Terraform nested for_each aws_acm_certificate domain_validation_options

A couple ways you can handle this.

  1. It looks like you are using the same high level domain. In this case it’s example.com. You should consider using the subject_alternative_names option in the aws_acm_certificate resource. This would request just one cert with multiple SANs, and the logic you have there from the provider doc would create the validation record sets as needed.

  2. If you’re looking to create unique individual certs, I suggest a modular approach. If simply looking at certs being validated through DNS, you can take all of the code you have there (plus the aws_acm_certificate_validation resource not shown) and package it up into a module in its own folder. You can then call that module with something like this:

module "acm_certs" {
  for_each = var.sub_domains

  source = "../modules/acm_certificate/"

  certificate_domain_name   = "${each.value}.example.com"
  validation_domain_name    = "example.com"
}

Notice we can use for_each to call modules in Terraform v0.13+, giving us more flexibility in accomplishing what you are asking, but without introducing complexity in the re-usable code itself.

Each variable you see there are inputs to the module. If you need a more detailed explanation of what I mean by modules, just reply and I’ll dive a bit deeper.

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top