依靠aws_acm_certificate_validation

时间:2018-08-29 14:05:25

标签: terraform

我正在尝试根据给定的变量创建多个ACM证书。

这是我要使用的缩短的Terraform文件:

variable "prod_hostnames"
    type = "list"
    default = ["first.com", "second.com"]
}

resource "aws_acm_certificate" "prod-certificate" {
  count = "${length(var.prod_hostnames)}"

  domain_name = "${var.prod_hostnames[count.index]}"
  validation_method = "DNS"
}

resource "aws_route53_record" "prod-certificate-validation" {
  count   = "${length(var.prod_hostnames)}"
  zone_id = "${var.zone_dns}"

  ttl     = "60"
  name    = "${element(aws_acm_certificate.prod-certificate.*.domain_validation_options.0.resource_record_name, count.index)}"
  type    = "${element(aws_acm_certificate.prod-certificate.*.domain_validation_options.0.resource_record_type, count.index)}"
  records = ["${element(aws_acm_certificate.prod-certificate.*.domain_validation_options.0.resource_record_value, count.index)}"]
}

aws_route53_record.prod-certificate-validation中的查找不起作用,因为似乎无法从domain_validation_options.0.resource_record_name的列表中获取aws_acm_certificate.prod-certificate,它失败并显示以下错误消息:

Resource 'aws_acm_certificate.prod-certificate' does not have attribute 'domain_validation_options.0.resource_record_type' for variable 'aws_acm_certificate.prod-certificate.*.domain_validation_options.0.resource_record_type'

有什么办法可以实现我想要达到的目标吗?我想避免定义与我们拥有的主机名一样多的aws_acm_certificate资源。

[EDIT]如果删除aws_route53_record资源,terraform state list给出:

module.hashistack.aws_acm_certificate.prod-certificate[0]     
module.hashistack.aws_acm_certificate.prod-certificate[1]

terraform state show 'module.hashistack.aws_acm_certificate.prod-certificate[0]'给出:

id                                                = arn:aws:acm:eu-central-1:[redacted]
arn                                               = arn:aws:acm:eu-central-1:[redacted]
domain_name                                       = *.first.com
domain_validation_options.#                       = 1
domain_validation_options.0.domain_name           = *.first.com
domain_validation_options.0.resource_record_name  = _6f6a73ceb8bbe016a0c522c148e39b3b.first.com.
domain_validation_options.0.resource_record_type  = CNAME
domain_validation_options.0.resource_record_value = _d6b3b1c60261a201476820a3517a3ed5.acm-validations.aws.
subject_alternative_names.#                       = 0
tags.%                                            = 0
validation_emails.#                               = 0
validation_method                                 = DNS

0 个答案:

没有答案