I'm trying to create a aws_acm_certificate with multiple subject_alternative_names
resource "aws_acm_certificate" "cert" {
provider = aws.acm
domain_name = local.domain_name
validation_method = "DNS"
subject_alternative_names = [local.domain_name, "www.${local.domain_name}"]
}
Running apply for the first time works as advertised. However, when I re-run apply with exactly the same vars terraform wants to re-create the cert with the following reason:
~ subject_alternative_names = [ # forces replacement
+ "xyz.com",
"www.xyz.com",
]
It appears that [local.domain_name, "www.${local.domain_name}"] when compared with its current state comes up as different.
Any ideas on what's going on here?
Looks like subject_alternative_names shouldn't include the cert's own domain name.
If I change subject_alternative_names to ["www.${local.domain_name}"] it seem to do the right thing. Not sure if this is a bug or enforcement of the proper way of using subject_alternative_names as I have seen many certs which include the own domain name in the subject_alternative_names.
If anybody has a better analysis I would love to hear it.