I'm new to Terraform, but my route53 file looks like this...
resource "aws_route53_zone" "main" {
name = var.domain_name
tags = var.common_tags
}
resource "aws_route53_record" "root-a" {
zone_id = aws_route53_zone.main.zone_id
name = var.domain_name
type = "A"
alias {
name = aws_cloudfront_distribution.root_s3_distribution.domain_name
zone_id = aws_cloudfront_distribution.root_s3_distribution.hosted_zone_id
evaluate_target_health = false
}
}
resource "aws_route53_record" "www-a" {
zone_id = aws_route53_zone.main.zone_id
name = "www.${var.domain_name}"
type = "A"
alias {
name = aws_cloudfront_distribution.www_s3_distribution.domain_name
zone_id = aws_cloudfront_distribution.www_s3_distribution.hosted_zone_id
evaluate_target_health = false
}
}
resource "aws_route53_record" "cert-validations" {
count = length(aws_acm_certificate.ssl_certificate.domain_validation_options)
zone_id = aws_route53_zone.main.zone_id
name = element(aws_acm_certificate.ssl_certificate.domain_validation_options.*.resource_record_name, count.index)
type = element(aws_acm_certificate.ssl_certificate.domain_validation_options.*.resource_record_type, count.index)
records = [element(aws_acm_certificate.ssl_certificate.domain_validation_options.*.resource_record_value, count.index)]
ttl = 60
}
my plan contains this duplicate...
# aws_route53_record.cert-validations[0] will be created
+ resource "aws_route53_record" "cert-validations" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = "_0a4aefbce6d554a924845eec429fb23e.gingerbreadtemplate.uk"
+ records = [
+ "_8392f4358688e2d691acfe88deecb4f6.xjncphngnr.acm-validations.aws.",
]
+ ttl = 60
+ type = "CNAME"
+ zone_id = "Z068604727JU0L259KARW"
}
# aws_route53_record.cert-validations[1] will be created
+ resource "aws_route53_record" "cert-validations" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = "_0a4aefbce6d554a924845eec429fb23e.gingerbreadtemplate.uk"
+ records = [
+ "_8392f4358688e2d691acfe88deecb4f6.xjncphngnr.acm-validations.aws.",
]
+ ttl = 60
+ type = "CNAME"
+ zone_id = "Z068604727JU0L259KARW"
}
This then fails when it is applied. If i set the cert-validations.count to 1 it works but I think this is a hack. Could it be because I'm setting up a redirection hosted zone too, so the number of validations overall is 2 but my code isn't clever enough?
I've tried to read the examples and the docs but I'm really struggling to understand where the duplication is coming from.
The duplication might come from the definition of the aws_acm_certificate:
domain_name = "gingerbreadtemplate.uk"
subject_alternative_names = [
"gingerbreadtemplate.uk"
]
If the code defines a SAN with the same value than the domain name, the validation records that it generates afterwards will be duplicated.
Also as this code seems to be Terraform 0.12+, it would be easier to read the code with a for_each block for the validation records. It also avoids ordering issues that comes with count if a new SAN is added in the middle of other ones.