我需要从 2 个不同的 ACM 证书创建 2 个 R53 记录。我正在使用 for_each 迭代用户输入,这将创建证书。
locals {
custom_domain_api = [
{
acm_name_api = join("",["api-",var.app_region,"-",var.application,"-",var.environment,lookup(var.r53_domain,var.environment)])
customdomain_api = join("",["api-",var.app_region,"-",var.application,"-",var.environment,lookup(var.r53_domain,var.environment)])
},
{
acm_name_api = join("",["ui-",var.app_region,"-",var.application,"-",var.environment,lookup(var.r53_domain,var.environment)])
customdomain_api = join("",["ui-",var.app_region,"-",var.application,"-",var.environment,lookup(var.r53_domain,var.environment)])
}
]
}
resource "aws_acm_certificate" "acm_api" {
provider = aws.main
for_each = {
for index, api in local.custom_domain_api:
api.customdomain_api => api
}
domain_name = each.value.acm_name_api
validation_method = "DNS"
tags = merge(
{NAME = each.value.acm_name_api},
local.common_tags
)
}
上面的代码工作正常,但是当我到达 R53 创建部分时,我读过和尝试过的解决方案都没有
为我工作。我已经使用了 for_each 和 for_each/for 循环,但我只是得到一个错误。
#1
resource "aws_route53_record" "acm_r53" {
for_each = {
for dvo in flatten(aws_acm_certificate.acm_api[*].domain_validation_options.domain_name) :
dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
}
}
zone_id = local.r53_zoneid
name = each.value.name
type = "CNAME"
ttl = "300"
records = [each.value.record]
}
------
#2
resource "aws_route53_record" "acm_r53" {
for_each = aws_acm_certificate.acm_api[each.key].domain_validation_options
zone_id = local.r53_zoneid
name = tolist(aws_acm_certificate.acm_api[each.key].domain_validation_options).resource_record_name
type = "CNAME"
ttl = "300"
records = [tolist(aws_acm_certificate.acm_api[each.key].domain_validation_options).resource_record_value]
}
-----
#3
resource "aws_route53_record" "acm_r53" {
for_each = aws_acm_certificate.acm_api[each.key].domain_validation_options
zone_id = local.r53_zoneid
name = tolist(aws_acm_certificate.acm_api[each.key].domain_validation_options)[0].resource_record_name
type = "CNAME"
ttl = "300"
records = [tolist(aws_acm_certificate.acm_api[each.key].domain_validation_options)[0].resource_record_value]
}
使用循环有什么解决方案吗?我不想尽可能使用单独的资源块来创建证书和记录,因为这会不必要地延长代码。
For_each、For_each/For 循环
使用外部模块有什么限制吗?
对我来说,模块 https://github.com/terraform-aws-modules/terraform-aws-acm/ 工作完美,只需几行代码即可创建 ACM。