From 0ee86fd4cc63a1d7445b4dd3c519bb424d5284a9 Mon Sep 17 00:00:00 2001
From: magreenbaum <melissaafgreenbaum@gmail.com>
Date: Sat, 19 Jul 2025 00:44:41 -0400
Subject: [PATCH] exportable public certificate

---
 README.md                                            |  8 +++++---
 .../README.md                                        |  4 ++--
 .../versions.tf                                      |  4 ++--
 examples/complete-dns-validation/README.md           |  6 +++---
 examples/complete-dns-validation/versions.tf         |  4 ++--
 .../README.md                                        |  6 +++---
 .../versions.tf                                      |  4 ++--
 examples/complete-email-validation/README.md         |  6 +++---
 examples/complete-email-validation/versions.tf       |  4 ++--
 main.tf                                              |  4 ++++
 variables.tf                                         | 12 ++++++++++++
 versions.tf                                          |  4 ++--
 wrappers/main.tf                                     |  2 ++
 wrappers/versions.tf                                 |  4 ++--
 14 files changed, 46 insertions(+), 26 deletions(-)

diff --git a/README.md b/README.md
index ae35cd3..54120e2 100644
--- a/README.md
+++ b/README.md
@@ -179,14 +179,14 @@ module "acm" {
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.40 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.4 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.40 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.4 |
 
 ## Modules
 
@@ -212,8 +212,10 @@ No modules.
 | <a name="input_distinct_domain_names"></a> [distinct\_domain\_names](#input\_distinct\_domain\_names) | List of distinct domains and SANs (used when create\_route53\_records\_only is set to true) | `list(string)` | `[]` | no |
 | <a name="input_dns_ttl"></a> [dns\_ttl](#input\_dns\_ttl) | The TTL of DNS recursive resolvers to cache information about this record. | `number` | `60` | no |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | A domain name for which the certificate should be issued | `string` | `""` | no |
+| <a name="input_export"></a> [export](#input\_export) | Whether the certificate can be exported. Valid values are ENABLED or DISABLED (default). Note Issuing an exportable certificate is subject to additional charges | `string` | `null` | no |
 | <a name="input_key_algorithm"></a> [key\_algorithm](#input\_key\_algorithm) | Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data | `string` | `null` | no |
 | <a name="input_putin_khuylo"></a> [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |
+| <a name="input_region"></a> [region](#input\_region) | Region where this resource will be managed. Defaults to the Region set in the provider configuration | `string` | `null` | no |
 | <a name="input_subject_alternative_names"></a> [subject\_alternative\_names](#input\_subject\_alternative\_names) | A list of domains that should be SANs in the issued certificate | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(string)` | `{}` | no |
 | <a name="input_validate_certificate"></a> [validate\_certificate](#input\_validate\_certificate) | Whether to validate certificate by creating Route53 record | `bool` | `true` | no |
diff --git a/examples/complete-dns-validation-with-cloudflare/README.md b/examples/complete-dns-validation-with-cloudflare/README.md
index 69179c1..1ac3cbb 100644
--- a/examples/complete-dns-validation-with-cloudflare/README.md
+++ b/examples/complete-dns-validation-with-cloudflare/README.md
@@ -23,8 +23,8 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.40 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.4 |
 | <a name="requirement_cloudflare"></a> [cloudflare](#requirement\_cloudflare) | >= 3.4, <=3.32 |
 
 ## Providers
diff --git a/examples/complete-dns-validation-with-cloudflare/versions.tf b/examples/complete-dns-validation-with-cloudflare/versions.tf
index 3177d7c..1afbd93 100644
--- a/examples/complete-dns-validation-with-cloudflare/versions.tf
+++ b/examples/complete-dns-validation-with-cloudflare/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.5.7"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.40"
+      version = ">= 6.4"
     }
     # Terraform v1.0.0 only functional with cloudflare versions less than or equal to 3.33.0
     # https://github.com/cloudflare/terraform-provider-cloudflare/issues/2340
diff --git a/examples/complete-dns-validation/README.md b/examples/complete-dns-validation/README.md
index 7d50798..603840d 100644
--- a/examples/complete-dns-validation/README.md
+++ b/examples/complete-dns-validation/README.md
@@ -23,14 +23,14 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.40 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.4 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.40 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.4 |
 
 ## Modules
 
diff --git a/examples/complete-dns-validation/versions.tf b/examples/complete-dns-validation/versions.tf
index fa875db..497e3e6 100644
--- a/examples/complete-dns-validation/versions.tf
+++ b/examples/complete-dns-validation/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.5.7"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.40"
+      version = ">= 6.4"
     }
   }
 }
diff --git a/examples/complete-email-validation-with-validation-domain/README.md b/examples/complete-email-validation-with-validation-domain/README.md
index 18721d4..db4abeb 100644
--- a/examples/complete-email-validation-with-validation-domain/README.md
+++ b/examples/complete-email-validation-with-validation-domain/README.md
@@ -32,14 +32,14 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.40 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.4 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.40 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.4 |
 
 ## Modules
 
diff --git a/examples/complete-email-validation-with-validation-domain/versions.tf b/examples/complete-email-validation-with-validation-domain/versions.tf
index fa875db..497e3e6 100644
--- a/examples/complete-email-validation-with-validation-domain/versions.tf
+++ b/examples/complete-email-validation-with-validation-domain/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.5.7"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.40"
+      version = ">= 6.4"
     }
   }
 }
diff --git a/examples/complete-email-validation/README.md b/examples/complete-email-validation/README.md
index 1371217..05245eb 100644
--- a/examples/complete-email-validation/README.md
+++ b/examples/complete-email-validation/README.md
@@ -36,14 +36,14 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.40 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.4 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.40 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.4 |
 
 ## Modules
 
diff --git a/examples/complete-email-validation/versions.tf b/examples/complete-email-validation/versions.tf
index fa875db..497e3e6 100644
--- a/examples/complete-email-validation/versions.tf
+++ b/examples/complete-email-validation/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.5.7"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.40"
+      version = ">= 6.4"
     }
   }
 }
diff --git a/main.tf b/main.tf
index 9c044fc..a1510ca 100644
--- a/main.tf
+++ b/main.tf
@@ -23,9 +23,11 @@ resource "aws_acm_certificate" "this" {
   subject_alternative_names = var.subject_alternative_names
   validation_method         = var.validation_method
   key_algorithm             = var.key_algorithm
+  region                    = var.region
 
   options {
     certificate_transparency_logging_preference = var.certificate_transparency_logging_preference ? "ENABLED" : "DISABLED"
+    export                                      = var.export
   }
 
   dynamic "validation_option" {
@@ -68,6 +70,8 @@ resource "aws_acm_certificate_validation" "this" {
 
   validation_record_fqdns = flatten([aws_route53_record.validation[*].fqdn, var.validation_record_fqdns])
 
+  region = var.region
+
   timeouts {
     create = var.validation_timeout
   }
diff --git a/variables.tf b/variables.tf
index 6c0e56d..baf908c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -123,6 +123,18 @@ variable "key_algorithm" {
   default     = null
 }
 
+variable "export" {
+  description = "Whether the certificate can be exported. Valid values are ENABLED or DISABLED (default). Note Issuing an exportable certificate is subject to additional charges"
+  type        = string
+  default     = null
+}
+
+variable "region" {
+  description = "Region where this resource will be managed. Defaults to the Region set in the provider configuration"
+  type        = string
+  default     = null
+}
+
 variable "putin_khuylo" {
   description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
   type        = bool
diff --git a/versions.tf b/versions.tf
index fa875db..497e3e6 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.5.7"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.40"
+      version = ">= 6.4"
     }
   }
 }
diff --git a/wrappers/main.tf b/wrappers/main.tf
index 688abb0..b183cbb 100644
--- a/wrappers/main.tf
+++ b/wrappers/main.tf
@@ -11,8 +11,10 @@ module "wrapper" {
   distinct_domain_names                       = try(each.value.distinct_domain_names, var.defaults.distinct_domain_names, [])
   dns_ttl                                     = try(each.value.dns_ttl, var.defaults.dns_ttl, 60)
   domain_name                                 = try(each.value.domain_name, var.defaults.domain_name, "")
+  export                                      = try(each.value.export, var.defaults.export, null)
   key_algorithm                               = try(each.value.key_algorithm, var.defaults.key_algorithm, null)
   putin_khuylo                                = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true)
+  region                                      = try(each.value.region, var.defaults.region, null)
   subject_alternative_names                   = try(each.value.subject_alternative_names, var.defaults.subject_alternative_names, [])
   tags                                        = try(each.value.tags, var.defaults.tags, {})
   validate_certificate                        = try(each.value.validate_certificate, var.defaults.validate_certificate, true)
diff --git a/wrappers/versions.tf b/wrappers/versions.tf
index fa875db..497e3e6 100644
--- a/wrappers/versions.tf
+++ b/wrappers/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.5.7"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.40"
+      version = ">= 6.4"
     }
   }
 }