Terraform - 错误:找不到匹配的 Route53Zone
[英]Terraform - Error: no matching Route53Zone found
问题描述
I using https://github.com/cloudposse/terraform-aws-acm-request-certificate to generate certificate using terraform and aws.
我使用https://github.com/cloudposse/terraform-aws-acm-request-certificate使用 terraform 和 aws 生成证书。
I want to run this module on serval domains: "example.com", "cdn.example.com"...我想在服务域上运行此模块:“example.com”、“cdn.example.com”...
I don't want to use subject_alternative_names for cdn.example.com because it will be appear on the subject field inside the certificate, and when everyone open the certificate I don't want to him to see cdn domain.我不想给cdn.example.com使用subject_alternative_names ,因为它会出现在证书里面的subject字段,大家打开证书的时候我不想让他看到cdn域名。
For cdn.example.com I want a new certificate.对于 cdn.example.com,我想要一个新证书。
So I try to run terraform apply with my code below but I getting errors:所以我尝试使用下面的代码运行terraform apply但出现错误:
Error: no matching Route53Zone found
on.terraform\modules\acm_request_certificate_example\main.tf line 19, in data "aws_route53_zone" "default": 19: data "aws_route53_zone" "default" {
Error: no matching Route53Zone found
on.terraform\modules\acm_request_certificate_cdn_example\main.tf line 19, in data "aws_route53_zone" "default": 19: data "aws_route53_zone" "default" {
I can't run more than more module?我不能运行更多的模块? How to solve it anyway?无论如何如何解决它?
main.tf主程序
terraform {
required_version = "~> 0.12.0"
}
provider "aws" {
version = "~> 2.12.0"
region = "us-east-1"
}
module "acm_request_certificate_example" {
source = "git::https://github.com/cloudposse/terraform-aws-acm-request-certificate.git?ref=master"
domain_name = "example.com"
process_domain_validation_options = true
ttl = "300"
}
module "acm_request_certificate_cdn_example" {
source = "git::https://github.com/cloudposse/terraform-aws-acm-request-certificate.git?ref=master"
domain_name = "cdn.example.com"
process_domain_validation_options = true
ttl = "300"
}
I only have example.com in the hosted zone.我在托管区域中只有example.com 。
1 个解决方案
解决方案1
1 已采纳 2020-09-20 05:59:36
Based on the comments.根据评论。
The issue was caused by using process_domain_validation_options = true .该问题是由使用process_domain_validation_options = true引起的。 This checks if the hosted zone exists in Roure53 prior requesting a certificate.这会在请求证书之前检查托管区域是否存在于 Roure53 中。 This is done to enable automated validation of the SSL certificate to be issued.这样做是为了启用对要颁发的 SSL 证书的自动验证。
Since in the OP's case SSL certificates are requested for domains without corresponding zones, the terraform was erroring out.由于在 OP 的情况下,为没有相应区域的域请求 SSL 证书,因此 terraform 出错了。
The solution was to use process_domain_validation_options = false , but this requires manual validation procedure for the SSL to be issued.解决方案是使用process_domain_validation_options = false ,但这需要对要发布的 SSL 执行手动验证程序。 To automation of this procedure must be done through a custom solution.要使此过程自动化,必须通过自定义解决方案来完成。 In very broad terms, such solution could involve created required record for the validation using aws_route53_record , a lambda function or local-exec provisioner to created needed records.从广义上讲,此类解决方案可能涉及使用aws_route53_record 、 lambda function 或local-exec供应商创建验证所需的记录以创建所需的记录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.