diff --git a/.github/workflows/terraform-docs.yaml b/.github/workflows/terraform-docs.yaml
index e480dd9..814ac07 100644
--- a/.github/workflows/terraform-docs.yaml
+++ b/.github/workflows/terraform-docs.yaml
@@ -13,7 +13,7 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v4
with:
- ref: ${{ github.event.pull_request.head.ref }}
+ ref: ${{ github.ref }}
- name: Render and Push terraform docs for main module
uses: terraform-docs/gh-actions@main
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index a996903..782974c 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -4,7 +4,6 @@ repos:
hooks:
- id: terraform_fmt
- id: terraform_validate
- exclude: '^[^/]+\.tf$|^modules/acm/.*'
- id: terraform_tflint
args:
- '--args=--only=terraform_deprecated_interpolation'
diff --git a/README.md b/README.md
index ffc3d57..240e612 100644
--- a/README.md
+++ b/README.md
@@ -12,13 +12,13 @@ Terraform module to deploy production-ready applications and services on an exis
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.6.0 |
-| [aws](#requirement\_aws) | ~> 6.0 |
+| [aws](#requirement\_aws) | ~> 5.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | ~> 6.0 |
+| [aws](#provider\_aws) | ~> 5.0 |
## Modules
@@ -51,8 +51,6 @@ Terraform module to deploy production-ready applications and services on an exis
| [create\_s3\_bucket\_for\_alb\_logging](#input\_create\_s3\_bucket\_for\_alb\_logging) | (Optional) Creates S3 bucket for storing ALB Access and Connection Logs. | `bool` | `true` | no |
| [default\_capacity\_providers\_strategies](#input\_default\_capacity\_providers\_strategies) | (Optional) Set of capacity provider strategies to use by default for the cluster. | `any` | `[]` | no |
| [load\_balancer](#input\_load\_balancer) | Configuration for the Application Load Balancer. | object({
name = optional(string)
internal = optional(bool, false)
subnets_ids = optional(list(string), [])
security_groups_ids = optional(list(string), [])
preserve_host_header = optional(bool)
enable_deletion_protection = optional(bool, false)
access_logs = optional(any, null)
connection_logs = optional(any, null)
target_groups = optional(any, {})
listeners = optional(any, {})
listener_rules = optional(any, {})
tags = optional(map(string), {})
}) | `{}` | no |
-| [region](#input\_region) | (Optional) AWS region to create resources in. | `string` | `null` | no |
-| [route53\_assume\_role\_arn](#input\_route53\_assume\_role\_arn) | (Optional) ARN of the role to assume for Route53 operations. | `string` | `null` | no |
| [s3\_bucket\_force\_destroy](#input\_s3\_bucket\_force\_destroy) | (Optional, Default:false) Boolean that indicates all objects (including any locked objects) should be deleted from the bucket when the bucket is destroyed so that the bucket can be destroyed without error. | `bool` | `false` | no |
| [s3\_bucket\_name](#input\_s3\_bucket\_name) | (Optional, Forces new resource) Name of the bucket. | `string` | `null` | no |
| [s3\_bucket\_policy\_id\_prefix](#input\_s3\_bucket\_policy\_id\_prefix) | (Optional) - Prefix of the ID for the policy document. | `string` | `"ecs-deployment-alb-"` | no |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 008ea49..5d50da3 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -93,9 +93,6 @@ module "ecs_deployment" {
record_zone_id = data.aws_route53_zone.base_domain.zone_id
}
}
- region = var.region
- # Cross-account role that ACM module will use for Route53 DNS record creation
- route53_assume_role_arn = var.route53_assume_role_arn
# Application Load Balancer
load_balancer = {
