-
-
Save creativeux/6d7ba28b01775811ee75ffa35bc6230d to your computer and use it in GitHub Desktop.
Terraform generate and verify certificates for multiple hosted zones.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "aws_acm_certificate" "cert" { | |
count = "${length(var.hosted_zones)}" | |
domain_name = "${lookup(var.hosted_zones[count.index], "domain")}" | |
subject_alternative_names = ["*.${lookup(var.hosted_zones[count.index], "domain")}"] | |
validation_method = "DNS" | |
tags { | |
Project = "${var.project}" | |
Environment = "${var.environment}" | |
} | |
} | |
# NOTE: Need to comment this out for the first pass, not sure why yet. Resource dependency is not clean. | |
# | |
# Error when running without the validation resources commented | |
# * module.acm.aws_route53_record.cert_validation: 1 error(s) occurred: | |
# * module.acm.aws_route53_record.cert_validation: Resource 'aws_acm_certificate.cert' does not have attribute 'domain_validation_options.0.resource_record_value' for variable 'aws_acm_certificate.cert.*.domain_validation_options.0.resource_record_value' | |
# | |
# If I comment and run, it succeeds. Uncomment and re-run, it succeeds. Destroy loses track of resources, though. | |
resource "aws_route53_record" "cert_validation" { | |
count = "${length(var.hosted_zones)}" | |
# This is where the errors are coming from, I think my syntax is breaking the resource dependency. | |
name = "${aws_acm_certificate.cert.*.domain_validation_options.0.resource_record_name[count.index]}" | |
type = "${aws_acm_certificate.cert.*.domain_validation_options.0.resource_record_type[count.index]}" | |
zone_id = "${var.zone_override != "" ? var.zone_override : lookup(var.hosted_zones[count.index], "zone_id")}" | |
records = ["${aws_acm_certificate.cert.*.domain_validation_options.0.resource_record_value[count.index]}"] | |
ttl = 60 | |
} | |
resource "aws_acm_certificate_validation" "cert" { | |
count = "${length(var.hosted_zones)}" | |
certificate_arn = "${aws_acm_certificate.cert.*.arn[count.index]}" | |
validation_record_fqdns = ["${aws_route53_record.cert_validation.*.fqdn[count.index]}"] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Requires bootstrapping hosted zones first using -target=module.hosted_zones then copying and pasting zone IDs into variable. | |
# Would be ideal to retrieve the zone_id from hosted_zones module, but I haven't found a clever way to do it. | |
hosted_zones = [ | |
{ | |
domain = "site1.com" | |
zone_id = "MANUALLY FILL" | |
} | |
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "aws_route53_zone" "zones" { | |
count = "${length(var.hosted_zones)}" | |
name = "${lookup(var.hosted_zones[count.index], "domain")}" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment