fix: aws_acm_certificate_validation uses create timestamp as id for validation not certificate arn

[jufemaiz]

Resolves #24452.

Advice required from @mattburgess and @ewbankkit as it is relates to fixing breaking changes at #20073.

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Relates OR Closes #0000

Output from acceptance testing:

test output (isn't quite right?)

``` $ make testacc TESTS=TestAccACM PKG=acm

==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACM' -timeout 180m
=== RUN TestAccACMCertificateDataSource_singleIssued
certificate_data_source_test.go:19: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set
--- SKIP: TestAccACMCertificateDataSource_singleIssued (0.00s)
=== RUN TestAccACMCertificateDataSource_multipleIssued
certificate_data_source_test.go:94: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set
--- SKIP: TestAccACMCertificateDataSource_multipleIssued (0.00s)
=== RUN TestAccACMCertificateDataSource_noMatchReturnsError
certificate_data_source_test.go:158: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set
--- SKIP: TestAccACMCertificateDataSource_noMatchReturnsError (0.00s)
=== RUN TestAccACMCertificateDataSource_keyTypes
=== PAUSE TestAccACMCertificateDataSource_keyTypes
=== RUN TestAccACMCertificate_emailValidation
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificate_emailValidation (0.00s)
=== RUN TestAccACMCertificate_dnsValidation
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificate_dnsValidation (0.00s)
=== RUN TestAccACMCertificate_root
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificate_root (0.00s)
=== RUN TestAccACMCertificate_validationOptions
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificate_validationOptions (0.00s)
=== RUN TestAccACMCertificate_privateCert
=== PAUSE TestAccACMCertificate_privateCert
=== RUN TestAccACMCertificate_Root_trailingPeriod
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificate_Root_trailingPeriod (0.00s)
=== RUN TestAccACMCertificate_rootAndWildcardSan
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificate_rootAndWildcardSan (0.00s)
=== RUN TestAccACMCertificate_SubjectAlternativeNames_emptyString
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificate_SubjectAlternativeNames_emptyString (0.00s)
=== RUN TestAccACMCertificate_San_single
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificate_San_single (0.00s)
=== RUN TestAccACMCertificate_San_multiple
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificate_San_multiple (0.00s)
=== RUN TestAccACMCertificate_San_trailingPeriod
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificate_San_trailingPeriod (0.00s)
=== RUN TestAccACMCertificate_San_matches_domain
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificate_San_matches_domain (0.00s)
=== RUN TestAccACMCertificate_wildcard
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificate_wildcard (0.00s)
=== RUN TestAccACMCertificate_wildcardAndRootSan
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificate_wildcardAndRootSan (0.00s)
=== RUN TestAccACMCertificate_disableCTLogging
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificate_disableCTLogging (0.00s)
=== RUN TestAccACMCertificate_Imported_domainName
=== PAUSE TestAccACMCertificate_Imported_domainName
=== RUN TestAccACMCertificate_Imported_ipAddress
=== PAUSE TestAccACMCertificate_Imported_ipAddress
=== RUN TestAccACMCertificate_PrivateKey_tags
=== PAUSE TestAccACMCertificate_PrivateKey_tags
=== RUN TestAccACMCertificateValidation_basic
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificateValidation_basic (0.00s)
=== RUN TestAccACMCertificateValidation_timeout
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificateValidation_timeout (0.00s)
=== RUN TestAccACMCertificateValidation_validationRecordFQDNS
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificateValidation_validationRecordFQDNS (0.00s)
=== RUN TestAccACMCertificateValidation_validationRecordFQDNSEmail
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificateValidation_validationRecordFQDNSEmail (0.00s)
=== RUN TestAccACMCertificateValidation_validationRecordFQDNSRoot
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificateValidation_validationRecordFQDNSRoot (0.00s)
=== RUN TestAccACMCertificateValidation_validationRecordFQDNSRootAndWildcard
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificateValidation_validationRecordFQDNSRootAndWildcard (0.00s)
=== RUN TestAccACMCertificateValidation_validationRecordFQDNSSan
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificateValidation_validationRecordFQDNSSan (0.00s)
=== RUN TestAccACMCertificateValidation_validationRecordFQDNSWildcard
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificateValidation_validationRecordFQDNSWildcard (0.00s)
=== RUN TestAccACMCertificateValidation_validationRecordFQDNSWildcardAndRoot
acctest.go:1330: Environment variable ACM_CERTIFICATE_ROOT_DOMAIN is not set. For DNS validation requests, this domain must be publicly accessible and configurable via Route53 during the testing. For email validation requests, you must have access to one of the five standard email addresses used (admin|administrator|hostmaster|postmaster|webmaster)@Domain or one of the WHOIS contact addresses.
