I'm trying to create and validate an AWS ACM certificate with Terraform. This is my config:
// not used in this config, but it does exist
resource "aws_route53_zone" "main" {
name = "mycompany.com"
}
resource "aws_route53_zone" "dev" {
name = "dev.mycompany.com"
}
resource "aws_acm_certificate" "cert" {
domain_name = "*.dev.mycompany.com"
validation_method = "DNS"
key_algorithm = "RSA_2048"
}
resource "aws_route53_record" "records" {
for_each = {
for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 300
type = each.value.type
zone_id = aws_route53_zone.dev.zone_id
}
resource "aws_acm_certificate_validation" "validation" {
certificate_arn = aws_acm_certificate.cert.arn
validation_record_fqdns = [for record in aws_route53_record.records : record.fqdn]
}
But aws_acm_certificate_validation creation takes forever:
aws_acm_certificate_validation.validation: Still creating... [5m30s elapsed]
It never ends.
If I stop the execution with Control + C, I get this:
waiting for ACM Certificate ({arn here}) to be issued: context canceled
What is wrong in my configuration?
Solved. Problem was due a hosted zone misconfiguration (I changed NS records manually and they didn't match with SOA record). Nothing related to the certificate itself; code in the question is perfectly valid.