I have issued 2 certificates for the same domain in two regions, ap-northeast-1 and us-east-1 because my main servers are in ap-northeast-1, and CloudFront requires a certificate in us-east-1.
I want to select one in us-east-1 as a terraform data source but these have same domain name.
I defined certificate resource like
# ACM Certificate on us-east-1 (Global)
data "aws_acm_certificate" "cert_global" {
domain = "my.example.com"
statuses = ["ISSUED"]
}
and I referred to it like
resource "aws_cloudfront_distribution" "static" {
(snip)
viewer_certificate {
acm_certificate_arn = "${data.aws_acm_certificate.cert_global.arn}"
minimum_protocol_version = "TLSv1"
ssl_support_method = "sni-only"
}
}
causes
1 error(s) occurred:
* aws_cloudfront_distribution.static: 1 error(s) occurred:
* aws_cloudfront_distribution.static: InvalidViewerCertificate: The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain.
status code: 400, request id: ceece17f-6610-11e7-977d-114d7e67d7c1
I understood terraform detects two certificates with the same domain name in two regions but don't know how to specify one.
The document says nothing about the region for a specific resource https://www.terraform.io/docs/providers/aws/d/acm_certificate.html
How can I use one in us-east-1?
I found the answer by myself.
data
has provider
attribute.
provider "aws" {
alias = "virginia"
region = "us-east-1"
}
data "aws_acm_certificate" "cert_global" {
domain = "my.example.com"
statuses = ["ISSUED"]
provider = aws.virginia
}
finds the certificate in us-east-1.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With