Creating multi-domain ACM certificates using terraform
Creating multi-domain ACM certificates can be tricky with terraform, the examples only show creating a single domain and waiting for validation.
This example shows how it can be done, it works even if the domains are using different DNS providers.
First create your certificate and validation as normal
resource "aws_acm_certificate" "main" {
domain_name = "example.com"
subject_alternative_names = ["test.com"]
validation_method = "DNS"
lifecycle {
create_before_destroy = true
}
}
resource "aws_acm_certificate_validation" "main" {
certificate_arn = aws_acm_certificate.main.arn
lifecycle {
create_before_destroy = true
}
}
Note it has two domains, example.com and test.com
Now create the DNS records using locals to filter by domain
locals {
example_com_cert_validation_domains = [for dvo in aws_acm_certificate.main.domain_validation_options : dvo if length(regexall("example.com", dvo.domain_name)) > 0]
test_com_cert_validation_domains = [for dvo in aws_acm_certificate.main.domain_validation_options : dvo if length(regexall("test.com", dvo.domain_name)) > 0]
}
resource "aws_route53_record" "example_com_cert" {
for_each = {
for dvo in local.example_com_cert_validation_domains : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 60
type = each.value.type
zone_id = "ZONEID"
}
resource "aws_route53_record" "test_com_cert" {
for_each = {
for dvo in local.test_com_cert_validation_domains : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 60
type = each.value.type
zone_id = "OTHERZONEID"
}