Hello,
I am trying to set up certificate validation with AWS Certificate Manager using DNS method and then adding required record to Azure DNS Zone. I want to choose single output from AWS CM and create record based on it. Let me elaborate:
This is what I currently have and it works:
resource "aws_acm_certificate" "ingress" {
domain_name = var.dns_zone
subject_alternative_names = ["*.${var.dns_zone}"]
validation_method = "DNS"
tags = var.tags
}
resource azurerm_dns_cname_record "ingress_cert_valid" {
depends_on = [
azurerm_dns_zone.ingress,
aws_acm_certificate.ingress,
]
for_each = {
for dvo in aws_acm_certificate.ingress.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
}
}
name = trimsuffix(each.value.name, ".${var.dns_zone}.")
resource_group_name = "test-rg"
zone_name = azurerm_dns_zone.ingress.name
ttl = 3600
record = each.value.record
}
As you can see, I am using subject_alternative_names, which means that I get 2 outputs using aws_acm_certificate.ingress.domain_validation_options (one for inital domain and one for SAN). Thing is that resource_record_name. and resource_record_value are exactly the same.
When I create a CNAME in Azure, this is not a problem, as it just overwrites it, but I have problem when running terraform destroy, as 1 of them is of course not found.
Any idea how to specify it that it would try to create only one record?
Best regards,
Bostjan