Terraform Cloudfront InvalidViewerCertificate
Terraform Cloudfront InvalidViewerCertificate
我正在尝试使用现有的 ACM 证书创建 Cloudform 分发版:
data "aws_acm_certificate" "issued" {
domain = "*.mydomain.com"
statuses = ["ISSUED"]
}
resource "aws_cloudfront_distribution" "cloudfront" {
...
viewer_certificate {
cloudfront_default_certificate = false
acm_certificate_arn = data.aws_acm_certificate.issued.id
minimum_protocol_version = "TLSv1.1_2016"
ssl_support_method = "sni-only"
}
...
}
我收到错误:错误:更新 CloudFront 分发时出错 (EMLDE0O3OG6CZ):InvalidViewerCertificate:指定的 SSL 证书不存在,不在 us-east-1 区域,是无效,或不包含有效的证书链。
该证书已用于另一个手动创建的分发版,当我将 data.aws_acm_certificate.issued.id 替换为证书 ARN 作为字符串时,一切正常。
好的,仔细看一下,我意识到证书来自我正在部署资源的区域,而不是 "us-east-1"
基于this answer,我是这样解决问题的:
provider "aws" {
region = var.aws_region
}
provider "aws" {
alias = "virginia"
region = "us-east-1"
}
data "aws_acm_certificate" "issued" {
domain = "*.example.com"
statuses = ["ISSUED"]
provider = aws.virginia
}
根据 Terraform's docs,没有别名的提供商是默认提供商,我将仅使用第二个来获取我的证书数据!
我正在尝试使用现有的 ACM 证书创建 Cloudform 分发版:
data "aws_acm_certificate" "issued" {
domain = "*.mydomain.com"
statuses = ["ISSUED"]
}
resource "aws_cloudfront_distribution" "cloudfront" {
...
viewer_certificate {
cloudfront_default_certificate = false
acm_certificate_arn = data.aws_acm_certificate.issued.id
minimum_protocol_version = "TLSv1.1_2016"
ssl_support_method = "sni-only"
}
...
}
我收到错误:错误:更新 CloudFront 分发时出错 (EMLDE0O3OG6CZ):InvalidViewerCertificate:指定的 SSL 证书不存在,不在 us-east-1 区域,是无效,或不包含有效的证书链。
该证书已用于另一个手动创建的分发版,当我将 data.aws_acm_certificate.issued.id 替换为证书 ARN 作为字符串时,一切正常。
好的,仔细看一下,我意识到证书来自我正在部署资源的区域,而不是 "us-east-1"
基于this answer,我是这样解决问题的:
provider "aws" {
region = var.aws_region
}
provider "aws" {
alias = "virginia"
region = "us-east-1"
}
data "aws_acm_certificate" "issued" {
domain = "*.example.com"
statuses = ["ISSUED"]
provider = aws.virginia
}
根据 Terraform's docs,没有别名的提供商是默认提供商,我将仅使用第二个来获取我的证书数据!