Terraform - Error: no matching Route53Zone found

Question

I using https://github.com/cloudposse/terraform-aws-acm-request-certificate to generate certificate using terraform and aws.

I want to run this module on serval domains: "example.com", "cdn.example.com"...

I don't want to use subject_alternative_names for cdn.example.com because it will be appear on the subject field inside the certificate, and when everyone open the certificate I don't want to him to see cdn domain.

For cdn.example.com I want a new certificate.

So I try to run terraform apply with my code below but I getting errors:

Error: no matching Route53Zone found

on .terraform\modules\acm_request_certificate_example\main.tf line 19, in data "aws_route53_zone" "default": 19: data "aws_route53_zone" "default" {

Error: no matching Route53Zone found

on .terraform\modules\acm_request_certificate_cdn_example\main.tf line 19, in data "aws_route53_zone" "default": 19: data "aws_route53_zone" "default" {

I can't run more than more module? How to solve it anyway?

main.tf

terraform {
  required_version = "~> 0.12.0"
}

provider "aws" {
  version = "~> 2.12.0"
  region  = "us-east-1"
}
module "acm_request_certificate_example" {
  source                            = "git::https://github.com/cloudposse/terraform-aws-acm-request-certificate.git?ref=master"
  domain_name                       = "example.com"
  process_domain_validation_options = true
  ttl                               = "300"
}

module "acm_request_certificate_cdn_example" {
  source                            = "git::https://github.com/cloudposse/terraform-aws-acm-request-certificate.git?ref=master"
  domain_name                       = "cdn.example.com"
  process_domain_validation_options = true
  ttl                               = "300"
}

I only have example.com in the hosted zone.

Answer 1

Based on the comments.

The issue was caused by using process_domain_validation_options = true. This checks if the hosted zone exists in Roure53 prior requesting a certificate. This is done to enable automated validation of the SSL certificate to be issued.

Since in the OP's case SSL certificates are requested for domains without corresponding zones, the terraform was erroring out.

The solution was to use process_domain_validation_options = false, but this requires manual validation procedure for the SSL to be issued. To automation of this procedure must be done through a custom solution. In very broad terms, such solution could involve created required record for the validation using aws_route53_record, a lambda function or local-exec provisioner to created needed records.