Add ability to specify key_algorithm closes #69 (#74)

Signed-off-by: Joke de Buhr <joke@xckk.de>

Author: joke

README.md

@@ -4,13 +4,13 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.40 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.40 |
 
 ## Modules
 
@@ -42,6 +42,7 @@
 | <a name="input_enabled"></a> [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
 | <a name="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for keep the existing setting, which defaults to `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
+| <a name="input_key_algorithm"></a> [key\_algorithm](#input\_key\_algorithm) | Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data | `string` | `null` | no |
 | <a name="input_label_key_case"></a> [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.<br>Does not affect keys of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper`.<br>Default value: `title`. | `string` | `null` | no |
 | <a name="input_label_order"></a> [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |
 | <a name="input_label_value_case"></a> [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,<br>set as tag values, and output by this module individually.<br>Does not affect values of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper` and `none` (no transformation).<br>Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.<br>Default value: `lower`. | `string` | `null` | no |

docs/terraform.md

@@ -1,7 +1,7 @@
 locals {
   enabled                           = module.this.enabled
   process_domain_validation_options = local.enabled && var.process_domain_validation_options && var.validation_method == "DNS"
-  domain_validation_options_set     = local.process_domain_validation_options ? aws_acm_certificate.default.0.domain_validation_options : toset([])
+  domain_validation_options_set     = local.process_domain_validation_options ? aws_acm_certificate.default[0].domain_validation_options : toset([])
   public_enabled                    = var.certificate_authority_arn == null
   private_enabled                   = !local.public_enabled
 
@@ -23,6 +23,7 @@ resource "aws_acm_certificate" "default" {
   validation_method         = local.public_enabled ? var.validation_method : null
   subject_alternative_names = var.subject_alternative_names
   certificate_authority_arn = var.certificate_authority_arn
+  key_algorithm             = var.key_algorithm
 
   options {
     certificate_transparency_logging_preference = var.certificate_transparency_logging_preference ? "ENABLED" : "DISABLED"
@@ -60,6 +61,6 @@ resource "aws_route53_record" "default" {
 
 resource "aws_acm_certificate_validation" "default" {
   count                   = local.process_domain_validation_options && var.wait_for_certificate_issued ? 1 : 0
-  certificate_arn         = join("", aws_acm_certificate.default.*.arn)
+  certificate_arn         = join("", aws_acm_certificate.default[*].arn)
   validation_record_fqdns = [for record in aws_route53_record.default : record.fqdn]
 }

main.tf

@@ -1,25 +1,24 @@
 output "id" {
-  value       = join("", aws_acm_certificate.default.*.id)
+  value       = join("", aws_acm_certificate.default[*].id)
   description = "The ID of the certificate"
 }
 
 output "arn" {
-  value       = join("", aws_acm_certificate.default.*.arn)
+  value       = join("", aws_acm_certificate.default[*].arn)
   description = "The ARN of the certificate"
 }
 
 output "domain_validation_options" {
-  value       = aws_acm_certificate.default.*.domain_validation_options
+  value       = aws_acm_certificate.default[*].domain_validation_options
   description = "CNAME records that are added to the DNS zone to complete certificate validation"
 }
 
 output "validation_id" {
-  value       = join("", aws_acm_certificate_validation.default.*.id)
+  value       = join("", aws_acm_certificate_validation.default[*].id)
   description = "The ID of the certificate validation"
 }
 
 output "validation_certificate_arn" {
-  value       = join("", aws_acm_certificate_validation.default.*.certificate_arn)
+  value       = join("", aws_acm_certificate_validation.default[*].certificate_arn)
   description = "Certificate ARN from the `aws_acm_certificate_validation` resource"
 }
-

outputs.tf

@@ -66,3 +66,9 @@ variable "certificate_authority_arn" {
   default     = null
   description = "ARN of an ACM PCA"
 }
+
+variable "key_algorithm" {
+  type        = string
+  default     = null
+  description = "Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data"
+}

variables.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.0"
+      version = ">= 4.40"
     }
   }
 }