» aws_acm_certificate_validation

This resource represents a successful validation of an ACM certificate in concert with other resources.

Most commonly, this resource is used to together with aws_route53_record and aws_acm_certificate_validation to request a DNS validated certificate, deploy the required validation records and wait for validation to complete.

» Example Usage

resource "aws_acm_certificate" "cert" {
  domain_name = "example.com"
  validation_method = "DNS"

data "aws_route53_zone" "zone" {
  name = "example.com."
  private_zone = false

resource "aws_route53_record" "cert_validation" {
  name = "${aws_acm_certificate.cert.domain_validation_options.0.resource_record_name}"
  type = "${aws_acm_certificate.cert.domain_validation_options.0.resource_record_type}"
  zone_id = "${data.aws_route53_zone.zone.id}"
  records = ["${aws_acm_certificate.cert.domain_validation_options.0.resource_record_value}"]
  ttl = 60

resource "aws_acm_certificate_validation" "cert" {
  certificate_arn = "${aws_acm_certificate.cert.arn}"
  validation_record_fqdns = ["${aws_route53_record.cert_validation.fqdn}"]

resource "aws_lb_listener" "front_end" {
  # [...]
  certificate_arn   = "${aws_acm_certificate_validation.cert.certificate_arn}"

» Argument Reference

The following arguments are supported:

  • certificate_arn - (Required) The ARN of the certificate that is being validated.
  • validation_record_fqdns - (Optional) List of FQDNs that implement the validation. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation

» Timeouts

acm_certificate_validation provides the following Timeouts configuration options:

  • create - (Default 45m) How long to wait for a certificate to be issued.