--- SKIP: TestAccACMCertificateValidation_validationRecordFQDNSWildcardAndRoot (0.00s)
=== CONT TestAccACMCertificateDataSource_keyTypes
=== CONT TestAccACMCertificate_Imported_ipAddress
=== CONT TestAccACMCertificate_PrivateKey_tags
=== CONT TestAccACMCertificate_Imported_domainName
=== CONT TestAccACMCertificate_privateCert
=== CONT TestAccACMCertificateDataSource_keyTypes
acctest.go:196: at least one environment variable of [AWS_PROFILE AWS_ACCESS_KEY_ID AWS_CONTAINER_CREDENTIALS_FULL_URI] must be set. Usage: credentials for running acceptance testing
--- FAIL: TestAccACMCertificateDataSource_keyTypes (1.57s)
=== CONT TestAccACMCertificate_privateCert
certificate_test.go:180: Step 1/2 error: Error running pre-apply refresh: exit status 1

    Error: Invalid provider configuration

    Provider "registry.terraform.io/hashicorp/aws" requires explicit
    configuration. Add a provider block to the root module and configure the
    provider's required arguments as described in the provider documentation.


    Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.

    Please see https://registry.terraform.io/providers/hashicorp/aws
    for more information about providing credentials.

    Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request send failed, Get "http://169.254.169.254/latest/meta-data/iam/security-credentials/": dial tcp 169.254.169.254:80: i/o timeout


      with provider["registry.terraform.io/hashicorp/aws"],
      on <empty> line 0:
      (source code not available)

=== CONT TestAccACMCertificate_PrivateKey_tags
certificate_test.go:697: Step 1/5 error: Error running pre-apply refresh: exit status 1

    Error: Invalid provider configuration

    Provider "registry.terraform.io/hashicorp/aws" requires explicit
    configuration. Add a provider block to the root module and configure the
    provider's required arguments as described in the provider documentation.


    Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.

    Please see https://registry.terraform.io/providers/hashicorp/aws
    for more information about providing credentials.

    Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request send failed, Get "http://169.254.169.254/latest/meta-data/iam/security-credentials/": dial tcp 169.254.169.254:80: i/o timeout


      with provider["registry.terraform.io/hashicorp/aws"],
      on <empty> line 0:
      (source code not available)

=== CONT TestAccACMCertificate_Imported_domainName
certificate_test.go:616: Step 1/4 error: Error running pre-apply refresh: exit status 1

    Error: Invalid provider configuration

    Provider "registry.terraform.io/hashicorp/aws" requires explicit
    configuration. Add a provider block to the root module and configure the
    provider's required arguments as described in the provider documentation.


    Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.

    Please see https://registry.terraform.io/providers/hashicorp/aws
    for more information about providing credentials.

    Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request send failed, Get "http://169.254.169.254/latest/meta-data/iam/security-credentials/": dial tcp 169.254.169.254:80: i/o timeout


      with provider["registry.terraform.io/hashicorp/aws"],
      on <empty> line 0:
      (source code not available)

=== CONT TestAccACMCertificate_Imported_ipAddress
certificate_test.go:662: Step 1/2 error: Error running pre-apply refresh: exit status 1

    Error: Invalid provider configuration

    Provider "registry.terraform.io/hashicorp/aws" requires explicit
    configuration. Add a provider block to the root module and configure the
    provider's required arguments as described in the provider documentation.


    Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.

    Please see https://registry.terraform.io/providers/hashicorp/aws
    for more information about providing credentials.

    Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request send failed, Get "http://169.254.169.254/latest/meta-data/iam/security-credentials/": dial tcp 169.254.169.254:80: i/o timeout


      with provider["registry.terraform.io/hashicorp/aws"],
      on <empty> line 0:
      (source code not available)

--- FAIL: TestAccACMCertificate_PrivateKey_tags (3.61s)
--- FAIL: TestAccACMCertificate_privateCert (3.35s)
--- FAIL: TestAccACMCertificate_Imported_domainName (4.38s)
--- FAIL: TestAccACMCertificate_Imported_ipAddress (3.51s)
FAIL
FAIL github.com/hashicorp/terraform-provider-aws/internal/service/acm 9.633s
FAIL

</details>

[github-actions]

Welcome @jufemaiz 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTING guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

[dcloud9]

LGTM

[ewbankkit]

% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificateValidation_basic PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificateValidation_basic'  -timeout 180m
=== RUN   TestAccACMCertificateValidation_basic
=== PAUSE TestAccACMCertificateValidation_basic
=== CONT  TestAccACMCertificateValidation_basic
--- PASS: TestAccACMCertificateValidation_basic (90.26s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	93.946s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificateValidation_timeout PKG=acm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 20 -run='TestAccACMCertificateValidation_timeout'  -timeout 180m
=== RUN   TestAccACMCertificateValidation_timeout
=== PAUSE TestAccACMCertificateValidation_timeout
=== CONT  TestAccACMCertificateValidation_timeout
--- PASS: TestAccACMCertificateValidation_timeout (19.52s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	23.352s
% ACM_CERTIFICATE_ROOT_DOMAIN=xxxxxxxx make testacc TESTS=TestAccACMCertificateValidation_validationRecordFQDNS PKG=acm ACCTEST_PARALLELISM=3
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/acm/... -v -count 1 -parallel 3 -run='TestAccACMCertificateValidation_validationRecordFQDNS'  -timeout 180m
=== RUN   TestAccACMCertificateValidation_validationRecordFQDNS
=== PAUSE TestAccACMCertificateValidation_validationRecordFQDNS
=== RUN   TestAccACMCertificateValidation_validationRecordFQDNSEmail
=== PAUSE TestAccACMCertificateValidation_validationRecordFQDNSEmail
=== RUN   TestAccACMCertificateValidation_validationRecordFQDNSRoot
=== PAUSE TestAccACMCertificateValidation_validationRecordFQDNSRoot
=== RUN   TestAccACMCertificateValidation_validationRecordFQDNSRootAndWildcard
=== PAUSE TestAccACMCertificateValidation_validationRecordFQDNSRootAndWildcard
=== RUN   TestAccACMCertificateValidation_validationRecordFQDNSSan
=== PAUSE TestAccACMCertificateValidation_validationRecordFQDNSSan
=== RUN   TestAccACMCertificateValidation_validationRecordFQDNSWildcard
=== PAUSE TestAccACMCertificateValidation_validationRecordFQDNSWildcard
=== RUN   TestAccACMCertificateValidation_validationRecordFQDNSWildcardAndRoot
=== PAUSE TestAccACMCertificateValidation_validationRecordFQDNSWildcardAndRoot
=== CONT  TestAccACMCertificateValidation_validationRecordFQDNS
=== CONT  TestAccACMCertificateValidation_validationRecordFQDNSSan
=== CONT  TestAccACMCertificateValidation_validationRecordFQDNSWildcardAndRoot
