1

我正在尝试编写一些 TF,给定站点的单个 FQDN,它将生成 ACM 证书,创建 R53 记录以进行验证并在单个 TF 传递中运行验证。

我没有使用子域,我让它适用于单个 FQDN,但与 TF 的本质一样,我希望将来能够向变量添加另一个 FQDN 以获得多个证书。

当我运行以下代码时,我收到错误:

Error: Error running plan: 1 error occurred:
    * aws_acm_certificate_validation.cert: 2 errors occurred:
    * aws_acm_certificate_validation.cert[0]: Resource 'aws_route53_record.cert_validation' does not have attribute 'fqdn' for variable 'aws_route53_record.cert_validation.*.fqdn'
    * aws_acm_certificate_validation.cert[1]: Resource 'aws_route53_record.cert_validation' does not have attribute 'fqdn' for variable 'aws_route53_record.cert_validation.*.fqdn'

但我知道 R53 记录确实导出了 fqdn 属性。

acm.tf:

resource "aws_acm_certificate" "cert" {
  count = "${length(var.certificate_fqdns)}"
  domain_name               = "${element(var.certificate_fqdns, count.index)}"
  validation_method         = "DNS"

  tags = "${local.all_tags}"

  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_route53_record" "cert_validation" {
    count = "${length(var.certificate_fqdns)}"

    name = "${lookup(local.domain_validation_options[count.index], "resource_record_name")}"
    type = "${lookup(local.domain_validation_options[count.index], "resource_record_type")}"
    zone_id = "${data.aws_route53_zone.cert_fqdn_zone.*.id}"
    records = ["${lookup(local.domain_validation_options[count.index], "resource_record_value")}"]
    ttl = 60
}
resource "aws_acm_certificate_validation" "cert" {
  count                   = "${length(var.certificate_fqdns)}"
  certificate_arn         = "${element(aws_acm_certificate.cert.*.arn, count.index)}"
  validation_record_fqdns = ["${aws_route53_record.cert_validation.*.fqdn}"]
}

变量.tf:

    variable "certificate_fqdns" { 
      description = "The FQDNs to be used to create ACM certificates."
      type        = "list"
      default     = []
    }

    locals {
      domain_validation_options = "${flatten(aws_acm_certificate.cert.*.domain_validation_options)}"
    }

data "aws_route53_zone" "cert_fqdn_zone" {
  name = "${element(var.certificate_fqdns, count.index)}"
}

我的 vars 文件包含这样的条目:

"certificate_fqdns": [
    "example.com"
]

编辑:添加了 Route53 区域的数据查找,即使有多个不同的域,它似乎也只返回变量中提供的第一个域的区域。即 example1.com 和 example2.com 它将为两组 R53 记录使用相同的区域 ID,这显然会失败

4

0 回答 0