amazon web services - Conditional TLS cert management in terraform -
i'm trying create solution in terraform whereby can create tls certs using lets encrypt or provide own in s3 bucket. problem i'm facing can't seem conditionally run let's encrypt cert generation , upload steps.
how make last 2 steps conditional? thinking wrapping them in null_resource, how how make trigger based on external data?
any tips appreciated! guys.
n
resource "null_resource" "sync_certs" { provisioner "local-exec" { command = "mkdir -p ./tmp/certs" } provisioner "local-exec" { command = "aws s3 sync s3://xxxxxx/${var.root_domain_name}/${var.env_name} ./tmp/certs/ && ls -l ./tmp/certs/" } } resource "tls_private_key" "cert_private_key" { count = "${var.bank_count}" algorithm = "rsa" } resource "acme_registration" "reg" { server_url = "${var.acme_url}" account_key_pem = "${tls_private_key.generated_key.private_key_pem}" email_address = "xxxxx" } resource "acme_certificate" "certificate" { count = "${var.bank_count}" server_url = "${var.acme_url}" account_key_pem = "${tls_private_key.generated_key.private_key_pem}" common_name = "${var.bank_names[count.index]}.${var.env_name}.${var.root_domain_name}" dns_challenge { provider = "route53" } registration_url = "${acme_registration.reg.id}" } resource "local_file" "privkey" { count = "${var.bank_count}" content = "${tls_private_key.generated_key.private_key_pem}" filename = "./tmp/certs/${var.bank_names[count.index]}.privkey.pem" } resource "aws_s3_bucket_object" "tls_private_key_file" { count = "${var.bank_count}" bucket = "xxxx" key = "${var.root_domain_name}/${var.env_name}/${var.bank_names[count.index]}.privkey.pem" source = "./tmp/certs/${var.bank_names[count.index]}.privkey.pem" content_type = "text/plain" depends_on = ["local_file.privkey"] } }
not sure if understanding right, looking this?
define switch on/off variable first enable=true|false.
put count code in resource want control.
count = "${var.enable ? var.bank_count : 0}"
Comments
Post a Comment