You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Terraform "aws_acm_certificate" has always returned the validation option for the certificate common name (CN) as element 0, and any subject alternative names (SAN) after.
This is crucial to us, since we create DNS validations records in different DNS zones (in different AWS accounts), for CN and SANs respectively.
Recently, Amazon seems to return the validations options in random order, resulting in a high risk of attempting to validate certificate, by creating DNS records in wrong/invalid zones. Thus certificate validation, and consequently the pipeline fails.
Terraform "aws_acm_certificate" has always returned the validation option for the certificate common name (CN) as element 0, and any subject alternative names (SAN) after.
This is crucial to us, since we create DNS validations records in different DNS zones (in different AWS accounts), for CN and SANs respectively.
Recently, Amazon seems to return the validations options in random order, resulting in a high risk of attempting to validate certificate, by creating DNS records in wrong/invalid zones. Thus certificate validation, and consequently the pipeline fails.
See also hashicorp/terraform-provider-aws#8531.
The text was updated successfully, but these errors were encountered: