TechQA.

AWS Api Gateway custom domain name certificate blocked in pending state (Terraform)

77 views Asked by At

I try to create an AWS api gateway with a custom domain name and SSL certificate.

I already bought a registered domain root.com and have an hosted zone app.root.com for my cloudfront frontend. I want then to expose my api gateway to api.app.root.com.

I use this terraform code :

certificate.tf

resource "aws_acm_certificate" "api" {
  domain_name       = "api.app.root.com"
  validation_method = "DNS"

  lifecycle {
    create_before_destroy = true
  }
}

data "aws_route53_zone" "main" {
  name = app.root.com
  private_zone = false
}

resource "aws_route53_record" "api_validation" {
  for_each = {
    for dvo in aws_acm_certificate.api.domain_validation_options : dvo.domain_name => {
      name   = dvo.resource_record_name
      record = dvo.resource_record_value
      type   = dvo.resource_record_type
    }
  }

  allow_overwrite = true
  name            = each.value.name
  records         = [each.value.record]
  ttl             = 60
  type            = each.value.type
  zone_id         = data.aws_route53_zone.main.zone_id
}

resource "aws_acm_certificate_validation" "api" {
  certificate_arn         = aws_acm_certificate.api.arn
  validation_record_fqdns = [for record in aws_route53_record.api_validation : record.fqdn]
}

dns.tf

resource "aws_apigatewayv2_domain_name" "api" {
  domain_name = aws_acm_certificate.api.domain_name

  domain_name_configuration {
    certificate_arn = aws_acm_certificate.api.arn
    endpoint_type   = "REGIONAL"
    security_policy = "TLS_1_2"
  }

  depends_on = [aws_acm_certificate_validation.api]
}

resource "aws_route53_record" "api" {
  name    = aws_apigatewayv2_domain_name.api.domain_name
  type    = "A"
  zone_id = data.aws_route53_zone.main.zone_id

  alias {
    name                   = aws_apigatewayv2_domain_name.api.domain_name_configuration[0].target_domain_name
    zone_id                = aws_apigatewayv2_domain_name.api.domain_name_configuration[0].hosted_zone_id
    evaluate_target_health = false
  }
}

So my certificate is still in the pending state. I really want to set up my api gateway like this but when I try to configure my certificate on api.root.com (so the datasource aws_route53_zone.main is set to root.com), my certificate is issued instantly.

I want to know if I can actually achieve what am i trying to do and how ? If it is something that I cannot achieve I am really interested to know why.

Thanks !

amazon-web-services terraform aws-api-gateway aws-certificate-manager aws-route53
Original Q&A
0

There are 0 answers

Related Questions in AMAZON-WEB-SERVICES

Related Questions in TERRAFORM

Related Questions in AWS-API-GATEWAY

Related Questions in AWS-CERTIFICATE-MANAGER

Related Questions in AWS-ROUTE53

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions