feat : Given provision for acm module such it can have hostedzone in same account or different account.

rahul-infra · rahul-infra · commit e554cae46765 · 2025-11-19T11:53:18.000+05:30
diff --git a/main.tf b/main.tf
@@ -243,10 +243,33 @@ resource "aws_ecs_task_definition" "this" {
 ################################################################################
 # Amazon Certificates Manager Sub-module
 ################################################################################
+provider "aws" {
+  region = var.region
+}
+
+# Cross-account provider for Route53
+provider "aws" {
+  alias  = "dns"
+  region = var.region
+
+  dynamic "assume_role" {
+    for_each = var.route53_assume_role_arn != null ? [1] : []
+    content {
+      role_arn = var.route53_assume_role_arn
+    }
+  }
+}
 
 module "acm" {
   source = "./modules/acm"
 
+  providers = {
+    aws      = aws
+    aws.dns  = aws.dns
+  }
+  route53_assume_role_arn = var.route53_assume_role_arn
+  region                 = var.region
+
   for_each = var.create_acm ? var.acm_certificates : {}
 
   # ACM Certificate
diff --git a/modules/acm/main.tf b/modules/acm/main.tf
@@ -7,6 +7,17 @@ locals {
   }
 }
 
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+      configuration_aliases = [aws.dns]
+    }
+  }
+}
+
+
+
 ################################################################################
 # ACM Certificate
 ################################################################################
@@ -37,7 +48,22 @@ resource "aws_acm_certificate" "this" {
 # ACM Validation
 ################################################################################
 
-resource "aws_route53_record" "this" {
+resource "aws_route53_record" "same_account" {
+  count = var.route53_assume_role_arn == null ? 1 : 0
+
+  zone_id         = var.record_zone_id
+  name            = local.acm_certificate_validation_record.name
+  type            = local.acm_certificate_validation_record.type
+  records         = [local.acm_certificate_validation_record.value]
+  ttl             = 60
+  allow_overwrite = var.record_allow_overwrite
+}
+
+resource "aws_route53_record" "cross_account" {
+  count    = var.route53_assume_role_arn != null ? 1 : 0
+  provider = aws.dns
+
+
   zone_id         = var.record_zone_id
   name            = local.acm_certificate_validation_record.name
   type            = local.acm_certificate_validation_record.type
@@ -47,6 +73,11 @@ resource "aws_route53_record" "this" {
 }
 
 resource "aws_acm_certificate_validation" "this" {
-  certificate_arn         = aws_acm_certificate.this.arn
-  validation_record_fqdns = [aws_route53_record.this.fqdn]
+  certificate_arn = aws_acm_certificate.this.arn
+
+  validation_record_fqdns = [
+    var.route53_assume_role_arn == null ?
+    aws_route53_record.same_account[0].fqdn :
+    aws_route53_record.cross_account[0].fqdn
+  ]
 }
diff --git a/modules/acm/outputs.tf b/modules/acm/outputs.tf
@@ -17,10 +17,15 @@ output "acm_certificate_arn" {
 ################################################################################
 
 output "route53_record_id" {
-  description = "Identifier of the Route53 Record for validation of the ACM certificate."
-  value       = aws_route53_record.this.id
+  description = "Identifier of the Route53 Record (supports same & cross-account)."
+  value = (
+    var.route53_assume_role_arn == null
+    ? aws_route53_record.same_account[0].id
+    : aws_route53_record.cross_account[0].id
+  )
 }
 
+
 ################################################################################
 # ACM Certificate Validation
 ################################################################################
diff --git a/modules/acm/variables.tf b/modules/acm/variables.tf
@@ -60,3 +60,15 @@ variable "record_allow_overwrite" {
   nullable    = false
   default     = true
 }
+
+variable "region" {
+  type        = string
+  default     = null
+  description = "(Optional) Region to create ACM certificate in"
+}
+
+variable "route53_assume_role_arn" {
+  type        = string
+  default     = null
+  description = "(Optional) IAM role ARN to assume for Route53 operations"
+}
diff --git a/variables.tf b/variables.tf
@@ -199,3 +199,16 @@ variable "acm_certificates" {
   nullable = false
   default  = {}
 }
+
+variable "region" {
+  description = "(Optional) AWS region to create resources in."
+  type        = string
+  default     = null
+}
+
+variable "route53_assume_role_arn" {
+  description = "(Optional) ARN of the role to assume for Route53 operations."
+  type        = string
+  default     = null
+}
+  
