如何为数据源指定特定区域的ACM证书? [英] How to specify a ACM certificate in a specific region for a data source?

查看：38 发布时间：2021/8/27 20:44:26 amazon-web-services ssl terraform

本文介绍了如何为数据源指定特定区域的ACM证书?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我在两个区域为同一个域颁发了 2 个证书，ap-northeast-1 和 us-east-1，因为我的主服务器在 ap-northeast-1，而 CloudFront 需要在 us-east-1 中的证书.

I have issued 2 certificates for the same domain in two regions, ap-northeast-1 and us-east-1 because my main servers are in ap-northeast-1, and CloudFront requires a certificate in us-east-1.

我想在 us-east-1 中选择一个作为 terraform 数据源，但它们具有相同的域名.

I want to select one in us-east-1 as a terraform data source but these have same domain name.

我定义了像

# ACM Certificate on us-east-1 (Global)
data "aws_acm_certificate" "cert_global" {
  domain = "my.example.com"
  statuses = ["ISSUED"]
}

我这样称呼它

resource "aws_cloudfront_distribution" "static" {
  (snip)
  viewer_certificate {
    acm_certificate_arn = "${data.aws_acm_certificate.cert_global.arn}"
    minimum_protocol_version = "TLSv1"
    ssl_support_method = "sni-only"
  }
}

原因

1 error(s) occurred:

* aws_cloudfront_distribution.static: 1 error(s) occurred:

* aws_cloudfront_distribution.static: InvalidViewerCertificate: The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain.
    status code: 400, request id: ceece17f-6610-11e7-977d-114d7e67d7c1

我知道 terraform 在两个区域检测到两个具有相同域名的证书，但不知道如何指定一个.

I understood terraform detects two certificates with the same domain name in two regions but don't know how to specify one.

该文档没有说明特定资源的区域 https://www.terraform.io/docs/providers/aws/d/acm_certificate.html

The document says nothing about the region for a specific resource https://www.terraform.io/docs/providers/aws/d/acm_certificate.html

如何在 us-east-1 中使用一个?

How can I use one in us-east-1?

推荐答案

我自己找到了答案.data 具有 provider 属性.

I found the answer by myself. data has provider attribute.

provider "aws" {
  alias = "virginia"
  region = "us-east-1"
}

data "aws_acm_certificate" "cert_global" {
  domain = "my.example.com"
  statuses = ["ISSUED"]
  provider = "aws.virginia"
}

在 us-east-1 中找到证书.

finds the certificate in us-east-1.

这篇关于如何为数据源指定特定区域的ACM证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

如何为数据源指定特定区域的ACM证书? [英] How to specify a ACM certificate in a specific region for a data source?

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

如何为数据源指定特定区域的ACM证书? [英] How to specify a ACM certificate in a specific region for a data source?

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