--- PASS: TestAccACMCertificateValidation_validationRecordFQDNS (109.03s)
=== CONT  TestAccACMCertificateValidation_validationRecordFQDNSWildcard
--- PASS: TestAccACMCertificateValidation_validationRecordFQDNSSan (109.93s)
=== CONT  TestAccACMCertificateValidation_validationRecordFQDNSRoot
--- PASS: TestAccACMCertificateValidation_validationRecordFQDNSWildcard (134.04s)
=== CONT  TestAccACMCertificateValidation_validationRecordFQDNSRootAndWildcard
--- PASS: TestAccACMCertificateValidation_validationRecordFQDNSWildcardAndRoot (108.30s)
=== CONT  TestAccACMCertificateValidation_validationRecordFQDNSEmail
--- PASS: TestAccACMCertificateValidation_validationRecordFQDNSEmail (13.59s)
--- PASS: TestAccACMCertificateValidation_validationRecordFQDNSRoot (168.04s)
--- PASS: TestAccACMCertificateValidation_validationRecordFQDNSRootAndWildcard (102.85s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/acm	349.630s

[ewbankkit]

Verified with an aws_acm_certificate_validation resource created with v4.11.0:

v4.12.0

% terraform plan
aws_acm_certificate.test: Refreshing state... [id=arn:aws:acm:us-west-2:123456789012:certificate/3f5d4be0-15ad-46fe-87a1-b2eb3c1cd13f]
aws_route53_record.test: Refreshing state... [id=Z051593015R0QOQ1S18P4__765cae99b01d10cafa96ff30553a912a.testing123.example.com._CNAME]
aws_acm_certificate_validation.test: Refreshing state... [id=2022-04-29 12:46:16.243 +0000 UTC]
╷
│ Error: reading ACM Certificate (2022-04-29 12:46:16.243 +0000 UTC): ValidationException: 1 validation error detected: Value '2022-04-29 12:46:16.243 +0000 UTC' at 'certificateArn' failed to satisfy constraint: Member must satisfy regular expression pattern: arn:[\w+=/,.@-]+:acm:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=,.@-]+)*
│ 
│   with aws_acm_certificate_validation.test,
│   on main.tf line 22, in resource "aws_acm_certificate_validation" "test":
│   22: resource "aws_acm_certificate_validation" "test" {
│ 
╵

This fix

% terraform plan
aws_acm_certificate.test: Refreshing state... [id=arn:aws:acm:us-west-2:123456789012:certificate/3f5d4be0-15ad-46fe-87a1-b2eb3c1cd13f]
aws_route53_record.test: Refreshing state... [id=Z051593015R0QOQ1S18P4__765cae99b01d10cafa96ff30553a912a.testing123.example.com._CNAME]
aws_acm_certificate_validation.test: Refreshing state... [id=2022-04-29 12:46:16.243 +0000 UTC]
...
No changes. Your infrastructure matches the configuration.

[ewbankkit]

Also validated that any aws_acm_certificate_validation resource created with v4.12.0 (with id set to the certificate ARN) refreshes fine with this fix:

% terraform plan
aws_acm_certificate.test: Refreshing state... [id=arn:aws:acm:us-west-2:346386234494:certificate/3935caa0-9b32-41ea-b7e9-e541612191ed]
aws_route53_record.test: Refreshing state... [id=Z051593015R0QOQ1S18P4__765cae99b01d10cafa96ff30553a912a.testing123.ewbankkit.com._CNAME]
aws_acm_certificate_validation.test: Refreshing state... [id=arn:aws:acm:us-west-2:346386234494:certificate/3935caa0-9b32-41ea-b7e9-e541612191ed]
...
No changes. Your infrastructure matches the configuration.

[ewbankkit]

LGTM 🚀.

@jufemaiz Thanks for the contribution 🎉 👏.

[ewbankkit]

Closes #24452.

[github-actions]

This functionality has been released in v4.12.1 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[jufemaiz]

Thanks @ewbankkit for the rapid turnaround!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.