Fixing certificates module

LeoDiazL · LeoDiazL · commit a5c332315d23 · 2025-12-12T13:54:44.000-03:00
diff --git a/operations/deployment/terraform/aws/bitovi_main.tf b/operations/deployment/terraform/aws/bitovi_main.tf
@@ -161,7 +161,7 @@ module "aws_lb" {
   aws_resource_identifier            = var.aws_resource_identifier
   aws_resource_identifier_supershort = var.aws_resource_identifier_supershort
   # Module dependencies
-  #depends_on = [module.vpc, module.ec2, module.aws_certificates]
+  depends_on = [module.aws_certificates]
 
   providers = {
     aws = aws.lb
diff --git a/operations/deployment/terraform/modules/aws/certificates/aws_certificates.tf b/operations/deployment/terraform/modules/aws/certificates/aws_certificates.tf
@@ -6,8 +6,7 @@ data "aws_route53_zone" "selected" {
 }
 
 data "aws_acm_certificate" "issued" {
-  #count  = local.is_enabled_and_valid ? (!var.aws_r53_create_root_cert ? (!var.aws_r53_create_sub_cert ? (var.fqdn_provided ? 1 : 0) : 0) : 0) :0
-  for_each = (!var.aws_r53_create_root_cert && !var.aws_r53_create_sub_cert && local.is_enabled_and_valid) ? {
+  for_each = (!var.aws_r53_create_root_cert && !var.aws_r53_create_sub_cert && var.aws_r53_domain_name != "") ? {
     "domain"   = var.aws_r53_domain_name,
     "wildcard" = "*.${var.aws_r53_domain_name}",
     "sub"      = "${var.aws_r53_sub_domain_name}.${var.aws_r53_domain_name}"
@@ -18,7 +17,7 @@ data "aws_acm_certificate" "issued" {
 
 # This block will create and validate the root domain and www cert
 resource "aws_acm_certificate" "root_domain" {
-  count                     = local.is_enabled_and_valid ? (var.aws_r53_create_root_cert ? (var.aws_r53_domain_name != "" ? 1 : 0) : 0) : 0
+  count                     = var.aws_r53_domain_name != "" && var.aws_r53_create_root_cert ? 1 : 0
   domain_name               = var.aws_r53_domain_name
   subject_alternative_names = ["*.${var.aws_r53_domain_name}", "${var.aws_r53_domain_name}"]
   validation_method         = "DNS"
@@ -28,7 +27,7 @@ resource "aws_acm_certificate" "root_domain" {
 }
 
 resource "aws_route53_record" "root_domain" {
-  count           = local.is_enabled_and_valid ? (var.aws_r53_create_root_cert ? (var.aws_r53_domain_name != "" ? 1 : 0) : 0) : 0
+  count           = var.aws_r53_domain_name != "" && var.aws_r53_create_root_cert ? 1 : 0
   allow_overwrite = true
   name            = tolist(aws_acm_certificate.root_domain[0].domain_validation_options)[0].resource_record_name
   records         = [tolist(aws_acm_certificate.root_domain[0].domain_validation_options)[0].resource_record_value]
@@ -38,15 +37,15 @@ resource "aws_route53_record" "root_domain" {
 }
 
 resource "aws_acm_certificate_validation" "root_domain" {
-  count                   = local.is_enabled_and_valid ? (var.aws_r53_create_root_cert ? (var.aws_r53_domain_name != "" ? 1 : 0) : 0) : 0
+  count                   = var.aws_r53_domain_name != "" && var.aws_r53_create_root_cert ? 1 : 0
   certificate_arn         = aws_acm_certificate.root_domain[0].arn
   validation_record_fqdns = [for record in aws_route53_record.root_domain : record.fqdn]
 }
 
