Tell Terraform to ignore Route53 resource in different workspace

0
votes

I currently have 2 workspaces within Terraform, one for Prod and one for Dev.

In prod my Terraform code creates a Route53 entry and then add's a cert as a CNAME to the Route53 hosted zone and then attaches the cert to my load balancer.

resource "aws_acm_certificate" "default" {
  domain_name = "www.test.uk"
  validation_method = "DNS"
}

resource "aws_route53_record" "validation" {
  name = aws_acm_certificate.default.domain_validation_options[0].resource_record_name
  type = aws_acm_certificate.default.domain_validation_options[0].resource_record_type
  zone_id = "Z0725470IF9R8J77LPTU"
  records = [
    aws_acm_certificate.default.domain_validation_options[0].resource_record_value]
  ttl = "60"
}

resource "aws_acm_certificate_validation" "default" {
  certificate_arn = aws_acm_certificate.default.arn
  validation_record_fqdns = [
    aws_route53_record.validation.fqdn,
  ]
}

When I switch my workspace to dev and run terraform apply it tries to creates this Route53 entry again and errors. Is there a way to tell Terraform to ignore this?

I tried adding a count of 0 but it gave me this error

Error: Missing resource instance key

on alb.tf line 12, in resource "aws_route53_record" "validation":
12: type = aws_acm_certificate.default.domain_validation_options[0].resource_record_type

Because aws_acm_certificate.default has "count" set, its attributes must be accessed on specific instances.

For example, to correlate with indices of a referring resource, use: aws_acm_certificate.default[count.index]

Error: Missing resource instance key

on alb.tf line 15, in resource "aws_route53_record" "validation":
15:
aws_acm_certificate.default.domain_validation_options[0].resource_record_value]

Because aws_acm_certificate.default has "count" set, its attributes must be accessed on specific instances.

For example, to correlate with indices of a referring resource, use: aws_acm_certificate.default[count.index]

The best solution I've come up with is to comment out the Route53 stuff when I run terraform apply in the staging workspace, this obviously isn't an ideal solution.

1
amazon-web-servicesterraform
That error message tells you how to fix the config to work with the count meta-argument. You can do that and it will work.Matt Schuchard

1 Answers

2
votes

Untested below but I think you can use a conditional (based on your workspace name) and use count to create (or not create) the resources.

locals {
  create_me = terraform.workspace == "dev" ? 0 : 1
}

resource "aws_acm_certificate" "default" {
  count = local.create_me
  domain_name = "www.test.uk"
  validation_method = "DNS"
}

resource "aws_route53_record" "validation" {
  count = local.create_me
  name = aws_acm_certificate.default.domain_validation_options[count.index].resource_record_name
  type = aws_acm_certificate.default.domain_validation_options[count.index].resource_record_type
  zone_id = "Z0725470IF9R8J77LPTU"
  records = [
    aws_acm_certificate.default.domain_validation_options[count.index].resource_record_value]
  ttl = "60"
}

resource "aws_acm_certificate_validation" "default" {
  count = local.create_me
  certificate_arn = aws_acm_certificate.default[count.index].arn
  validation_record_fqdns = [
    aws_route53_record.validation[count.index].fqdn,
  ]
}