Tom*_*abe 4 ssl amazon-web-services terraform
我在两个地区发布了2个相同域的证书,ap-northeast-1和us-east-1,因为我的主服务器位于ap-northeast-1,而CloudFront需要us-east-1中的证书.
我想在us-east-1中选择一个作为terraform数据源,但它们具有相同的域名.
我定义了证书资源
# ACM Certificate on us-east-1 (Global)
data "aws_acm_certificate" "cert_global" {
domain = "my.example.com"
statuses = ["ISSUED"]
}
我提到它就像
resource "aws_cloudfront_distribution" "static" {
(snip)
viewer_certificate {
acm_certificate_arn = "${data.aws_acm_certificate.cert_global.arn}"
minimum_protocol_version = "TLSv1"
ssl_support_method = "sni-only"
}
}
原因
1 error(s) occurred:
* aws_cloudfront_distribution.static: 1 error(s) occurred:
* aws_cloudfront_distribution.static: InvalidViewerCertificate: The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain.
status code: 400, request id: ceece17f-6610-11e7-977d-114d7e67d7c1
我了解terraform在两个区域检测到两个具有相同域名的证书,但不知道如何指定一个.
该文件没有说明特定资源的区域https://www.terraform.io/docs/providers/aws/d/acm_certificate.html
我如何在我们东方1使用一个?
Tom*_*abe 11
我自己找到了答案.
data有provider属性.
provider "aws" {
alias = "virginia"
region = "us-east-1"
}
data "aws_acm_certificate" "cert_global" {
domain = "my.example.com"
statuses = ["ISSUED"]
provider = "aws.virginia"
}
在us-east-1中找到证书.
| 归档时间: |
|
| 查看次数: |
2500 次 |
| 最近记录: |