aws_acm_certificate conflict with same domain_name in the same region

[vhiairrassary]

When creating two aws_acm_certificate resources with the same domain_name (and optionally same subject_alternative_names) only one resource is created in AWS while both resources point to the same id. If I create both certificate manually in the console it works as expected.

One workaround is to add a dummy value in subject_alternative_names to differentiate both resources.

My use case is to have two times the same certificate:

• one in the current region like eu-west-1
• one in us-east-1 for CloudFront

The bug happens when the current region is us-east-1.

Terraform Version

> terraform -v
Terraform v0.11.11
+ provider.aws v2.0.0

Affected Resource(s)

• aws_acm_certificate

Terraform Configuration Files

provider "aws" {
  region = "us-east-1"
}

resource "aws_acm_certificate" "cert1" {
  domain_name = "example.com"
  validation_method = "DNS"
}

resource "aws_acm_certificate" "cert2" {
  domain_name = "example.com"
  validation_method = "DNS"
}

resource "aws_acm_certificate" "cert3" {
  domain_name = "other.com"
  validation_method = "DNS"
}

Expected Behavior

I should see 3 certificates in my AWS console.

Actual Behavior

I see only 2 certificates in my AWS console (one for example.com & one for other.com).

Steps to Reproduce

1. terraform apply
2. terraform state pull

In the output we can see that aws_acm_certificate.cert1 & aws_acm_certificate.cert2 have the same id.

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[blckct]

Well, it should work with two certificates that are the same but why are you creating them in the same region if you say you want them in different regions?

provider "aws" {
  region    = "us-east-1"
  alias     = "america"
}

resource "aws_acm_certificate" "cert2" {
  domain_name = "example.com"
  validation_method = "DNS"
  provider = "aws.america"
}

[bflad]

Hi folks 👋 This issue was resolved awhile ago in version 2.23.0 of the Terraform AWS Provider and should have been fixed in all versions since. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

If you are still having trouble on recent versions of the Terraform AWS Provider, please create a new GitHub issue following the bug report template. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!