diff --git a/README.md b/README.md
index 5db1f76..6bc9157 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,8 @@
Terraform module which creates ACM certificates and validates them using Route53 DNS (recommended) or e-mail.
+[![SWUbanner](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner2-direct.svg)](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md)
+
## Usage with Route53 DNS validation (recommended)
```hcl
@@ -149,6 +151,7 @@ No modules.
| [create\_route53\_records](#input\_create\_route53\_records) | When validation is set to DNS, define whether to create the DNS records internally via Route53 or externally using any DNS provider | `bool` | `true` | no |
| [dns\_ttl](#input\_dns\_ttl) | The TTL of DNS recursive resolvers to cache information about this record. | `number` | `60` | no |
| [domain\_name](#input\_domain\_name) | A domain name for which the certificate should be issued | `string` | `""` | no |
+| [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |
| [subject\_alternative\_names](#input\_subject\_alternative\_names) | A list of domains that should be SANs in the issued certificate | `list(string)` | `[]` | no |
| [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(string)` | `{}` | no |
| [validate\_certificate](#input\_validate\_certificate) | Whether to validate certificate by creating Route53 record | `bool` | `true` | no |
@@ -177,3 +180,10 @@ Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with he
## License
Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-acm/tree/master/LICENSE) for full details.
+
+## Additional terms of use for users from Russia and Belarus
+
+By using the code provided in this repository you agree with the following:
+* Russia has [illegally annexed Crimea in 2014](https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Russian_Federation) and [brought the war in Donbas](https://en.wikipedia.org/wiki/War_in_Donbas) followed by [full-scale invasion of Ukraine in 2022](https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine).
+* Russia has brought sorrow and devastations to millions of Ukrainians, killed hundreds of innocent people, damaged thousands of buildings, and forced several million people to flee.
+* [Putin khuylo!](https://en.wikipedia.org/wiki/Putin_khuylo!)
diff --git a/main.tf b/main.tf
index 3cf045b..723854d 100644
--- a/main.tf
+++ b/main.tf
@@ -1,4 +1,6 @@
locals {
+ create_certificate = var.create_certificate && var.putin_khuylo
+
# Get distinct list of domains and SANs
distinct_domain_names = distinct(
[for s in concat([var.domain_name], var.subject_alternative_names) : replace(s, "*.", "")]
@@ -6,7 +8,7 @@ locals {
# Get the list of distinct domain_validation_options, with wildcard
# domain names replaced by the domain name
- validation_domains = var.create_certificate ? distinct(
+ validation_domains = local.create_certificate ? distinct(
[for k, v in aws_acm_certificate.this[0].domain_validation_options : merge(
tomap(v), { domain_name = replace(v.domain_name, "*.", "") }
)]
@@ -14,7 +16,7 @@ locals {
}
resource "aws_acm_certificate" "this" {
- count = var.create_certificate ? 1 : 0
+ count = local.create_certificate ? 1 : 0
domain_name = var.domain_name
subject_alternative_names = var.subject_alternative_names
@@ -32,7 +34,7 @@ resource "aws_acm_certificate" "this" {
}
resource "aws_route53_record" "validation" {
- count = var.create_certificate && var.validation_method == "DNS" && var.create_route53_records && var.validate_certificate ? length(local.distinct_domain_names) : 0
+ count = local.create_certificate && var.validation_method == "DNS" && var.create_route53_records && var.validate_certificate ? length(local.distinct_domain_names) : 0
zone_id = var.zone_id
name = element(local.validation_domains, count.index)["resource_record_name"]
@@ -49,7 +51,7 @@ resource "aws_route53_record" "validation" {
}
resource "aws_acm_certificate_validation" "this" {
- count = var.create_certificate && var.validation_method == "DNS" && var.validate_certificate && var.wait_for_validation ? 1 : 0
+ count = local.create_certificate && var.validation_method == "DNS" && var.validate_certificate && var.wait_for_validation ? 1 : 0
certificate_arn = aws_acm_certificate.this[0].arn
diff --git a/variables.tf b/variables.tf
index 42c149a..92a10b0 100644
--- a/variables.tf
+++ b/variables.tf
@@ -80,3 +80,9 @@ variable "dns_ttl" {
type = number
default = 60
}
+
+variable "putin_khuylo" {
+ description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
+ type = bool
+ default = true
+}