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index 3973043..71d1a26 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -132,13 +132,3 @@ variable "domain_name" {
description = "Domain name for ACM"
type = string
}
-
-variable "region" {
- description = "AWS region to deploy resources"
- type = string
-}
-
-variable "route53_assume_role_arn" {
- description = "ARN of the cross-account role for Route53 DNS record creation"
- type = string
-}
diff --git a/main.tf b/main.tf
index 9adc7a7..509c409 100644
--- a/main.tf
+++ b/main.tf
@@ -243,33 +243,12 @@ resource "aws_ecs_task_definition" "this" {
################################################################################
# Amazon Certificates Manager Sub-module
################################################################################
-provider "aws" {
- region = var.region
-}
-
-# Cross-account provider for Route53
-provider "aws" {
- alias = "cross_account_provider"
- region = var.region
-
- dynamic "assume_role" {
- for_each = var.route53_assume_role_arn != null ? [1] : []
- content {
- role_arn = var.route53_assume_role_arn
- }
- }
-}
module "acm" {
source = "./modules/acm"
- providers = {
- aws = aws
- aws.cross_account_provider = aws.cross_account_provider
- }
- route53_assume_role_arn = var.route53_assume_role_arn
-
for_each = var.create_acm ? var.acm_certificates : {}
+
# ACM Certificate
certificate_domain_name = each.value.domain_name
certificate_subject_alternative_names = try(each.value.subject_alternative_names, null)
@@ -280,7 +259,8 @@ module "acm" {
# Route53 Record
record_zone_id = try(each.value.record_zone_id, null)
record_allow_overwrite = try(each.value.record_allow_overwrite, null)
- tags = try(each.value.tags, {})
+
+ tags = try(each.value.tags, {})
}
################################################################################
diff --git a/modules/acm/README.md b/modules/acm/README.md
index 781ab9b..2b0bba7 100644
--- a/modules/acm/README.md
+++ b/modules/acm/README.md
@@ -24,14 +24,12 @@ This sub-module creates the Amazon-issued certificate for a given domain with `v
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.6.0 |
-| [aws](#requirement\_aws) | ~> 6.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | ~> 6.0 |
-| [aws.cross\_account\_provider](#provider\_aws.cross\_account\_provider) | ~> 6.0 |
+| [aws](#provider\_aws) | n/a |
## Modules
@@ -43,7 +41,6 @@ No modules.
|------|------|
| [aws_acm_certificate.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate) | resource |
| [aws_acm_certificate_validation.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate_validation) | resource |
-| [aws_route53_record.cross_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
## Inputs
@@ -57,7 +54,6 @@ No modules.
| [certificate\_validation\_option](#input\_certificate\_validation\_option) | (Optional) Configuration block used to specify information about the initial validation of each domain name. | object({
domain_name = string
validation_domain = string
}) | `null` | no |
| [record\_allow\_overwrite](#input\_record\_allow\_overwrite) | (Optional) Allow creation of this record in Terraform to overwrite an existing record, if any. | `bool` | `true` | no |
| [record\_zone\_id](#input\_record\_zone\_id) | (Required) Hosted zone ID for a CloudFront distribution, S3 bucket, ELB, or Route 53 hosted zone. | `string` | n/a | yes |
-| [route53\_assume\_role\_arn](#input\_route53\_assume\_role\_arn) | (Optional) IAM role ARN to assume for Route53 operations | `string` | `null` | no |
| [tags](#input\_tags) | (Optional) Map of tags to assign to the resource. | `map(string)` | `{}` | no |
## Outputs
@@ -67,5 +63,5 @@ No modules.
