我在两个区域为同一域颁发了 2 个证书,ap-northeast-1 和 us-east-1,因为我的主服务器位于 ap-northeast-1,而 CloudFront 需要 us-east-1 中的证书.
我想在 us-east-1 中选择一个作为 terraform 数据源,但它们具有相同的域名。
我像这样定义了证书资源
# ACM Certificate on us-east-1 (Global)
data "aws_acm_certificate" "cert_global" {
domain = "my.example.com"
statuses = ["ISSUED"]
}
我是这样调用它的
resource "aws_cloudfront_distribution" "static" {
(snip)
viewer_certificate {
acm_certificate_arn = "${data.aws_acm_certificate.cert_global.arn}"
minimum_protocol_version = "TLSv1"
ssl_support_method = "sni-only"
}
}
原因
1 error(s) occurred:
* aws_cloudfront_distribution.static: 1 error(s) occurred:
* aws_cloudfront_distribution.static: InvalidViewerCertificate: The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain.
status code: 400, request id: ceece17f-6610-11e7-977d-114d7e67d7c1
我知道 terraform 在两个区域检测到两个具有相同域名的证书,但不知道如何指定一个。
文档没有说明特定资源的区域 https://www.terraform.io/docs/providers/aws/d/acm_certificate.html
如何在 us-east-1 中使用一个?
最佳答案
我自己找到了答案。
data
具有 provider
属性。
provider "aws" {
alias = "virginia"
region = "us-east-1"
}
data "aws_acm_certificate" "cert_global" {
domain = "my.example.com"
statuses = ["ISSUED"]
provider = aws.virginia
}
在 us-east-1 中找到证书。
关于amazon-web-services - 如何为数据源指定特定地域的ACM证书?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45027175/