0

When creating a SSL Cert using Terraform it automatically assumes that emails it should be sent to are postmaster@[subdomain].[domain].com instead of doing postmaster@[domain].com. In AWS Certficate manager if I re-request the email validation it'll fix it but I need to be able to strictly do this via Terraform.

I couldn't find anything in any github issues on Terraform that looked like it could fix this issue.

resource "aws_acm_certificate" "aws_cert" {
  domain_name       = "${var.domain_name}"
  validation_method = "${var.validation_method}"

  subject_alternative_names = ["${var.subject_alternative_names}"]

  tags = {
    Name        = "${var.environment}-${var.app_name}-aws-certificate"
    ManagedBy   = "My Terraform"
    Environment = "${var.environment}"
    Team        = "vin-${var.team_name}"
  }

  lifecycle {
    create_before_destroy = true
  }
}
Jeff Anderson
  • 69
  • 6

1 Answers1

0

This used to be a limitation with Terraform. There was a merge request that fixed it: https://github.com/terraform-providers/terraform-provider-aws/pull/3853

A way around that would be to check after you've run your Terraform to take the certificate arn from the output variables, run a Powershell command using the AWS CLI to see if the cert has been issued and if it hasn't been issued then resend it via AWS CLI

// Get AWS Cert Status Here
$awsCertStatus = (aws acm describe-certificate --certificate-arn arn:aws:acm:us-east-1:881385135648:certificate/52e2b724-0400-4b3f-9032-0d80f9c3e9ea | ConvertFrom-Json).Certificate.Status

// Check if Cert Status is of Issued
if($awsCertStatus -ne "ISSUED"){
    // It hasn't been issued, resend the validation email
    aws acm resend-validation-email --certificate-arn <ARN> --domain subdomain.domain.com --validation-domain domain.com
}
Alex
  • 8,093
  • 6
  • 49
  • 79
Jeff Anderson
  • 69
  • 6