使用Terraform创建SSL证书时,它会自动假设将其发送到应该发送到postmaster@[subdomain]。[domain] .com而不是执行Postmaster@[domain] .com。在AWS认证经理中,如果我重新要求电子邮件验证,它将修复它,但我需要能够通过Terraform严格执行此操作。
我在Terraform上的任何GitHub问题中都找不到任何东西可以解决此问题。
resource "aws_acm_certificate" "aws_cert" {
domain_name = "${var.domain_name}"
validation_method = "${var.validation_method}"
subject_alternative_names = ["${var.subject_alternative_names}"]
tags = {
Name = "${var.environment}-${var.app_name}-aws-certificate"
ManagedBy = "My Terraform"
Environment = "${var.environment}"
Team = "vin-${var.team_name}"
}
lifecycle {
create_before_destroy = true
}
}
这曾经是Terraform的限制。有一个合并请求解决了:https://github.com/terraform-providers/terraform-provider-aws/pull/3853
在运行Terraform以从输出变量中获取证书ARN后,使用AWS CLI运行PowerShell命令以查看证书是否已发行,以及是否尚未使用PowerShell命令,以及是否尚未进行检查,则发行然后通过AWS CLI
将其重新启动// Get AWS Cert Status Here
$awsCertStatus = (aws acm describe-certificate --certificate-arn arn:aws:acm:us-east-1:881385135648:certificate/52e2b724-0400-4b3f-9032-0d80f9c3e9ea | ConvertFrom-Json).Certificate.Status
// Check if Cert Status is of Issued
if($awsCertStatus -ne "ISSUED"){
// It hasn't been issued, resend the validation email
aws acm resend-validation-email --certificate-arn <ARN> --domain subdomain.domain.com --validation-domain domain.com
}