search

terraform-aws-modules / terraform-aws-acm

Terraform module to create AWS ACM resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/acm/aws
Apache License 2.0
184 stars 230 forks source link

Cycle error #138

Closed lukasmrtvy closed 1 year ago

lukasmrtvy commented 1 year ago

Can We introduce the multi-provider support https://github.com/terraform-aws-modules/terraform-aws-acm/issues/25 ( one for the certificate and the other for vadilation )? Or at least fix the cycle error when using for_each to create multiple certificates ? https://github.com/terraform-aws-modules/terraform-aws-acm/issues/121 and https://github.com/terraform-aws-modules/terraform-aws-acm/issues/131

locals {
  certificates = [{
    name = foo.bar.com
    sans = ["foo.bar.com"]
  },
  {
    name = john.doe.com
    sans = ["john.doe.com"]
  }]
}

module "acm" {
  for_each = { for c in local.certificates : c.name => c }
  source  = "terraform-aws-modules/acm/aws"
  domain_name  = each.value.name
  subject_alternative_names = each.value.sans
  create_route53_records  = false
  validation_record_fqdns = module.route53_records[each.value.name].validation_route53_record_fqdns
}

module "route53_records" {
  for_each  = { for c in local.certificates : c.name => c }
  source  = "terraform-aws-modules/acm/aws"
  providers = {
    aws = aws.other_account
  }
  create_certificate          = false
  create_route53_records_only = true
  distinct_domain_names = module.acm[each.value.name].distinct_domain_names
  zone_id               = "other_account_zone_id"
  acm_certificate_domain_validation_options = module.acm[each.value.name].acm_certificate_domain_validation_options
}

Thanks

antonbabenko commented 1 year ago

Please take a look at this example - https://github.com/terraform-aws-modules/terraform-aws-acm/blob/master/examples/complete-dns-validation/main.tf#L54-L101

This is already implemented in this module.

lukasmrtvy commented 1 year ago

@antonbabenko are You sure? https://github.com/terraform-aws-modules/terraform-aws-acm/blob/master/variables.tf#L43 is a string, not a map, not an array, this implies that only a single certificate can be created. All these issues refer to the option to create multiple certificates ( not multiple SANs per certificate ).

antonbabenko commented 1 year ago

That's correct - domain_name is a string, but subject_alternative_names is a list. You need to provide such inputs. Please take a look at the example provided.

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.