I’m having difficulty changing the AWS provider during my ACM Certificate validation. The main.tf
has a couple providers listed:
provider "aws" {
shared_credentials_file = "~/.aws/credentials"
profile = "development"
region = "us-west-2"
}
provider "aws" {
shared_credentials_file = "~/.aws/credentials"
profile = "development"
alias = "useast1"
region = "us-east-1"
}
While the terraform apply fails when I add the aliased provider:
# Represents a successful validation of an ACM certificate in concert with
# other resources.
resource "aws_acm_certificate_validation" "blog" {
provider = "aws.useast1"
certificate_arn = aws_acm_certificate.blog.arn
validation_record_fqdns = [for record in aws_route53_record.blog : record.fqdn]
}
How do I get this to work?
What’s the error message?
So I was able to get past this one. I needed to add the provided in the ‘.tf’ file I was using the alias in.
Now I’m having difficulty creating the API Gateway Domain Name. If I already have the certificate in AWS, why would it say:
Error: Error creating API Gateway Domain Name: BadRequestException: The certificate provided must be owned by the account creating the domain.
provider "aws" {
shared_credentials_file = "~/.aws/credentials"
profile = "development"
alias = "useast1"
region = "us-east-1"
}
# The ACM certificate resource allows requesting and management of certificates
# from the Amazon Certificate Manager.
resource "aws_acm_certificate" "blog" {
provider = aws.useast1
domain_name = "<MY DOMAIN>.com"
validation_method = "DNS"
}
data "aws_route53_zone" "blog" {
name = "<MY DOMAIN>.com"
private_zone = false
}
resource "aws_route53_record" "blog" {
for_each = {
for dvo in aws_acm_certificate.blog.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 60
type = each.value.type
zone_id = data.aws_route53_zone.blog.zone_id
}
# Represents a successful validation of an ACM certificate in concert with
# other resources.
resource "aws_acm_certificate_validation" "blog" {
provider = aws.useast1
certificate_arn = aws_acm_certificate.blog.arn
validation_record_fqdns = [for record in aws_route53_record.blog : record.fqdn]
}
resource "aws_api_gateway_domain_name" "blog" {
domain_name = "api.<MY DOMAIN>.com"
regional_certificate_arn = aws_acm_certificate_validation.blog.certificate_arn
endpoint_configuration {
types = ["REGIONAL"]
}
}
resource "aws_api_gateway_rest_api" "blog_api" {
name = var.name
}
When I look at the certificates in the console, I see that the “.com” certificate has the Additional name “*.”.com".