Supporting addtional SSL certificates

Author: jnonino

main.tf

@@ -181,9 +181,27 @@ resource "aws_lb_listener" "lb_https_listeners" {
   }
 }
 
-# TODO - Think a way to add multiple additional certificates to multiple listeners.
-# resource "aws_lb_listener_certificate" "additional_certificates_for_https_listeners" {
-#   for_each        = toset(var.additional_certificates_arn_for_https_listeners)
-#   listener_arn    = aws_lb_listener.lb_https_listeners.arn
-#   certificate_arn = each.key
-# }
+locals {
+  list_maps_listener_certificate_arns = flatten([
+    for cert_arn in var.additional_certificates_arn_for_https_listeners : [
+      for listener in aws_lb_listener.lb_https_listeners : {
+        name            = "${listener}-${cert_arn}"
+        listener_arn    = listener.arn
+        certificate_arn = cert_arn
+      }
+    ]
+  ])
+
+  map_listener_certificate_arns = {
+    for obj in local.list_maps_listener_certificate_arns : obj.name => {
+      listener_arn    = obj.listener_arn,
+      certificate_arn = obj.certificate_arn
+    }
+  }
+}
+
+resource "aws_lb_listener_certificate" "additional_certificates_for_https_listeners" {
+  for_each        = local.map_listener_certificate_arns
+  listener_arn    = each.value.listener_arn
+  certificate_arn = each.value.certificate_arn
+}

variables.tf

@@ -211,8 +211,8 @@ variable "default_certificate_arn" {
   default     = null
 }
 
-# variable "additional_certificates_arn_for_https_listeners" {
-#   description = "(Optional) List of SSL server certificate ARNs for HTTPS listener. Use it if you need to set additional certificates besides default_certificate_arn"
-#   type        = list
-#   default     = []
-# }
+variable "additional_certificates_arn_for_https_listeners" {
+  description = "(Optional) List of SSL server certificate ARNs for HTTPS listener. Use it if you need to set additional certificates besides default_certificate_arn"
+  type        = list
+  default     = []
+}