terraform-aws-modules/acm/aws でTLS証明書を取得する

terraform-aws-modules/acm/aws を使うとACMの証明書を簡単に取得できます．コンソール作業が一切必要ないのがうれしい．

例えば，ドメイン foo.example.com のRoute53 Hosted Zoneが存在する前提で *.foo.example.com のTLS証明書を取得するには，以下のコードを追加します．

module "acm" {
  source = "terraform-aws-modules/acm/aws"

  domain_name = "*.foo.example.com"
  zone_id     = data.aws_route53_zone.service.zone_id
}

data "aws_route53_zone" "service" {
  name = "foo.example.com"
}

Terraformを実行すると以下のリソースが作成されます．

  # module.acm.aws_acm_certificate.this[0] will be created
  + resource "aws_acm_certificate" "this" {
      + arn                       = (known after apply)
      + domain_name               = "*.foo.example.com"
      + domain_validation_options = (known after apply)
      + id                        = (known after apply)
      + subject_alternative_names = []
      + validation_emails         = (known after apply)
      + validation_method         = "DNS"
    }

  # module.acm.aws_acm_certificate_validation.this[0] will be created
  + resource "aws_acm_certificate_validation" "this" {
      + certificate_arn         = (known after apply)
      + id                      = (known after apply)
      + validation_record_fqdns = (known after apply)
    }

  # module.acm.aws_route53_record.validation[0] will be created
  + resource "aws_route53_record" "validation" {
      + allow_overwrite = true
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 60
      + type            = (known after apply)
      + zone_id         = "YOUR_ZONE_ID"
    }

...

module.acm.aws_acm_certificate.this[0]: Creation complete after 7s [id=arn:aws:acm:us-east-1:ID:certificate/ID]
module.acm.aws_route53_record.validation[0]: Creating...
module.acm.aws_route53_record.validation[0]: Still creating... [10s elapsed]
module.acm.aws_route53_record.validation[0]: Still creating... [20s elapsed]
module.acm.aws_route53_record.validation[0]: Still creating... [30s elapsed]
module.acm.aws_route53_record.validation[0]: Creation complete after 38s [id=ZONE_ID.foo.example.com._CNAME]
module.acm.aws_acm_certificate_validation.this[0]: Creating...
module.acm.aws_acm_certificate_validation.this[0]: Still creating... [10s elapsed]
module.acm.aws_acm_certificate_validation.this[0]: Still creating... [20s elapsed]
module.acm.aws_acm_certificate_validation.this[0]: Still creating... [30s elapsed]
module.acm.aws_acm_certificate_validation.this[0]: Still creating... [40s elapsed]
module.acm.aws_acm_certificate_validation.this[0]: Still creating... [50s elapsed]
module.acm.aws_acm_certificate_validation.this[0]: Still creating... [1m0s elapsed]
module.acm.aws_acm_certificate_validation.this[0]: Creation complete after 1m10s [id=2019-09-19 02:12:32 +0000 UTC]

モジュールの詳細は terraform-aws-modules/acm/aws を参照してください．