Skip to content

Instantly share code, notes, and snippets.

@jafow jafow/main.tf
Last active Nov 1, 2019

Embed
What would you like to do?
terraform acm cert with dns validation cross account
# -- provider for dev profile
provider "aws" {
max_retries = "5"
profile = "dev"
region = "us-west-2"
assume_role {
role_arn = "arn:aws:iam::123456789:role/DevRole"
}
}
# --- domains profile
provider "aws" {
max_retries = "5"
alias = "route53"
region = "us-west-2"
profile = "domains"
assume_role {
role_arn = "arn:aws:iam::112233445556:role/DomainsRole"
}
}
# -- DNS -- dev account
resource "aws_route53_zone" "zone" {
name = "${var.hosted_zone_name}"
// provider = "aws.dev"
private_zone = false
}
# -- DNS -- domains acct
resource "aws_route53_zone" "zone_alt" {
# alias to the "domains" account profile
provider = "aws.route53"
name = "example.com"
}
# ---- CERTS -----
resource "aws_acm_certificate" "default" {
# registered in "dev" account
domain_name = "dev.example.com"
validation_method = "DNS"
# registered in "domains" account
subject_alternative_names = "example.com"
lifecycle {
create_before_destroy = true
}
}
resource "aws_route53_record" "cert_validation" {
name = "${aws_acm_certificate.default.domain_validation_options.0.resource_record_name}"
type = "${aws_acm_certificate.default.domain_validation_options.0.resource_record_type}"
zone_id = "${data.aws_route53_zone.zone.id}"
records = ["${aws_acm_certificate.default.domain_validation_options.0.resource_record_value}"]
ttl = 60
}
resource "aws_route53_record" "cert_validation_alt1" {
name = "${aws_acm_certificate.default.domain_validation_options.1.resource_record_name}"
type = "${aws_acm_certificate.default.domain_validation_options.1.resource_record_type}"
zone_id = "${aws_route53_zone.zone_alt.zone_id}"
records = ["${aws_acm_certificate.default.domain_validation_options.1.resource_record_value}"]
ttl = 60
}
resource "aws_acm_certificate_validation" "cert" {
certificate_arn = "${aws_acm_certificate.default.arn}"
validation_record_fqdns = [
"${aws_route53_record.cert_validation.fqdn}",
"${aws_route53_record.cert_validation_alt1.fqdn}",
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.