Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to specify a ACM certificate in a specific region for a data source?

I have issued 2 certificates for the same domain in two regions, ap-northeast-1 and us-east-1 because my main servers are in ap-northeast-1, and CloudFront requires a certificate in us-east-1.

I want to select one in us-east-1 as a terraform data source but these have same domain name.

I defined certificate resource like

# ACM Certificate on us-east-1 (Global)
data "aws_acm_certificate" "cert_global" {
  domain = "my.example.com"
  statuses = ["ISSUED"]
}

and I referred to it like

resource "aws_cloudfront_distribution" "static" {
  (snip)
  viewer_certificate {
    acm_certificate_arn = "${data.aws_acm_certificate.cert_global.arn}"
    minimum_protocol_version = "TLSv1"
    ssl_support_method = "sni-only"
  }
}

causes

1 error(s) occurred:

* aws_cloudfront_distribution.static: 1 error(s) occurred:

* aws_cloudfront_distribution.static: InvalidViewerCertificate: The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain.
    status code: 400, request id: ceece17f-6610-11e7-977d-114d7e67d7c1

I understood terraform detects two certificates with the same domain name in two regions but don't know how to specify one.

The document says nothing about the region for a specific resource https://www.terraform.io/docs/providers/aws/d/acm_certificate.html

How can I use one in us-east-1?

like image 385
Tomoya Kabe Avatar asked Jul 11 '17 06:07

Tomoya Kabe


1 Answers

I found the answer by myself. data has provider attribute.

provider "aws" {
  alias = "virginia"
  region = "us-east-1"
}

data "aws_acm_certificate" "cert_global" {
  domain = "my.example.com"
  statuses = ["ISSUED"]
  provider = aws.virginia
}

finds the certificate in us-east-1.

like image 180
Tomoya Kabe Avatar answered Sep 21 '22 18:09

Tomoya Kabe