refactor(modules/acm): remove unnecessary try logic, set default value of key_algorithm to "RSA_2048", and add nullable flags to variables

saumitra-dev · saumitra-dev · commit 875fe165052f · 2024-08-12T15:04:10.000+05:30
Update documentation.
diff --git a/modules/acm/.header.md b/modules/acm/.header.md
@@ -7,6 +7,8 @@ This sub-module creates the Amazon-issued certificate for a given domain with `v
 ### ACM Certificate
 
 - The `validation_method` is set to `DNS` as the recommended method, and can be overridden to use `EMAIL` method if required.
+- The `validation_method` is not marked as nullable, and is a required attribute for Amazon-issued ACM certificates.
+- The `key_algorithm` is set to `RSA_2048` as the default algorithm, and can be overridden to specify a different algorithm if required.
 
 ### Route53 Record
 
diff --git a/modules/acm/main.tf b/modules/acm/main.tf
@@ -13,9 +13,9 @@ locals {
 
 resource "aws_acm_certificate" "this" {
   domain_name               = var.certificate_domain_name
-  subject_alternative_names = try(var.certificate_subject_alternative_names, null)
-  validation_method         = try(var.certificate_validation_method, null)
-  key_algorithm             = try(var.certificate_key_algorithm, null)
+  subject_alternative_names = var.certificate_subject_alternative_names
+  validation_method         = var.certificate_validation_method
+  key_algorithm             = var.certificate_key_algorithm
 
   dynamic "validation_option" {
     for_each = try(var.certificate_validation_option, null) != null ? [1] : []
diff --git a/modules/acm/variables.tf b/modules/acm/variables.tf
@@ -5,24 +5,27 @@
 variable "certificate_domain_name" {
   description = "(Required) Domain name for which the certificate should be issued."
   type        = string
+  nullable    = false
 }
 
 variable "certificate_subject_alternative_names" {
   description = "(Optional) Set of domains that should be SANs in the issued certificate."
   type        = list(string)
+  nullable    = false
   default     = []
 }
 
 variable "certificate_validation_method" {
   description = "(Optional) Which method to use for validation. DNS or EMAIL are valid."
   type        = string
+  nullable    = false
   default     = "DNS"
 }
 
 variable "certificate_key_algorithm" {
   description = "(Optional) Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data."
   type        = string
-  default     = null
+  default     = "RSA_2048"
 }
 
 variable "certificate_validation_option" {
@@ -37,6 +40,7 @@ variable "certificate_validation_option" {
 variable "tags" {
   description = "(Optional) Map of tags to assign to the resource."
   type        = map(string)
+  nullable    = false
   default     = {}
 }
 
@@ -47,10 +51,12 @@ variable "tags" {
 variable "record_zone_id" {
   description = "(Required) Hosted zone ID for a CloudFront distribution, S3 bucket, ELB, or Route 53 hosted zone."
   type        = string
+  nullable    = false
 }
 
 variable "record_allow_overwrite" {
   description = "(Optional) Allow creation of this record in Terraform to overwrite an existing record, if any."
   type        = bool
+  nullable    = false
   default     = true
 }