 
 # This block will create and validate the sub domain cert ONLY
 resource "aws_acm_certificate" "sub_domain" {
-  count             = local.is_enabled_and_valid ? (var.aws_r53_create_sub_cert ? (var.aws_r53_domain_name != "" ? (var.aws_r53_sub_domain_name != "" ? (var.aws_r53_create_root_cert ? 0 : 1) : 0) : 0) : 0) : 0
+  count             = var.aws_r53_create_sub_cert && !var.aws_r53_create_root_cert && var.aws_r53_domain_name != "" && var.aws_r53_sub_domain_name != "" ? 1 : 0
   domain_name       = "${var.aws_r53_sub_domain_name}.${var.aws_r53_domain_name}"
   validation_method = "DNS"
   lifecycle {
@@ -55,7 +54,7 @@ resource "aws_acm_certificate" "sub_domain" {
 }
 
 resource "aws_route53_record" "sub_domain" {
-  count           = local.is_enabled_and_valid ? (var.aws_r53_create_sub_cert ? (var.aws_r53_domain_name != "" ? (var.aws_r53_sub_domain_name != "" ? (var.aws_r53_create_root_cert ? 0 : 1) : 0) : 0) : 0) : 0
+  count            = var.aws_r53_create_sub_cert && !var.aws_r53_create_root_cert && var.aws_r53_domain_name != "" && var.aws_r53_sub_domain_name != "" ? 1 : 0
   allow_overwrite = true
   name            = tolist(aws_acm_certificate.sub_domain[0].domain_validation_options)[0].resource_record_name
   records         = [tolist(aws_acm_certificate.sub_domain[0].domain_validation_options)[0].resource_record_value]
@@ -65,36 +64,21 @@ resource "aws_route53_record" "sub_domain" {
 }
 
 resource "aws_acm_certificate_validation" "sub_domain" {
-  count                   = local.is_enabled_and_valid ? (var.aws_r53_create_sub_cert ? (var.aws_r53_domain_name != "" ? (var.aws_r53_create_root_cert ? 0 : 1) : 0) : 0) : 0
+  count                   = var.aws_r53_create_sub_cert && !var.aws_r53_create_root_cert && var.aws_r53_domain_name != "" && var.aws_r53_sub_domain_name != "" ? 1 : 0
   certificate_arn         = aws_acm_certificate.sub_domain[0].arn
   validation_record_fqdns = [for record in aws_route53_record.sub_domain : record.fqdn]
 }
 
 locals {
-  is_enabled_and_valid = var.aws_r53_domain_name != "" ? true : false
+  acm_arn = try(data.aws_acm_certificate.issued["domain"].arn, try(data.aws_acm_certificate.issued["wildcard"].arn, data.aws_acm_certificate.issued["sub"].arn, ""))
+
   selected_arn = (
-    local.is_enabled_and_valid ?
-    (var.aws_r53_cert_arn != "" ? var.aws_r53_cert_arn :
-      (!var.aws_r53_create_root_cert ?
-        (!var.aws_r53_create_sub_cert ?
-          (var.fqdn_provided ? local.acm_arn : "")
-          : aws_acm_certificate.sub_domain[0].arn
-        ) : aws_acm_certificate.root_domain[0].arn
-      )
-    ) : ""
+    var.aws_r53_cert_arn       != "" ? var.aws_r53_cert_arn :
+    var.aws_r53_create_root_cert ? aws_acm_certificate.root_domain[0].arn :
+    var.aws_r53_create_sub_cert  ? aws_acm_certificate.sub_domain[0].arn :
+    var.fqdn_provided            ? local.acm_arn :
+    ""
   )
-  cert_available = (
-    local.is_enabled_and_valid ?
-    (var.aws_r53_cert_arn != "" ? true :
-      (!var.aws_r53_create_root_cert ?
-        (!var.aws_r53_create_sub_cert ?
-          (var.fqdn_provided ? true : false)
-          : true
-        ) : true
-      )
-    ) : false
-  )
-  acm_arn = try(data.aws_acm_certificate.issued["domain"].arn, try(data.aws_acm_certificate.issued["wildcard"].arn, data.aws_acm_certificate.issued["sub"].arn, ""))
 }
 
 output "selected_arn" {
