Changing The Provider

I’m having difficulty changing the AWS provider during my ACM Certificate validation. The main.tf has a couple providers listed:

provider "aws" {
  shared_credentials_file = "~/.aws/credentials"
  profile                 = "development"
  region                  = "us-west-2"
}

provider "aws" {
  shared_credentials_file = "~/.aws/credentials"
  profile                 = "development"
  alias                   = "useast1"
  region                  = "us-east-1"
}

While the terraform apply fails when I add the aliased provider:

# Represents a successful validation of an ACM certificate in concert with
# other resources.
resource "aws_acm_certificate_validation" "blog" {
  provider                = "aws.useast1"
  certificate_arn         = aws_acm_certificate.blog.arn
  validation_record_fqdns = [for record in aws_route53_record.blog : record.fqdn]
}

How do I get this to work?

What’s the error message?

So I was able to get past this one. I needed to add the provided in the ‘.tf’ file I was using the alias in.

Now I’m having difficulty creating the API Gateway Domain Name. If I already have the certificate in AWS, why would it say:

Error: Error creating API Gateway Domain Name: BadRequestException: The certificate provided must be owned by the account creating the domain.

provider "aws" {
  shared_credentials_file = "~/.aws/credentials"
  profile                 = "development"
  alias                   = "useast1"
  region                  = "us-east-1"
}

# The ACM certificate resource allows requesting and management of certificates
# from the Amazon Certificate Manager.
resource "aws_acm_certificate" "blog" {
  provider          = aws.useast1
  domain_name       = "<MY DOMAIN>.com"
  validation_method = "DNS"
}

data "aws_route53_zone" "blog" {
  name         = "<MY DOMAIN>.com"
  private_zone = false
}

resource "aws_route53_record" "blog" {
  for_each = {
    for dvo in aws_acm_certificate.blog.domain_validation_options : dvo.domain_name => {
      name   = dvo.resource_record_name
      record = dvo.resource_record_value
      type   = dvo.resource_record_type
    }
  }

  allow_overwrite = true
  name            = each.value.name
  records         = [each.value.record]
  ttl             = 60
  type            = each.value.type
  zone_id         = data.aws_route53_zone.blog.zone_id
}

# Represents a successful validation of an ACM certificate in concert with
# other resources.
resource "aws_acm_certificate_validation" "blog" {
  provider                = aws.useast1
  certificate_arn         = aws_acm_certificate.blog.arn
  validation_record_fqdns = [for record in aws_route53_record.blog : record.fqdn]
}

resource "aws_api_gateway_domain_name" "blog" {
  domain_name              = "api.<MY DOMAIN>.com"
  regional_certificate_arn = aws_acm_certificate_validation.blog.certificate_arn

  endpoint_configuration {
    types = ["REGIONAL"]
  }
}


resource "aws_api_gateway_rest_api" "blog_api" {
  name = var.name
}

When I look at the certificates in the console, I see that the “.com” certificate has the Additional name “*.”.com".