diff --git a/aws-acm-cert/README.md b/aws-acm-cert/README.md index fad79a69..378d890e 100644 --- a/aws-acm-cert/README.md +++ b/aws-acm-cert/README.md @@ -41,6 +41,7 @@ module "cert" { | owner | Owner for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | | project | Project for tagging and naming. See [doc](../README.md#consistent-tagging) | string | n/a | yes | | service | Service for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | +| subject\_alternative\_names\_order | Order to list the subject alternative names in the ACM cert. Workaround for https://github.com/terraform-providers/terraform-provider-aws/issues/8531 | list(string) | `null` | no | | validation\_record\_ttl | | string | `"60"` | no | ## Outputs diff --git a/aws-acm-cert/main.tf b/aws-acm-cert/main.tf index 86bf8ca4..59fce392 100755 --- a/aws-acm-cert/main.tf +++ b/aws-acm-cert/main.tf @@ -12,7 +12,7 @@ locals { resource "aws_acm_certificate" "cert" { domain_name = "${var.cert_domain_name}" - subject_alternative_names = "${keys(var.cert_subject_alternative_names)}" + subject_alternative_names = var.subject_alternative_names_order == null ? keys(var.cert_subject_alternative_names) : var.subject_alternative_names_order validation_method = "DNS" tags = "${local.tags}" diff --git a/aws-acm-cert/variables.tf b/aws-acm-cert/variables.tf index d0279f2e..2b09dcd2 100755 --- a/aws-acm-cert/variables.tf +++ b/aws-acm-cert/variables.tf @@ -43,3 +43,9 @@ variable "allow_validation_record_overwrite" { description = "Allow the overwrite of validation records. This is needed if you are creating certificates in multiple regions." default = true } + +variable "subject_alternative_names_order" { + type = list(string) + description = "Order to list the subject alternative names in the ACM cert. Workaround for https://github.com/terraform-providers/terraform-provider-aws/issues/8531" + default = null +} \ No newline at end of file