Open DXTimer opened 1 year ago
@adiii717 I can see that you are providing subject alternative names (SAN), in the certificate request. The code sample works with the example that AWS has provided using Route53 since they have an allow_overwrite
flag.
Based on AWS documentation we know that the validation record name and value will be identical when requesting a wildcard and root certificate source.
One option you have is use the recourse_record_name
attribute as key when converting the list of domain_validation_options
to map to ensure uniqueness.
for_each = {
for dvo in aws_acm_certificate.certificate.domain_validation_options : dvo.resource_record_name => {
record_name = dvo.resource_record_name
record_value = dvo.resource_record_value
type = dvo.resource_record_type
domain_name = dvo.domain_name
}
}
Based on AWS documentation we know that the validation record name and value will be identical when requesting a wildcard and root certificate source.
yes it's identical, but we have different load balancers which use their own wildcard certificates with minor variation, the minor variation work like a charm, but as soon as it tries to create the wildcard it failed because the record already exists.
btw same behaviour with the above changes
for now, I just skip the wildcard and just keep the variation, but it would be great if we cloud flag override
or ignore
if already exist
for_each = {
for dvo in aws_acm_certificate.certificate.domain_validation_options : dvo.resource_record_name => {
record_name = dvo.resource_record_name
record_value = dvo.resource_record_value
type = dvo.resource_record_type
domain_name = dvo.domain_name
}
if contains(var.hosts, var.domain_name)
}
Thanks for sharing your approach. We will definitely consider adding support for overrides when creating a record via the API.
I am trying to create multiple AWS certificates, but when I tried to create zone records it ended up with
Any way to perform the update in place?
Originally posted by @adiii717 in https://github.com/dnsimple/terraform-provider-dnsimple/issues/25#issuecomment-1396538933