我正在尝试编写一些 TF,给定站点的单个 FQDN,它将生成 ACM 证书,创建 R53 记录以进行验证并在单个 TF 传递中运行验证。
我没有使用子域,我让它适用于单个 FQDN,但与 TF 的本质一样,我希望将来能够向变量添加另一个 FQDN 以获得多个证书。
当我运行以下代码时,我收到错误:
Error: Error running plan: 1 error occurred:
* aws_acm_certificate_validation.cert: 2 errors occurred:
* aws_acm_certificate_validation.cert[0]: Resource 'aws_route53_record.cert_validation' does not have attribute 'fqdn' for variable 'aws_route53_record.cert_validation.*.fqdn'
* aws_acm_certificate_validation.cert[1]: Resource 'aws_route53_record.cert_validation' does not have attribute 'fqdn' for variable 'aws_route53_record.cert_validation.*.fqdn'
但我知道 R53 记录确实导出了 fqdn 属性。
acm.tf:
resource "aws_acm_certificate" "cert" {
count = "${length(var.certificate_fqdns)}"
domain_name = "${element(var.certificate_fqdns, count.index)}"
validation_method = "DNS"
tags = "${local.all_tags}"
lifecycle {
create_before_destroy = true
}
}
resource "aws_route53_record" "cert_validation" {
count = "${length(var.certificate_fqdns)}"
name = "${lookup(local.domain_validation_options[count.index], "resource_record_name")}"
type = "${lookup(local.domain_validation_options[count.index], "resource_record_type")}"
zone_id = "${data.aws_route53_zone.cert_fqdn_zone.*.id}"
records = ["${lookup(local.domain_validation_options[count.index], "resource_record_value")}"]
ttl = 60
}
resource "aws_acm_certificate_validation" "cert" {
count = "${length(var.certificate_fqdns)}"
certificate_arn = "${element(aws_acm_certificate.cert.*.arn, count.index)}"
validation_record_fqdns = ["${aws_route53_record.cert_validation.*.fqdn}"]
}
变量.tf:
variable "certificate_fqdns" {
description = "The FQDNs to be used to create ACM certificates."
type = "list"
default = []
}
locals {
domain_validation_options = "${flatten(aws_acm_certificate.cert.*.domain_validation_options)}"
}
data "aws_route53_zone" "cert_fqdn_zone" {
name = "${element(var.certificate_fqdns, count.index)}"
}
我的 vars 文件包含这样的条目:
"certificate_fqdns": [
"example.com"
]
编辑:添加了 Route53 区域的数据查找,即使有多个不同的域,它似乎也只返回变量中提供的第一个域的区域。即 example1.com 和 example2.com 它将为两组 R53 记录使用相同的区域 ID,这显然会失败