This resource represents a successful validation of an ACM certificate in concert with other resources.
Most commonly, this resource is used together with aws_route53_record and aws_acm_certificate to request a DNS validated certificate, deploy the required validation records and wait for validation to complete.
WARNING: This resource implements a part of the validation workflow. It does not represent a real-world entity in AWS, therefore changing or deleting this resource on its own has no immediate effect.
resource "aws_acm_certificate" "cert" {
domain_name = "example.com"
validation_method = "DNS"
}
data "aws_route53_zone" "zone" {
name = "example.com."
private_zone = false
}
resource "aws_route53_record" "cert_validation" {
name = "${aws_acm_certificate.cert.domain_validation_options.0.resource_record_name}"
type = "${aws_acm_certificate.cert.domain_validation_options.0.resource_record_type}"
zone_id = "${data.aws_route53_zone.zone.id}"
records = ["${aws_acm_certificate.cert.domain_validation_options.0.resource_record_value}"]
ttl = 60
}
resource "aws_acm_certificate_validation" "cert" {
certificate_arn = "${aws_acm_certificate.cert.arn}"
validation_record_fqdns = ["${aws_route53_record.cert_validation.fqdn}"]
}
resource "aws_lb_listener" "front_end" {
# [...]
certificate_arn = "${aws_acm_certificate_validation.cert.certificate_arn}"
}
resource "aws_acm_certificate" "cert" {
domain_name = "example.com"
subject_alternative_names = ["www.example.com","example.org"]
validation_method = "DNS"
}
data "aws_route53_zone" "zone" {
name = "example.com."
private_zone = false
}
data "aws_route53_zone" "zone_alt" {
name = "example.org."
private_zone = false
}
resource "aws_route53_record" "cert_validation" {
name = "${aws_acm_certificate.cert.domain_validation_options.0.resource_record_name}"
type = "${aws_acm_certificate.cert.domain_validation_options.0.resource_record_type}"
zone_id = "${data.aws_route53_zone.zone.id}"
records = ["${aws_acm_certificate.cert.domain_validation_options.0.resource_record_value}"]
ttl = 60
}
resource "aws_route53_record" "cert_validation_alt1" {
name = "${aws_acm_certificate.cert.domain_validation_options.1.resource_record_name}"
type = "${aws_acm_certificate.cert.domain_validation_options.1.resource_record_type}"
zone_id = "${data.aws_route53_zone.zone.id}"
records = ["${aws_acm_certificate.cert.domain_validation_options.1.resource_record_value}"]
ttl = 60
}
resource "aws_route53_record" "cert_validation_alt2" {
name = "${aws_acm_certificate.cert.domain_validation_options.2.resource_record_name}"
type = "${aws_acm_certificate.cert.domain_validation_options.2.resource_record_type}"
zone_id = "${data.aws_route53_zone.zone_alt.id}"
records = ["${aws_acm_certificate.cert.domain_validation_options.2.resource_record_value}"]
ttl = 60
}
resource "aws_acm_certificate_validation" "cert" {
certificate_arn = "${aws_acm_certificate.cert.arn}"
validation_record_fqdns = [
"${aws_route53_record.cert_validation.fqdn}",
"${aws_route53_record.cert_validation_alt1.fqdn}",
"${aws_route53_record.cert_validation_alt2.fqdn}"
]
}
resource "aws_lb_listener" "front_end" {
# [...]
certificate_arn = "${aws_acm_certificate_validation.cert.certificate_arn}"
}
In this situation, the resource is simply a waiter for manual email approval of ACM certificates.
resource "aws_acm_certificate" "cert" {
domain_name = "example.com"
validation_method = "EMAIL"
}
resource "aws_acm_certificate_validation" "cert" {
certificate_arn = "${aws_acm_certificate.cert.arn}"
}
The following arguments are supported:
certificate_arn - (Required) The ARN of the certificate that is being validated. validation_record_fqdns - (Optional) List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation acm_certificate_validation provides the following Timeouts configuration options:
create - (Default 45m) How long to wait for a certificate to be issued.
© 2018 HashiCorpLicensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/aws/r/acm_certificate_validation.html