我正在尝试从我的证书中添加 route53 记录以进行验证,但无法正常工作。我无法获取正确的信息。以下是一个例子。
variable "my_certificates" {
default = [
{
zone = "aws.example.com"
zone_id = "ZXXXXXXXXXXXXX"
name = "aws.example.com"
alt_names = "*.example.com,*.aws.example.com"
},
{
zone = "aws.example.net"
zone_id = "ZXXXXXXXXXXXXY"
name = "aws.example.net"
alt_names = "*.aws.example.net"
},
]
}
variable "certificate_domains_count" {
default = 5
}
resource "aws_acm_certificate" "my_certificates" {
count = "${length(var.my_certificates)}"
domain_name = "${lookup(var.my_certificates[count.index], "name")}"
subject_alternative_names = "${split(",", lookup(var.my_certificates[count.index], "alt_names"))}"
validation_method = "DNS"
}
resource "aws_route53_record" "certificates_validation_records" {
# Can't count on computed, use static.
#count = "${length(aws_acm_certificate.certificates.domain_validation_options)}"
count = "${var.certificate_domains_count}"
zone_id = "${lookup(var.my_certificates[count.index], "zone_id")}"
# Problem with the following 3 lines.
# I'm stuck.
name = "${lookup(aws_acm_certificate.my_certificates.*.domain_validation_options[count.index], "resource_record_name")}"
type = "${lookup(aws_acm_certificate.my_certificates.*.domain_validation_options[count.index], "resource_record_type")}"
records = ["${lookup(aws_acm_certificate.my_certificates.*.domain_validation_options[count.index], "resource_record_value")}"]
ttl = 60
}
我的问题是这样一行:
"${lookup(aws_acm_certificate.my_certificates.*.domain_validation_options[count.index], "resource_record_name")}"
我找不到一种方法来循环遍历 my_certificates 数组,同时访问数组元素内的映射值
答案1
在 terraform 12 语法中使用 for_each 可以更轻松地完成这些事情。请注意,我确实将变量切换为映射而不是列表。
variable "my_certificates" {
default = {
"aws.example.com" = {
zone = "aws.example.com"
zone_id = "ZXXXXXXXXXXXXX"
name = "aws.example.com"
alt_names = "*.example.com,*.aws.example.com"
},
"aws.example.net" = {
zone = "aws.example.net"
zone_id = "ZXXXXXXXXXXXXY"
name = "aws.example.net"
alt_names = "*.aws.example.net"
},
}
}
variable "certificate_domains_count" {
default = 5
}
resource "aws_acm_certificate" "my_certificates" {
for_each = var.my_certificates
domain_name = each.key
subject_alternative_names = split(",", each.value.alt_names)
validation_method = "DNS"
}
resource "aws_route53_record" "certificates_validation_records" {
for_each = var.my_certificates
zone_id = each.value.zone_id
name = aws_acm_certificate.my_certificates[each.key].domain_validation_options.0.resource_record_name
type = aws_acm_certificate.my_certificates[each.key].domain_validation_options.0.resource_record_type
records = [aws_acm_certificate.my_certificates[each.key].domain_validation_options.0.resource_record_value]
ttl = 60
}