0

I am trying to create multiple unique aws_acm_certificates using Terraform for_each,I created the acm certificates as modules for each of the unique certificate.

I am having a challenge outputing the certificates created, not sure of how to output for each of the modules.

This is my code. Would appreciate any help on how to create

locals {
  process_domain_validation_options = var.process_domain_validation_options && var.acm_validation_method == "DNS"
}

resource "aws_acm_certificate" "cert" {
  for_each                  = var.acm_certificate
  domain_name               = each.key.domain_name
  subject_alternative_names = each.key.subject_alternative_names
  validation_method         = var.acm_validation_method

  lifecycle {
    create_before_destroy = true
  }

  tags = {
     Name = "${var.tags}-var.environment"
  }
}

data "aws_route53_zone" "default" {
  count        = local.process_domain_validation_options ? 1 : 0
  zone_id      = var.hosted_zone_id
  name         = try(length(var.hosted_zone_id), 0) == 0 ? var.domain_name : null
  private_zone = var.route53_private_zone
}

resource "aws_route53_record" "cert_dns_validation" {
  for_each = {
    for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
      name   = dvo.resource_record_name
      record = dvo.resource_record_value
      type   = dvo.resource_record_type
    }
  }

  allow_overwrite = var.allow_validation_record_overwrite
  zone_id         = join("", data.aws_route53_zone.default.*.zone_id)
  ttl             = var.validation_record_ttl
  name            = each.value.name
  type            = each.value.type
  records         = [each.value.record]
}

resource "aws_acm_certificate_validation" "default" {
  count                   = local.process_domain_validation_options && var.wait_for_certificate_issued ? 1 : 0
  certificate_arn         = aws_acm_certificate.cert.arn
  validation_record_fqdns = [for record in aws_route53_record.cert_dns_validation : record.fqdn]
}

    variable "acm_certificate" {
  type      = map(object({
    domain_name = string 
    subject_alternative_names = string
  }))
  default = {
    "key" = {
      domain_name = "value"
      subject_alternative_names = "value"
    }
  }
}

I'm not sure of a better way to do it.

Eleazar Nwachukwu
  • 11
  • 2
  • 1
    What exactly do you want to output? You ca see the attribute references for `aws_acm_certificate` here: [link](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate#attributes-reference). AWS generates you a managed certificate, you can not download this in a `.pem` format. – Ervin Szilagyi Mar 22 '22 at 20:13
  • What errors do you get? What exactly is `acm_certificate`? – Marcin Mar 23 '22 at 01:28
  • Does this answer your question? [How do I output an attribute of multiple instances of a resource created with for\_each?](https://stackoverflow.com/questions/61913585/how-do-i-output-an-attribute-of-multiple-instances-of-a-resource-created-with-fo) – Technowise Mar 23 '22 at 05:59
  • @ErvinSzilagyi I want to be able to create the Certificates using For_each and then output the ARNs of the certificates. I went through the link, it gave me some insights. Thank you. – Eleazar Nwachukwu Mar 26 '22 at 14:55
  • I was able to get around it by doing this. – Eleazar Nwachukwu Mar 26 '22 at 14:56

1 Answers1

1

I was able to get around creating the multiple certificates by doing this;

locals {
  acm_certificates = {
    "certificate1.com"                = {
      domain_name                       = "certificate1.com"
      acm_validation_method             = "DNS"
      subject_alternative_names         = []
      tags = {}
    },
    "certificate2.com"                = {
      domain_name                       = "certificate2.com"
      acm_validation_method             = "DNS"
      subject_alternative_names         = []
      tags = {}
    }
   }
  }

module "request_certificate" {
  source                  = "../../module/acm"
  for_each                = local.acm_certificates
  domain_name             = each.value["domain_name"]
  acm_validation_method   = each.value["acm_validation_method"]
  tags                    = each.value["tags"]
}
Eleazar Nwachukwu
  • 11
  • 2