search

cloudposse / terraform-aws-acm-request-certificate

Terraform module to request an ACM certificate for a domain name and create a CNAME record in the DNS zone to complete certificate validation
https://cloudposse.com/accelerate
Apache License 2.0
106 stars 69 forks source link

Module broken if only passing domain name #72

Open slalomq opened 1 year ago

slalomq commented 1 year ago

Describe the Bug

Just passing the domain_name to request the certificate will end in error:

aws_route53_zone.root: Creating...
aws_route53_zone.root: Still creating... [10s elapsed]
aws_route53_zone.root: Still creating... [20s elapsed]
aws_route53_zone.root: Still creating... [30s elapsed]
aws_route53_zone.root: Still creating... [40s elapsed]
aws_route53_zone.root: Creation complete after 44s [id=Z100510839VMYCIY3X0FZ]
module.acm.data.aws_route53_zone.default["io"]: Reading...
module.acm.data.aws_route53_zone.default["example.io"]: Reading...
module.acm.aws_acm_certificate.default[0]: Creating...
module.acm.data.aws_route53_zone.default["example.io"]: Read complete after 1s [id=Z100510839VMYCIY3X0FZ]
module.acm.aws_acm_certificate.default[0]: Creation complete after 6s [id=arn:aws:acm:us-west-2:976668483278:certificate/5a505039-cec1-4407-a629-a71fd18f227a]
╷
│ Error: no matching Route53Zone found
│
│   with module.acm.data.aws_route53_zone.default["io"],
│   on .terraform/modules/acm/main.tf line 38, in data "aws_route53_zone" "default":
│   38: data "aws_route53_zone" "default" {
│
╵

It seems to be trying to get the hosted zone for both "example.io" and just "io" even if I am just passing "example.io" as domain_name. Because the 2nd hosted zone doesn't exist, the module fails.

This works fine if we pick version 0.16.3 of the module.

Expected Behavior

ACM certificate gets created.

Steps to Reproduce

This small code snippet should do it:

resource "aws_route53_zone" "root" {

  name    = "example.io"
  comment = "DNS zone for the root domain"
}

module "acm" {

  source  = "cloudposse/acm-request-certificate/aws"
  version = "0.17.0"

  enabled = true

  domain_name                       = "example.io"
  process_domain_validation_options = true
  ttl                               = 300
  subject_alternative_names         = [format("*.%s", "example.io")]

  depends_on = [aws_route53_zone.root]
}

Screenshots

No response

Environment

Additional Context

No response

jamengual commented 1 year ago

@nitrocode

nitrocode commented 1 year ago

See PR https://github.com/cloudposse/terraform-aws-acm-request-certificate/pull/66

Workaround for now is to use 0.16.3