堆栈内存溢出
  简体   繁体   English

验证来自 AWS Terraform 中 2 个不同账户的证书

[英]Validate the certificates from 2 different accounts in AWS Terraform

 原文  2022-11-10 15:46:10       amazon-web-services/ terraform/ terraform-provider-aws

问题描述

I have an individual(dev) account and the certificate is created based on the below module.我有一个个人(开发)帐户,证书是基于以下模块创建的。 The validation takes place in the root account (ie, prod account) so when I go to the route 53 of the root account and add the domain entries (create record) and copy the CVALUE of the domain and paste it over there, then my individual account certificate gets validated and changed from "Pending Validation" to "Issued".验证发生在 root 帐户(即 prod 帐户)中,所以当我 go 到 root 帐户的路由 53 并添加域条目(创建记录)并复制域的 CVALUE 并将其粘贴到那里时,然后我的个人账户证书得到验证并从“待验证”更改为“已发布”。

I want the below tf to add the entries (domain name and CVALUE) to the root account so that while terraform apply the certificate gets validated.我希望下面的 tf 将条目(域名和 CVALUE)添加到 root 帐户,以便在 terraform 应用时验证证书。 Right now, I am manually adding the CVALUE entries to the root account for validation.现在,我正在手动将 CVALUE 条目添加到根帐户以进行验证。

public_dns.tf public_dns.tf

resource "aws_route53_zone" "public" {
  name = var.domain
}

resource "aws_acm_certificate" "elb_cert" {
  domain_name = var.domain
  subject_alternative_names = ["*.${var.domain}"]
  validation_method = "DNS"
}

resource "aws_route53_record" "cert_validation" {
  for_each = {
    for dvo in aws_acm_certificate.elb_cert.domain_validation_options : dvo.domain_name => {
      name = dvo.resource_record_name
      record = dvo.resource_record_value
      type = dvo.resource_record_type
    }
  }

  allow_overwrite = true
  name = each.value.name
  records = [each.value.record]
  ttl = 60
  type = each.value.type
  zone_id = aws_route53_zone.public.zone_id
}

resource "aws_acm_certificate_validation" "elb_cert" {
  count = var.certify_domain ? 1 : 0
  certificate_arn = aws_acm_certificate.elb_cert.arn
  validation_record_fqdns = [for record in aws_route53_record.cert_validation : record.fqdn]
}

1 个解决方案

解决方案1
 0  2022-11-14 12:40:04

To accomplish what you want, you will need to use multiple aws providers (alias).要完成您想要的,您将需要使用多个 aws 提供商(别名)。 One for the root account and one for the dev account, as you will be managing resources in two different accounts.一个用于根帐户,一个用于开发帐户,因为您将在两个不同的帐户中管理资源。

it will look something like this:它看起来像这样:

provider "aws" {
  alias  = "prod"
  ***
}

provider "aws" {
  alias  = "dev"
  ***
}

resource "aws_******"{
  provider = aws.prod
  ***
  ***
}

resource "aws_******"{
  provider = aws.dev
  ***
  ***
}

Official documentation 官方文档

Medium article about it 关于它的中篇文章

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 来自 2 个不同 AWS 账户的交叉堆栈引用 - Cross stack reference from 2 different AWS accounts 不同 aws 账户的一个角色 - One role for different aws accounts 如何 Terraform 创建和验证 AWS 证书 - How to Terraform Create and Validate AWS Certificate 在不同 AWS 账户的服务器之间共享文件 - Share files between servers in different AWS accounts 如何使用 AWS CDK 从两个不同的账户获取 SSM 参数 - How to fetch SSM Parameters from two different accounts using AWS CDK 使用 terraform 从 Cloud SQL 检索客户端证书 - Retrieve the client certificates from Cloud SQL using terraform 从 AWS 生成 terraform 脚本 - Generating terraform script from AWS 使用 Terraform for_each 创建多个唯一的 aws_acm_certificate 证书 - Create multiple unique aws_acm_certificate certificates with Terraform for_each 从零开始的 AWS EKS - terraform 或 eksctl? - AWS EKS from scratch - terraform or eksctl? 如何在 Terraform 中为 AWS EC2 应用不同的 TAG - How to apply different TAGs for AWS EC2 in Terraform
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM