diff --git a/acm.tf b/acm.tf index 368ede8..ec4934a 100644 --- a/acm.tf +++ b/acm.tf @@ -1,5 +1,5 @@ resource "aws_acm_certificate" "cert" { - domain_name = "${var.zone}" + domain_name = var.zone validation_method = "DNS" subject_alternative_names = ["www.${var.zone}"] @@ -10,5 +10,5 @@ resource "aws_acm_certificate" "cert" { resource "aws_acm_certificate_validation" "validation" { certificate_arn = aws_acm_certificate.cert.arn - validation_record_fqdns = [aws_route53_record.cert_validation_1.fqdn, aws_route53_record.cert_validation_2.fqdn] + validation_record_fqdns = [ for record in aws_route53_record.cert_validation: record.fqdn ] } diff --git a/cloudfront.tf b/cloudfront.tf index 0458798..279dd20 100644 --- a/cloudfront.tf +++ b/cloudfront.tf @@ -16,7 +16,7 @@ resource "aws_cloudfront_distribution" "redirect" { enabled = true is_ipv6_enabled = false - aliases = ["www.${var.zone}", "${var.zone}"] + aliases = ["www.${var.zone}", var.zone] restrictions { geo_restriction { diff --git a/route53.tf b/route53.tf index 129a9db..3cf6d1d 100644 --- a/route53.tf +++ b/route53.tf @@ -26,18 +26,19 @@ resource "aws_route53_record" "redirect" { } } -resource "aws_route53_record" "cert_validation_1" { - name = aws_acm_certificate.cert.domain_validation_options.0.resource_record_name - type = aws_acm_certificate.cert.domain_validation_options.0.resource_record_type +resource "aws_route53_record" "cert_validation" { + # https://github.com/hashicorp/terraform-provider-aws/issues/10098#issuecomment-663562342 + for_each = { + for dvo in aws_acm_certificate.cert.domain_validation_options: dvo.domain_name => { + name = dvo.resource_record_name + record = dvo.resource_record_value + type = dvo.resource_record_type + } + } + name = each.value.name + records = [ each.value.record ] + type = each.value.type zone_id = data.aws_route53_zone.zone.zone_id - records = [aws_acm_certificate.cert.domain_validation_options.0.resource_record_value] - ttl = 60 -} -resource "aws_route53_record" "cert_validation_2" { - name = aws_acm_certificate.cert.domain_validation_options.1.resource_record_name - type = aws_acm_certificate.cert.domain_validation_options.1.resource_record_type - zone_id = data.aws_route53_zone.zone.zone_id - records = [aws_acm_certificate.cert.domain_validation_options.1.resource_record_value] ttl = 60 }