我正在尝试根据给定的变量创建多个ACM证书。
这是我要使用的缩短的Terraform文件:
variable "prod_hostnames"
type = "list"
default = ["first.com", "second.com"]
}
resource "aws_acm_certificate" "prod-certificate" {
count = "${length(var.prod_hostnames)}"
domain_name = "${var.prod_hostnames[count.index]}"
validation_method = "DNS"
}
resource "aws_route53_record" "prod-certificate-validation" {
count = "${length(var.prod_hostnames)}"
zone_id = "${var.zone_dns}"
ttl = "60"
name = "${element(aws_acm_certificate.prod-certificate.*.domain_validation_options.0.resource_record_name, count.index)}"
type = "${element(aws_acm_certificate.prod-certificate.*.domain_validation_options.0.resource_record_type, count.index)}"
records = ["${element(aws_acm_certificate.prod-certificate.*.domain_validation_options.0.resource_record_value, count.index)}"]
}
在aws_route53_record.prod-certificate-validation
中的查找不起作用,因为似乎无法从domain_validation_options.0.resource_record_name
的列表中获取aws_acm_certificate.prod-certificate
,它失败并显示以下错误消息:
Resource 'aws_acm_certificate.prod-certificate' does not have attribute 'domain_validation_options.0.resource_record_type' for variable 'aws_acm_certificate.prod-certificate.*.domain_validation_options.0.resource_record_type'
有什么办法可以实现我想要达到的目标吗?我想避免定义与我们拥有的主机名一样多的aws_acm_certificate
资源。
[EDIT]如果删除aws_route53_record资源,terraform state list
给出:
module.hashistack.aws_acm_certificate.prod-certificate[0]
module.hashistack.aws_acm_certificate.prod-certificate[1]
和terraform state show 'module.hashistack.aws_acm_certificate.prod-certificate[0]'
给出:
id = arn:aws:acm:eu-central-1:[redacted]
arn = arn:aws:acm:eu-central-1:[redacted]
domain_name = *.first.com
domain_validation_options.# = 1
domain_validation_options.0.domain_name = *.first.com
domain_validation_options.0.resource_record_name = _6f6a73ceb8bbe016a0c522c148e39b3b.first.com.
domain_validation_options.0.resource_record_type = CNAME
domain_validation_options.0.resource_record_value = _d6b3b1c60261a201476820a3517a3ed5.acm-validations.aws.
subject_alternative_names.# = 0
tags.% = 0
validation_emails.# = 0
validation_method = DNS