1  resource "aws_acm_certificate" "main" {
 2    domain_name = "${var.stage}.${var.domain}"
 3  
 4    subject_alternative_names = reverse(sort(var.sans))
 5    validation_method         = "DNS"
 6  
 7    tags = {
 8      Name = "${var.stage}.${var.domain}"
 9    }
10  }
11  
12  resource "aws_route53_record" "cert_verification" {
13    zone_id = var.zone_id
14    name    = replace(tolist(aws_acm_certificate.main.domain_validation_options)[count.index].resource_record_name, ".${var.domain}.", "")
15    type    = tolist(aws_acm_certificate.main.domain_validation_options)[count.index].resource_record_type
16    ttl     = 300
17    records = [tolist(aws_acm_certificate.main.domain_validation_options)[count.index].resource_record_value]
18    count   = length(aws_acm_certificate.main.domain_validation_options)
19  }
20  
21  resource "aws_acm_certificate_validation" "main" {
22    certificate_arn         = aws_acm_certificate.main.arn
23    validation_record_fqdns = [
24      for verification in aws_route53_record.cert_verification:
25      "${verification.name}.${var.domain}"
26    ]
27  }