abdallah/create-acm-cert.yml

## create-acm-cert.yml
- hosts: localhost
  gather_facts: no
  vars:
    aws_profile: "aws_account_name"
    acm_domain: "example.com"
    acm_extra_domains: "*.example.com"
    acm_idempotency_token: "examplecomtoken"
    dns_zone: "example.com"
  environment:
    AWS_PROFILE: "{{ aws_profile }}"

  tasks:
    - name: request certificate
      command: |
        aws acm request-certificate \
          --domain-name '{{ acm_domain }}' \
          --subject-alternative-names "{{ acm_extra_domains }}"
          --validation-method DNS \
          --idempotency-token {{ acm_idempotency_token }} \
          --options CertificateTransparencyLoggingPreference=DISABLED \
          --query CertificateArn \
          --output text
      register: cert_arn

    - name: get validation options
      command: |
        aws acm describe-certificate \
          --certificate-arn {{ cert_arn.stdout }} \
          --query "Certificate.DomainValidationOptions[].ResourceRecord[]"
      register: validation_options
      retries: 10
      delay: 10
      until: "'CNAME' in validation_options.stdout"

    - name: set dns validation request values
      set_fact:
        dns_validation: "{{ validation_options.stdout | from_json }}"
    - name: update DNS
      route53:
        zone: "{{ dns_zone }}"
        record: "{{ item.Name }}"
        type: CNAME
        value: "{{ item.Value }}"
        state: present
        overwrite: yes
      loop: "{{ dns_validation }}"

    - name: wait for acm validation
      command: aws acm wait certificate-validated --certificate-arn {{ cert_arn.stdout }}
      register: acm_validation
    - name: check certificate status
      command: aws acm describe-certificate --certificate-arn {{ cert_arn.stdout }}
      register: certificate_status
      failed_when: "'\"Status\": \"ISSUED\"' not in certificate_status.stdout"
	- hosts: localhost
	gather_facts: no
	vars:
	aws_profile: "aws_account_name"
	acm_domain: "example.com"
	acm_extra_domains: "*.example.com"
	acm_idempotency_token: "examplecomtoken"
	dns_zone: "example.com"
	environment:
	AWS_PROFILE: "{{ aws_profile }}"

	tasks:
	- name: request certificate
	command: \|
	aws acm request-certificate \
	--domain-name '{{ acm_domain }}' \
	--subject-alternative-names "{{ acm_extra_domains }}"
	--validation-method DNS \
	--idempotency-token {{ acm_idempotency_token }} \
	--options CertificateTransparencyLoggingPreference=DISABLED \
	--query CertificateArn \
	--output text
	register: cert_arn

	- name: get validation options
	command: \|
	aws acm describe-certificate \
	--certificate-arn {{ cert_arn.stdout }} \
	--query "Certificate.DomainValidationOptions[].ResourceRecord[]"
	register: validation_options
	retries: 10
	delay: 10
	until: "'CNAME' in validation_options.stdout"

	- name: set dns validation request values
	set_fact:
	dns_validation: "{{ validation_options.stdout \| from_json }}"
	- name: update DNS
	route53:
	zone: "{{ dns_zone }}"
	record: "{{ item.Name }}"
	type: CNAME
	value: "{{ item.Value }}"
	state: present
	overwrite: yes
	loop: "{{ dns_validation }}"

	- name: wait for acm validation
	command: aws acm wait certificate-validated --certificate-arn {{ cert_arn.stdout }}
	register: acm_validation
	- name: check certificate status
	command: aws acm describe-certificate --certificate-arn {{ cert_arn.stdout }}
	register: certificate_status
	failed_when: "'\"Status\": \"ISSUED\"' not in certificate_status.stdout"