I have a simple module which handles validating a primary, and secondary name. This works great, when the zones are in the same account. The problem I’m having now, is how do I handle when this is cross account? As far as I’m aware, you can’t do conditionals on providers. What other options do I have? Am I stuck duplicating the aws_route_53 record resource? If so, how can I address a specific response from aws_acm_certificate?
Module in question:
resource "aws_acm_certificate" "cert" {
domain_name = var.domain_name
validation_method = "DNS"
subject_alternative_names = [var.secondary_domain_name]
}
resource "aws_route53_record" "cert_validation" {
for_each = {
for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
zone_id = dvo.domain_name == var.domain_name ? var.zone_id : var.secondary_zone_id
name = dvo.resource_record_name
type = dvo.resource_record_type
record = dvo.resource_record_value
ttl = 60
}
}
zone_id = each.value.zone_id
name = each.value.name
type = each.value.type
records = [each.value.record]
ttl = 60
allow_overwrite = true
}
resource "aws_acm_certificate_validation" "cert" {
certificate_arn = aws_acm_certificate.cert.arn
validation_record_fqdns = [
for record in aws_route53_record.cert_validation : record.fqdn
]
}