terraform 创建重复的 DNS 验证记录
terraform creating duplicate dns validation records
我是 Terraform 的新手,但我的 route53 文件看起来像这样...
resource "aws_route53_zone" "main" {
name = var.domain_name
tags = var.common_tags
}
resource "aws_route53_record" "root-a" {
zone_id = aws_route53_zone.main.zone_id
name = var.domain_name
type = "A"
alias {
name = aws_cloudfront_distribution.root_s3_distribution.domain_name
zone_id = aws_cloudfront_distribution.root_s3_distribution.hosted_zone_id
evaluate_target_health = false
}
}
resource "aws_route53_record" "www-a" {
zone_id = aws_route53_zone.main.zone_id
name = "www.${var.domain_name}"
type = "A"
alias {
name = aws_cloudfront_distribution.www_s3_distribution.domain_name
zone_id = aws_cloudfront_distribution.www_s3_distribution.hosted_zone_id
evaluate_target_health = false
}
}
resource "aws_route53_record" "cert-validations" {
count = length(aws_acm_certificate.ssl_certificate.domain_validation_options)
zone_id = aws_route53_zone.main.zone_id
name = element(aws_acm_certificate.ssl_certificate.domain_validation_options.*.resource_record_name, count.index)
type = element(aws_acm_certificate.ssl_certificate.domain_validation_options.*.resource_record_type, count.index)
records = [element(aws_acm_certificate.ssl_certificate.domain_validation_options.*.resource_record_value, count.index)]
ttl = 60
}
我的计划包含这个副本...
# aws_route53_record.cert-validations[0] will be created
+ resource "aws_route53_record" "cert-validations" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = "_0a4aefbce6d554a924845eec429fb23e.gingerbreadtemplate.uk"
+ records = [
+ "_8392f4358688e2d691acfe88deecb4f6.xjncphngnr.acm-validations.aws.",
]
+ ttl = 60
+ type = "CNAME"
+ zone_id = "Z068604727JU0L259KARW"
}
# aws_route53_record.cert-validations[1] will be created
+ resource "aws_route53_record" "cert-validations" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = "_0a4aefbce6d554a924845eec429fb23e.gingerbreadtemplate.uk"
+ records = [
+ "_8392f4358688e2d691acfe88deecb4f6.xjncphngnr.acm-validations.aws.",
]
+ ttl = 60
+ type = "CNAME"
+ zone_id = "Z068604727JU0L259KARW"
}
然后在应用时失败。如果我将 cert-validations.count
设置为 1
它可以工作,但我认为这是一个 hack。会不会是因为我也设置了重定向托管区,所以总体验证次数是2,但我的代码不够聪明?
我已经尝试阅读示例和文档,但我真的很难理解重复的来源。
重复可能来自 aws_acm_certificate
:
的定义
domain_name = "gingerbreadtemplate.uk"
subject_alternative_names = [
"gingerbreadtemplate.uk"
]
如果代码定义了与域名相同值的SAN,则其之后生成的验证记录将重复。
此外,由于此代码似乎是 Terraform 0.12+,因此使用 validation records 的 for_each
块会更容易阅读代码。如果在其他 SAN 中间添加新 SAN,它还可以避免计数带来的排序问题。
我是 Terraform 的新手,但我的 route53 文件看起来像这样...
resource "aws_route53_zone" "main" {
name = var.domain_name
tags = var.common_tags
}
resource "aws_route53_record" "root-a" {
zone_id = aws_route53_zone.main.zone_id
name = var.domain_name
type = "A"
alias {
name = aws_cloudfront_distribution.root_s3_distribution.domain_name
zone_id = aws_cloudfront_distribution.root_s3_distribution.hosted_zone_id
evaluate_target_health = false
}
}
resource "aws_route53_record" "www-a" {
zone_id = aws_route53_zone.main.zone_id
name = "www.${var.domain_name}"
type = "A"
alias {
name = aws_cloudfront_distribution.www_s3_distribution.domain_name
zone_id = aws_cloudfront_distribution.www_s3_distribution.hosted_zone_id
evaluate_target_health = false
}
}
resource "aws_route53_record" "cert-validations" {
count = length(aws_acm_certificate.ssl_certificate.domain_validation_options)
zone_id = aws_route53_zone.main.zone_id
name = element(aws_acm_certificate.ssl_certificate.domain_validation_options.*.resource_record_name, count.index)
type = element(aws_acm_certificate.ssl_certificate.domain_validation_options.*.resource_record_type, count.index)
records = [element(aws_acm_certificate.ssl_certificate.domain_validation_options.*.resource_record_value, count.index)]
ttl = 60
}
我的计划包含这个副本...
# aws_route53_record.cert-validations[0] will be created
+ resource "aws_route53_record" "cert-validations" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = "_0a4aefbce6d554a924845eec429fb23e.gingerbreadtemplate.uk"
+ records = [
+ "_8392f4358688e2d691acfe88deecb4f6.xjncphngnr.acm-validations.aws.",
]
+ ttl = 60
+ type = "CNAME"
+ zone_id = "Z068604727JU0L259KARW"
}
# aws_route53_record.cert-validations[1] will be created
+ resource "aws_route53_record" "cert-validations" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = "_0a4aefbce6d554a924845eec429fb23e.gingerbreadtemplate.uk"
+ records = [
+ "_8392f4358688e2d691acfe88deecb4f6.xjncphngnr.acm-validations.aws.",
]
+ ttl = 60
+ type = "CNAME"
+ zone_id = "Z068604727JU0L259KARW"
}
然后在应用时失败。如果我将 cert-validations.count
设置为 1
它可以工作,但我认为这是一个 hack。会不会是因为我也设置了重定向托管区,所以总体验证次数是2,但我的代码不够聪明?
我已经尝试阅读示例和文档,但我真的很难理解重复的来源。
重复可能来自 aws_acm_certificate
:
domain_name = "gingerbreadtemplate.uk"
subject_alternative_names = [
"gingerbreadtemplate.uk"
]
如果代码定义了与域名相同值的SAN,则其之后生成的验证记录将重复。
此外,由于此代码似乎是 Terraform 0.12+,因此使用 validation records 的 for_each
块会更容易阅读代码。如果在其他 SAN 中间添加新 SAN,它还可以避免计数带来的排序问题。