I’m currently stuck on how to validate for multiple domain names for my acm module, ie i want to validate route53 for foo.dev and bar.com.
My module looks like
variable “domain_names” {
description = “A domain name for which the certificate should be issued”
type = map(list(string))
}
variable "validation_method" {
description = "Validation method DNS/EMAIL/NONE"
type = string
}
data "aws_route53_zone" "selected" {
for_each = var.validation_method == "DNS" ? var.domain_names : {}
name = each.key
private_zone = false
}
resource "aws_acm_certificate" "certificate" {
for_each = var.domain_names
domain_name = each.key
subject_alternative_names = [join(",", each.value)]
validation_method = var.validation_method
tags = {
Name = each.key
owner = "xxx"
terraform = "true"
}
lifecycle {
create_before_destroy = true
}
}
resource "aws_route53_record" "validation" {
for_each = var.validation_method == "DNS" ? var.domain_names : {}
name = aws_acm_certificate.certificate[each.key].domain_validation_options.0.resource_record_name
type = aws_acm_certificate.certificate[each.key].domain_validation_options.0.resource_record_type
zone_id = data.aws_route53_zone.selected[each.key].zone_id
ttl = "300"
records = [aws_acm_certificate.certificate[each.key].domain_validation_options.0.resource_record_value]
depends_on = [aws_acm_certificate.certificate]
}
resource "aws_acm_certificate_validation" "certificate_validation" {
for_each = var.validation_method == "DNS" ? var.domain_names : {}
certificate_arn = aws_acm_certificate.certificate[each.key].arn
validation_record_fqdns = [aws_route53_record.validation[each.key].fqdn, ]
}
module "acm_private" {
source = "../projects/tf_module_acm/"
domain_names = {
"foo.dev" = ["*.foo.dev","bar.com"]
}