2

I'm trying to add route53 records form my certificates to validate but I can't get it working. I'm unable to get the right information. Here's an example.

variable "my_certificates" {
  default = [
    {
      zone      = "aws.example.com"
      zone_id   = "ZXXXXXXXXXXXXX"
      name      = "aws.example.com"
      alt_names = "*.example.com,*.aws.example.com"
    },
    {
      zone      = "aws.example.net"
      zone_id   = "ZXXXXXXXXXXXXY"
      name      = "aws.example.net"
      alt_names = "*.aws.example.net"
    },
  ]
}

variable "certificate_domains_count" {
  default = 5
}

resource "aws_acm_certificate" "my_certificates" {
  count = "${length(var.my_certificates)}"

  domain_name               = "${lookup(var.my_certificates[count.index], "name")}"
  subject_alternative_names = "${split(",", lookup(var.my_certificates[count.index], "alt_names"))}"
  validation_method         = "DNS"
}

resource "aws_route53_record" "certificates_validation_records" {
  # Can't count on computed, use static.
  #count = "${length(aws_acm_certificate.certificates.domain_validation_options)}"
  count = "${var.certificate_domains_count}"

  zone_id = "${lookup(var.my_certificates[count.index], "zone_id")}"
  # Problem with the following 3 lines.
  # I'm stuck.
  name = "${lookup(aws_acm_certificate.my_certificates.*.domain_validation_options[count.index], "resource_record_name")}"

  type    = "${lookup(aws_acm_certificate.my_certificates.*.domain_validation_options[count.index], "resource_record_type")}"
  records = ["${lookup(aws_acm_certificate.my_certificates.*.domain_validation_options[count.index], "resource_record_value")}"]
  ttl     = 60
}

My problem is with lines like this one :

"${lookup(aws_acm_certificate.my_certificates.*.domain_validation_options[count.index], "resource_record_name")}"

Where I can't find a way to loop through my_certificates array while accessing mapped values inside an array element

Julien B.
  • 201
  • 2
  • 10

1 Answers1

0

These sorts of things are much easier in terraform 12 syntax with for_each. Note that I did switch the variable to a map instead of a list.

variable "my_certificates" {
  default = {
    "aws.example.com" = {
      zone      = "aws.example.com"
      zone_id   = "ZXXXXXXXXXXXXX"
      name      = "aws.example.com"
      alt_names = "*.example.com,*.aws.example.com"
    },
    "aws.example.net" = {
      zone      = "aws.example.net"
      zone_id   = "ZXXXXXXXXXXXXY"
      name      = "aws.example.net"
      alt_names = "*.aws.example.net"
    },
  }
}

variable "certificate_domains_count" {
  default = 5
}

resource "aws_acm_certificate" "my_certificates" {
  for_each = var.my_certificates

  domain_name               = each.key
  subject_alternative_names = split(",", each.value.alt_names)
  validation_method         = "DNS"
}

resource "aws_route53_record" "certificates_validation_records" {
  for_each = var.my_certificates

  zone_id = each.value.zone_id
  name    = aws_acm_certificate.my_certificates[each.key].domain_validation_options.0.resource_record_name

  type    = aws_acm_certificate.my_certificates[each.key].domain_validation_options.0.resource_record_type
  records = [aws_acm_certificate.my_certificates[each.key].domain_validation_options.0.resource_record_value]
  ttl     = 60
}
nicgrayson
  • 21
  • 2