resource "aws_route53_record" "record" {
zone_id = data.aws_route53_zone.selected.zone_id
name = "${var.sfs_instance_name}.example.com"
type = "A"
ttl = "60"
records = ["${aws_eip.sfs.public_ip}"]
}
resource "null_resource" "sfs-ssl-certs" {
connection {
type = "ssh"
user = "centos"
host = aws_eip.sfs.public_ip
private_key = file("../keys/${var.sfs_instance_name}.pem")
}
provisioner "remote-exec" {
inline = [
"set -x",
"sudo certbot --nginx -d ${var.sfs_instance_name}.example.com --register-unsafely-without-email --agree-tos --force-renewal --non-interactive > /home/centos/get_cert.log"
]
}
Creating nginx ssl for the domain name "${var.sfs_instance_name}.example.com"
on the fly, the entry is added at the end of the execution so the certbox ssl cert creation fails, how can i overcome it, can i wait upon the resource "aws_route53_record"
entry creation or is there any other workaround ?
2
Answers
I think the solution is to add depends_on:
You can avoid the
depends_on
here by properly interpolating the value out of the resource instead:Terraform only needs the
depends_on
parameter when it’s not possible to tell the other resource about the dependency chain directly by interpolating values of the resource into the other resources. In general if you can avoid using it and stick to direct resource interpolation then it makes things better. As another other positive side it avoids you having to build the DNS record name by string concatenation in two places.The Terraform documentation around resource dependencies also suggest avoid
depends_on
unless absolutely necessary: