[英]Create multiple unique aws_acm_certificate certificates with Terraform for_each
我正在尝试使用 Terraform for_each 创建多个唯一的 aws_acm_certificates,我将 acm 证书创建为每个唯一证书的模块。
我在输出创建的证书时遇到挑战,不确定如何为每个模块发送 output。
这是我的代码。 非常感谢有关如何创建的任何帮助
locals {
process_domain_validation_options = var.process_domain_validation_options && var.acm_validation_method == "DNS"
}
resource "aws_acm_certificate" "cert" {
for_each = var.acm_certificate
domain_name = each.key.domain_name
subject_alternative_names = each.key.subject_alternative_names
validation_method = var.acm_validation_method
lifecycle {
create_before_destroy = true
}
tags = {
Name = "${var.tags}-var.environment"
}
}
data "aws_route53_zone" "default" {
count = local.process_domain_validation_options ? 1 : 0
zone_id = var.hosted_zone_id
name = try(length(var.hosted_zone_id), 0) == 0 ? var.domain_name : null
private_zone = var.route53_private_zone
}
resource "aws_route53_record" "cert_dns_validation" {
for_each = {
for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = var.allow_validation_record_overwrite
zone_id = join("", data.aws_route53_zone.default.*.zone_id)
ttl = var.validation_record_ttl
name = each.value.name
type = each.value.type
records = [each.value.record]
}
resource "aws_acm_certificate_validation" "default" {
count = local.process_domain_validation_options && var.wait_for_certificate_issued ? 1 : 0
certificate_arn = aws_acm_certificate.cert.arn
validation_record_fqdns = [for record in aws_route53_record.cert_dns_validation : record.fqdn]
}
variable "acm_certificate" {
type = map(object({
domain_name = string
subject_alternative_names = string
}))
default = {
"key" = {
domain_name = "value"
subject_alternative_names = "value"
}
}
}
我不确定有更好的方法来做到这一点。
通过这样做,我能够绕过创建多个证书;
locals {
acm_certificates = {
"certificate1.com" = {
domain_name = "certificate1.com"
acm_validation_method = "DNS"
subject_alternative_names = []
tags = {}
},
"certificate2.com" = {
domain_name = "certificate2.com"
acm_validation_method = "DNS"
subject_alternative_names = []
tags = {}
}
}
}
module "request_certificate" {
source = "../../module/acm"
for_each = local.acm_certificates
domain_name = each.value["domain_name"]
acm_validation_method = each.value["acm_validation_method"]
tags = each.value["tags"]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.