terraform-aws-modules · bryantbiggs · Jun 5, 2025 · Apr 8, 2025 · Jun 5, 2025 · bryantbiggs
diff --git a/README.md b/README.md
@@ -213,6 +213,7 @@ No modules.
 | <a name="input_dns_ttl"></a> [dns\_ttl](#input\_dns\_ttl) | The TTL of DNS recursive resolvers to cache information about this record. | `number` | `60` | no |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | A domain name for which the certificate should be issued | `string` | `""` | no |
 | <a name="input_key_algorithm"></a> [key\_algorithm](#input\_key\_algorithm) | Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data | `string` | `null` | no |
+| <a name="input_private_authority_arn"></a> [private\_authority\_arn](#input\_private\_authority\_arn) | Private Certificate Authority ARN for issuing private certificates | `string` | `null` | no |
 | <a name="input_putin_khuylo"></a> [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |
 | <a name="input_subject_alternative_names"></a> [subject\_alternative\_names](#input\_subject\_alternative\_names) | A list of domains that should be SANs in the issued certificate | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(string)` | `{}` | no |

diff --git a/main.tf b/main.tf
@@ -24,6 +24,8 @@ resource "aws_acm_certificate" "this" {
   validation_method         = var.validation_method
   key_algorithm             = var.key_algorithm
 
+  certificate_authority_arn = var.private_authority_arn
+
   options {
     certificate_transparency_logging_preference = var.certificate_transparency_logging_preference ? "ENABLED" : "DISABLED"
   }

diff --git a/variables.tf b/variables.tf
@@ -123,6 +123,12 @@ variable "key_algorithm" {
   default     = null
 }
 
+variable "private_authority_arn" {
+  description = "Private Certificate Authority ARN for issuing private certificates"
+  type        = string
+  default     = null
+}
+
 variable "putin_khuylo" {
   description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
   type        = bool

diff --git a/wrappers/main.tf b/wrappers/main.tf
@@ -12,6 +12,7 @@ module "wrapper" {
   dns_ttl                                     = try(each.value.dns_ttl, var.defaults.dns_ttl, 60)
   domain_name                                 = try(each.value.domain_name, var.defaults.domain_name, "")
   key_algorithm                               = try(each.value.key_algorithm, var.defaults.key_algorithm, null)
+  private_authority_arn                       = try(each.value.private_authority_arn, var.defaults.private_authority_arn, null)
   putin_khuylo                                = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true)
   subject_alternative_names                   = try(each.value.subject_alternative_names, var.defaults.subject_alternative_names, [])
   tags                                        = try(each.value.tags, var.defaults.tags, {})