如何更改SSL证书验证的验证电子邮件?

时间:2019-05-20 20:48:14

标签: terraform terraform-provider-aws aws-certificate-manager

使用Terraform创建SSL证书时,它会自动假定应该发送给它的电子邮件是postmaster @ [subdomain]。[domain] .com,而不是postmaster @ [domain] .com。在AWS Certficate Manager中,如果我重新请求电子邮件验证,它将解决该问题,但是我必须能够通过Terraform严格执行此操作。

我在Terraform上的任何github问题中都找不到能解决此问题的东西。

resource "aws_acm_certificate" "aws_cert" {
  domain_name       = "${var.domain_name}"
  validation_method = "${var.validation_method}"

  subject_alternative_names = ["${var.subject_alternative_names}"]

  tags = {
    Name        = "${var.environment}-${var.app_name}-aws-certificate"
    ManagedBy   = "My Terraform"
    Environment = "${var.environment}"
    Team        = "vin-${var.team_name}"
  }

  lifecycle {
    create_before_destroy = true
  }
}

1 个答案:

答案 0 :(得分:0)

当前是Terraform的限制。这是一个修复请求,但尚未得到批准的请求: https://github.com/terraform-providers/terraform-provider-aws/pull/3853

一种解决方法是在运行Terraform后从输出变量中获取证书信息,然后使用AWS CLI运行Powershell命令以查看证书是否已发布以及是否未发布发出,然后通过AWS CLI重新发送

// Get AWS Cert Status Here
$awsCertStatus = (aws acm describe-certificate --certificate-arn arn:aws:acm:us-east-1:881385135648:certificate/52e2b724-0400-4b3f-9032-0d80f9c3e9ea | ConvertFrom-Json).Certificate.Status

// Check if Cert Status is of Issued
if($awsCertStatus -ne "ISSUED"){
    // It hasn't been issued, resend the validation email
    aws acm resend-validation-email --certificate-arn <ARN> --domain subdomain.domain.com --validation-domain domain.com
}
相关问题
最新问题