-
Notifications
You must be signed in to change notification settings - Fork 0
AWS ACM Certificate
udx-github edited this page May 28, 2026
·
1 revision
Creates or reuses an AWS Certificate Manager certificate for a domain.
Use this module when a Rabbit service needs an ACM certificate for CloudFront or another AWS endpoint, with optional DNS validation records in Route53.
- ACM certificate creation.
- Existing issued or pending certificate lookup to avoid duplicates.
- DNS validation through Route53 when a hosted zone ID is provided.
- Subject alternative names.
- Certificate key algorithm selection.
- Certificate tags.
- AWS credentials with permission to read and manage ACM certificates.
- Route53 permissions when DNS validation records should be created.
- A Route53 hosted zone ID when using DNS validation through this module.
- For CloudFront custom aliases, the certificate must be created in
us-east-1.
-
domainis the primary certificate name. -
subject_alternative_namesis not generated automatically. Add wildcard or alternate names explicitly. -
validation_methoddefaults toDNS. - When
check_existing_certificateistrue, the module first looks for the most recentISSUEDorPENDING_VALIDATIONcertificate fordomain. - If an existing certificate is found, no new certificate or validation records are created.
- DNS validation records are created only when a new certificate is created,
validation_methodisDNS, androute53_zone_idis set.
services:
- name: "AWS ACM Certificate"
module: "aws-acm"
id: "example-com-certificate"
deployment_order: 8
configurations:
domain: "example.com"
subject_alternative_names:
- "*.example.com"
route53_zone_id: "Z0123456789ABCDEFG"
check_existing_certificate: true
tags:
owner: "#{Owner}"
lifecycle: "#{Lifecycle}"| Output | Description |
|---|---|
acm_certificate_arn |
ARN of the existing or newly created certificate. |
acm_certificate_validation_arn |
ARN returned after validation for new certificates, or the existing certificate ARN. |
domain_name |
Primary domain name configured for the certificate. |
certificate_status |
Certificate status. Existing certificates are reported as ISSUED. |
The fields below are public module inputs under configurations.
configurations:
domain: "example.com"
subject_alternative_names:
- "*.example.com"
validation_method: "DNS"
key_algorithm: "RSA_2048"
route53_zone_id: "Z0123456789ABCDEFG"
check_existing_certificate: true
tags: {}| Field | Type | Required | Description |
|---|---|---|---|
domain |
string | Yes | Primary certificate domain name. |
subject_alternative_names |
array[string] | No | Additional certificate names, such as wildcard names. Defaults to an empty list. |
validation_method |
string | No | ACM validation method. Defaults to DNS. |
key_algorithm |
string | No | ACM key algorithm. Defaults to RSA_2048. |
route53_zone_id |
string | Conditional | Hosted zone ID used for DNS validation records. Required when this module should create validation records. |
check_existing_certificate |
boolean | No | Looks for an existing matching certificate before creating a new one. Defaults to true. |
tags |
map[string] | No | Tags merged with module-managed certificate tags. |
- AWS ACM Certificate
- AWS CloudFormation Stack
- AWS CloudFront Distribution
- AWS CloudFront Response Headers Policy
- AWS Route53 DNS
- AWS WAF
- GCP GKE Cluster
- GCP GKE Node Pool
- GCP IAM
- GCP Monitoring
- GCP Networking
- GCP PostgreSQL Instance
- GCP Secret Manager
- GCP SQL Instance
- GCP Static IP
- GCP Storage
- Ghost Inspector Sync
- K8s Access
- K8s ConfigMap
- K8s Deployment
- K8s HPA
- K8s HTTP Gateway Route
- K8s HTTP Health Check Policy
- K8s Memcached
- K8s Namespace
- K8s PDB
- K8s Secret
- K8s Service
- K8s Shared HTTP Gateway
- NewRelic APM Browser
- NewRelic Synthetic Monitors