这是使用Terraform的AWS提供程序。
在Terraform中,我创建了一个SSL证书,其中包括六个子域。我需要从该资源中取出CNAME,以便将它们添加到路由53中相应的托管区域。
我创建了一个输出,这样我就可以看到aws_acm_certificate确实做了它应该做的事情,但我不确定如何为每个相应的域提取每个CNAME记录,以便在我的CNAME记录创建中使用。这个-
output "show_ssl_info_for_cnames" {
value = aws_acm_certificate.ssl_cert.domain_validation_options
}
产生这个-
+ show_ssl_info_for_cnames = [
+ {
+ domain_name = "*.qa.day-app.com"
+ resource_record_name = (known after apply)
+ resource_record_type = (known after apply)
+ resource_record_value = (known after apply)
},
+ {
+ domain_name = "*.qa.recog-now.io"
+ resource_record_name = (known after apply)
+ resource_record_type = (known after apply)
+ resource_record_value = (known after apply)
},
+ {
+ domain_name = "*.qa.sales-app.com"
+ resource_record_name = (known after apply)
+ resource_record_type = (known after apply)
+ resource_record_value = (known after apply)
},
+ {
+ domain_name = "qa.day-app.com"
+ resource_record_name = (known after apply)
+ resource_record_type = (known after apply)
+ resource_record_value = (known after apply)
},
+ {
+ domain_name = "qa.recog-now.io"
+ resource_record_name = (known after apply)
+ resource_record_type = (known after apply)
+ resource_record_value = (known after apply)
},
+ {
+ domain_name = "qa.sales-app.com"
+ resource_record_name = (known after apply)
+ resource_record_type = (known after apply)
+ resource_record_value = (known after apply)
},
接下来,我将使用资源aws_route53_record将CNAME记录名称和值添加到相应的托管区域。我如何只提取其中一个的记录类型、值和名称,比如qa-day-app.com?然后是qa.recog-no.io?
我在计数循环中尝试了以下操作,但没有成功-我想我需要将我的域列表与acm证书匹配,但不知道如何匹配-
resource "aws_route53_record" "ssl_cert_cname_creation" {
count = length(local.domainList)
provider = aws.{{awsRegion}}
allow_overwrite = true
name = tolist(aws_acm_certificate.ssl_cert.domain_validation_options)[count.index].resource_record_name # cname value
records = [ tolist(aws_acm_certificate.ssl_cert.domain_validation_options)[count.index].resource_record_value ] # cname value
type = tolist(aws_acm_certificate.ssl_cert.domain_validation_options)[count.index].resource_record_type
zone_id = <MY_ZONE_ID>
ttl = 60
}
local.domain列表为:
[
"qa.sales-app.com",
"qa.recog-now.io",
"qa.day-app.com",
]
您可以为此目的使用for表达式。考虑这个例子:
locals {
cnames = [
{
domain_name = "domainA"
resource_record_type = "typeA"
},
{
domain_name = "domainB"
resource_record_type = "typeB"
}
]
cname_obj = { for c in local.cnames : c.domain_name => c }
}
output "type_for_domain_b" {
value = local.cname_obj.domainB.resource_record_type
}
output "type_for_domain_b_as_maps" {
value = local.cname_obj["domainB"]["resource_record_type"]
}
这产生:
➜ tfp
Changes to Outputs:
+ type_for_domain_b = "typeB"
+ type_for_domain_b_as_maps = "typeB"
所以你可以看到,你可以根据要求选择域名。但是,如果您创建的是每条记录,您可能只需要将其用作for_each元参数。
resource "aws_route53_record" "ssl_cert_cname_creation" {
for_each = { for c in local.cnames : c.domain_name => c }
# etc.
}