| [acm\_certificate\_arn](#output\_acm\_certificate\_arn) | ARN of the ACM certificate. |
| [acm\_certificate\_id](#output\_acm\_certificate\_id) | ARN of the ACM certificate. |
| [acm\_certificate\_validation\_id](#output\_acm\_certificate\_validation\_id) | Identifier of the ACM certificate validation resource. |
-| [route53\_record\_id](#output\_route53\_record\_id) | Identifier of the Route53 Record (supports same & cross-account). |
+| [route53\_record\_id](#output\_route53\_record\_id) | Identifier of the Route53 Record for validation of the ACM certificate. |
diff --git a/modules/acm/main.tf b/modules/acm/main.tf
index b108422..0b85d2f 100644
--- a/modules/acm/main.tf
+++ b/modules/acm/main.tf
@@ -38,21 +38,6 @@ resource "aws_acm_certificate" "this" {
################################################################################
resource "aws_route53_record" "this" {
- count = var.route53_assume_role_arn == null ? 1 : 0
-
- zone_id = var.record_zone_id
- name = local.acm_certificate_validation_record.name
- type = local.acm_certificate_validation_record.type
- records = [local.acm_certificate_validation_record.value]
- ttl = 60
- allow_overwrite = var.record_allow_overwrite
-}
-
-resource "aws_route53_record" "cross_account" {
- count = var.route53_assume_role_arn != null ? 1 : 0
- provider = aws.cross_account_provider
-
-
zone_id = var.record_zone_id
name = local.acm_certificate_validation_record.name
type = local.acm_certificate_validation_record.type
@@ -62,11 +47,6 @@ resource "aws_route53_record" "cross_account" {
}
resource "aws_acm_certificate_validation" "this" {
- certificate_arn = aws_acm_certificate.this.arn
-
- validation_record_fqdns = [
- var.route53_assume_role_arn == null ?
- aws_route53_record.this[0].fqdn :
- aws_route53_record.cross_account[0].fqdn
- ]
+ certificate_arn = aws_acm_certificate.this.arn
+ validation_record_fqdns = [aws_route53_record.this.fqdn]
}
diff --git a/modules/acm/outputs.tf b/modules/acm/outputs.tf
index 8ecf7e7..dea1651 100644
--- a/modules/acm/outputs.tf
+++ b/modules/acm/outputs.tf
@@ -17,15 +17,10 @@ output "acm_certificate_arn" {
################################################################################
output "route53_record_id" {
- description = "Identifier of the Route53 Record (supports same & cross-account)."
- value = (
- var.route53_assume_role_arn == null
- ? aws_route53_record.this[0].id
- : aws_route53_record.cross_account[0].id
- )
+ description = "Identifier of the Route53 Record for validation of the ACM certificate."
+ value = aws_route53_record.this.id
}
-
################################################################################
# ACM Certificate Validation
################################################################################
diff --git a/modules/acm/providers.tf b/modules/acm/providers.tf
deleted file mode 100644
index 8688425..0000000
--- a/modules/acm/providers.tf
+++ /dev/null
@@ -1,12 +0,0 @@
-terraform {
- required_providers {
- aws = {
- source = "hashicorp/aws"
- version = "~> 6.0"
- configuration_aliases = [
- aws,
- aws.cross_account_provider
- ]
- }
- }
-}
diff --git a/modules/acm/variables.tf b/modules/acm/variables.tf
index a2666c3..e550a6a 100644
--- a/modules/acm/variables.tf
+++ b/modules/acm/variables.tf
@@ -60,9 +60,3 @@ variable "record_allow_overwrite" {
nullable = false
default = true
}
-
-variable "route53_assume_role_arn" {
- type = string
- default = null
- description = "(Optional) IAM role ARN to assume for Route53 operations"
-}
diff --git a/variables.tf b/variables.tf
index 7e5ee9b..5c18ae6 100644
--- a/variables.tf
+++ b/variables.tf
@@ -199,15 +199,3 @@ variable "acm_certificates" {
nullable = false
default = {}
}
-
-variable "region" {
- description = "(Optional) AWS region to create resources in."
- type = string
- default = null
-}
-
-variable "route53_assume_role_arn" {
- description = "(Optional) ARN of the role to assume for Route53 operations."
- type = string
- default = null
-}
diff --git a/versions.tf b/versions.tf
index bf72ee6..3fc806d 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = "~> 6.0"
+ version = "~> 5.0"
}
}
}