DNS"
+  subject_alternative_names = [
+    "*.mydomain.dev",
+    "myseconddomain.co",
+    "*.myseconddomain.co",
+    "*.mythirddomain.co.uk"
+  ]
+}
+
+module "acm-r53-records" {
+  for_each = {for domain in aws_acm_certificate.certificate.domain_validation_options: domain.domain_name => domain}
+
+  source    = "github.com/cebollia/terraform-aws-acm-multiple-domains"
+
+  certificate_arn = aws_acm_certificate.certificate.arn
+  domain          = each.key
+  name            = each.value.resource_record_name
+  type            = each.value.resource_record_type
+  record          = each.value.resource_record_value
+  ttl             = 3600
+}
+
+resource "aws_acm_certificate_validation" "validate" {
+  certificate_arn         = aws_acm_certificate.certificate.arn
+  validation_record_fqdns = [for domain in module.acm-r53-records : domain.record.fqdn ]
+}
+```
\ No newline at end of file
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..72223ca
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,13 @@
+data "aws_route53_zone" "domain" {
+  name         = local.domain
+  private_zone = false
+}
+
+resource "aws_route53_record" "tls-entry" {
+  allow_overwrite = true
+  name            = local.name
+  records         = [local.record]
+  ttl             = local.ttl
+  type            = local.type
+  zone_id         = data.aws_route53_zone.domain.zone_id
+}
\ No newline at end of file
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..fe953b7
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,4 @@
+output "record" {
+  value     = aws_route53_record.tls-entry
+  sensitive = false
+}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..37938a4
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,15 @@
+variable "certificate_arn" {}
+variable "domain" {}
+variable "name" {}
+variable "type" {}
+variable "record" {}
+variable "ttl" {}
+
+locals {
+  certificate_arn = var.certificate_arn
+  domain          = replace(var.domain,"*.","")
+  name            = var.name
+  type            = var.type
+  record          = var.record
+  ttl             = var.ttl
+}
\ No newline at end of file