diff --git a/aws/resource_aws_acm_certificate.go b/aws/resource_aws_acm_certificate.go index 7512680a897..eeda9439573 100644 --- a/aws/resource_aws_acm_certificate.go +++ b/aws/resource_aws_acm_certificate.go @@ -78,8 +78,11 @@ func resourceAwsAcmCertificate() *schema.Resource { // AWS Provider 3.0.0 aws_route53_zone references no longer contain a // trailing period, no longer requiring a custom StateFunc // to prevent ACM API error - Type: schema.TypeString, - ValidateFunc: validation.StringDoesNotMatch(regexp.MustCompile(`\.$`), "cannot end with a period"), + Type: schema.TypeString, + ValidateFunc: validation.All( + validation.StringLenBetween(1, 253), + validation.StringDoesNotMatch(regexp.MustCompile(`\.$`), "cannot end with a period"), + ), }, Set: schema.HashString, ConflictsWith: []string{"private_key", "certificate_body", "certificate_chain"}, diff --git a/aws/resource_aws_acm_certificate_test.go b/aws/resource_aws_acm_certificate_test.go index 0c31a6f180d..94ffd88eb39 100644 --- a/aws/resource_aws_acm_certificate_test.go +++ b/aws/resource_aws_acm_certificate_test.go @@ -308,6 +308,23 @@ func TestAccAWSAcmCertificate_rootAndWildcardSan(t *testing.T) { }) } +func TestAccAWSAcmCertificate_SubjectAlternativeNames_EmptyString(t *testing.T) { + rootDomain := testAccAwsAcmCertificateDomainFromEnv(t) + domain := testAccAwsAcmCertificateRandomSubDomain(rootDomain) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAcmCertificateDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAcmCertificateConfig_subjectAlternativeNames(domain, strconv.Quote(""), acm.ValidationMethodDns), + ExpectError: regexp.MustCompile(`expected length`), + }, + }, + }) +} + func TestAccAWSAcmCertificate_san_single(t *testing.T) { resourceName := "aws_acm_certificate.cert" rootDomain := testAccAwsAcmCertificateDomainFromEnv(t)