Merge pull request #2 from davedash/wildcard-support

Add support for a wildcard domain name via ACM.
jonathanio · Sep 28, 2017 · 2f7a860 · 2f7a860
2 parents 2c048c0 + e534976
commit 2f7a860
Show file tree

Hide file tree

Showing 7 changed files with 75 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -25,8 +25,10 @@ provider "aws" {
 module "website" {
   source = "modules/terraform-module-s3-cloudfront"
 
-  name     = "my-first-website"
-  hostname = "example.com"
+  name         = "my-first-website"
+  hostname     = "example.com"
+  wildcard_ssl = "*.example.com"
+  
   aliases  = [
   	"example.net",
   	"example.org"
@@ -59,6 +61,7 @@ directory of this repository.
 ## Authors
 
 Jonathan Wright <[email protected]>
+Dave Dash <[email protected]>
 
 ## License
 

diff --git a/certificate.tf b/certificate.tf
@@ -10,5 +10,5 @@ provider "aws" {
 
 data "aws_acm_certificate" "frontend" {
   provider = "aws.us-east-1"
-  domain   = "${var.hostname}"
+  domain   = "${coalesce(var.wildcard_ssl, var.hostname)}"
 }
diff --git a/examples/wildcard/README.md b/examples/wildcard/README.md
@@ -0,0 +1,28 @@
+# Example Usage
+
+The example in this directory will utilize a Wildcard SSL certificate.
+
+## Important
+
+This module will create an encrypted (i.e. HTTPS) endpoint in CloudFront using
+[Amazon Certificate Manager](https://aws.amazon.com/certificate-manager/). ACM
+cannot be automated at this time as it requires manual steps in the approval
+of the domain name before it can be added into the account. Please therefore
+setup the certificate for the domain name you require (and any aliases you may
+include as well) by following the
+[Getting Started](http://docs.aws.amazon.com/acm/latest/userguide/gs.html) guide
+in the AWS Documentation.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which can cost money (logs stored
+within S3, for example). Run `terraform destroy` when you don't need these
+resources.
diff --git a/examples/wildcard/main.tf b/examples/wildcard/main.tf
@@ -0,0 +1,16 @@
+provider "aws" {
+  region = "eu-west-2"
+}
+
+module "website" {
+  source = "../../"
+
+  name         = "my-first-website"
+  hostname     = "mysite.example.com"
+  wildcard_ssl = "*.example.com"
+
+  tags {
+    Domain = "mysite.example.com"
+    Owner  = "[email protected]"
+  }
+}
diff --git a/examples/wildcard/outputs.tf b/examples/wildcard/outputs.tf
@@ -0,0 +1,15 @@
+output "hostname" {
+  value = "${module.website.hostname}"
+}
+
+output "s3_bucket_name" {
+  value = "${module.website.s3_bucket_name}"
+}
+
+output "cloudfront_distribution_id" {
+  value = "${module.website.cloudfront_distribution_id}"
+}
+
+output "cloudfront_distribution_hostname" {
+  value = "${module.website.cloudfront_distribution_hostname}"
+}
diff --git a/outputs.tf b/outputs.tf
@@ -17,3 +17,8 @@ output "cloudfront_distribution_hostname" {
   description = "The hostname of the CloudFront Distribution (use for DNS CNAME)."
   value       = "${aws_cloudfront_distribution.website.domain_name}"
 }
+
+output "cloudfront_zone_id" {
+  description = "The Zone ID of the CloudFront Distribution (use for DNS Alias)."
+  value       = "${aws_cloudfront_distribution.website.hosted_zone_id}"
+}
diff --git a/variables.tf b/variables.tf
@@ -8,6 +8,11 @@ variable "hostname" {
   default     = "example.com"
 }
 
+variable "wildcard_ssl" {
+  description = "Wildcard SSL certificate domain name.  E.g. *.example.com"
+  default     = ""
+}
+
 variable "aliases" {
   description = "Additional aliases to host this website for."
   default     = []