我将尝试创建和验证AWS证书,通过遵循Terraform文档中的示例,使用Terraform进行翻译并在此处进行验证:https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate_validation#dns-validation-with-route-53
我的Terraform文件如下:
问题在于运行
resource "aws_acm_certificate" "vpn_server" {
domain_name = "stuff.mine.com"
validation_method = "DNS"
tags = {
Name = "certificate"
Scope = "vpn_server"
Environment = "vpn"
}
}
resource "aws_acm_certificate_validation" "vpn_server" {
certificate_arn = aws_acm_certificate.vpn_server.arn
validation_record_fqdns = [for record in aws_route53_record.my_dns_record_vpn_server : record.fqdn]
timeouts {
create = "2m"
}
}
resource "aws_route53_zone" "my_dns" {
name = "stuff.mine.com"
tags = {
name = "dns_zone"
}
}
resource "aws_route53_record" "my_dns_record_vpn_server" {
for_each = {
for dvo in aws_acm_certificate.vpn_server.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 60
type = each.value.type
zone_id = resource.aws_route53_zone.my_dns.zone_id
}
问题在于运行
terraform apply
时,验证总是超时并以错误消息失败:aws_acm_certificate.vpn_server: Creating...
aws_acm_certificate.vpn_server: Creation complete after 8s [id=arn:aws:acm:eu-west-2:320289993971:certificate/7e859491-141f-49d5-b50e-c44cf4e1db4e]
aws_route53_zone.my_dns: Creating...
aws_route53_zone.my_dns: Still creating... [10s elapsed]
aws_route53_zone.my_dns: Creation complete after 52s [id=Z09112516IIP4OEAIIQ7]
aws_route53_record.my_dns_record_vpn_server["stuff.mine.com"]: Creating...
aws_route53_record.my_dns_record_vpn_server["stuff.mine.com"]: Still creating... [10s elapsed]
aws_route53_record.my_dns_record_vpn_server["stuff.mine.com"]: Still creating... [20s elapsed]
aws_route53_record.my_dns_record_vpn_server["stuff.mine.com"]: Still creating... [30s elapsed]
aws_route53_record.my_dns_record_vpn_server["stuff.mine.com"]: Still creating... [40s elapsed]
aws_route53_record.my_dns_record_vpn_server["stuff.mine.com"]: Still creating... [50s elapsed]
aws_route53_record.my_dns_record_vpn_server["stuff.mine.com"]: Creation complete after 58s [id=Z09112516IIP4OEAIIQ7__ebd2853fcbfc7cc8bd6582e65d940d54.stuff.mine.com._CNAME]
aws_acm_certificate_validation.vpn_server: Creating...
aws_acm_certificate_validation.vpn_server: Still creating... [10s elapsed]
aws_acm_certificate_validation.vpn_server: Still creating... [20s elapsed]
aws_acm_certificate_validation.vpn_server: Still creating... [30s elapsed]
aws_acm_certificate_validation.vpn_server: Still creating... [40s elapsed]
aws_acm_certificate_validation.vpn_server: Still creating... [50s elapsed]
aws_acm_certificate_validation.vpn_server: Still creating... [1m0s elapsed]
aws_acm_certificate_validation.vpn_server: Still creating... [1m10s elapsed]
aws_acm_certificate_validation.vpn_server: Still creating... [1m20s elapsed]
aws_acm_certificate_validation.vpn_server: Still creating... [1m30s elapsed]
aws_acm_certificate_validation.vpn_server: Still creating... [1m40s elapsed]
aws_acm_certificate_validation.vpn_server: Still creating... [1m50s elapsed]
aws_acm_certificate_validation.vpn_server: Still creating... [2m0s elapsed]
╷
│ Error: Error describing created certificate: Expected certificate to be issued but was in state PENDING_VALIDATION
│
│ with aws_acm_certificate_validation.vpn_server,
│ on main.tf line 61, in resource "aws_acm_certificate_validation" "vpn_server":
│ 61: resource "aws_acm_certificate_validation" "vpn_server" {
│
╵
有人能告诉我缺少什么,才能完成证书验证吗?