Subject Alternative Names in existing certs?
I am using `acm-tls-certificate` module of `terraform-aws-load-balancer`. If I try to add a subject alternative name to a cert that i imported into the module’s state, it seems to ignore it. I get the same plan output whether i have the `subject_alternative_names =` line or not. If i add another cert description to the `acm_tls_certificates` input object, it seems to handle it properly and the SAN is visible in the plan output. Am I overlooking something? Or is the module ignoring the `subject_alternative_names` parameter when operating on an ACM cert that has been imported? --- <ins datetime="2022-07-12T13:45:40Z"> <p><a href="https://support.gruntwork.io/hc/requests/108958">Tracked in ticket #108958</a></p> </ins>
We deliberately ignore changes to the SAN post creation due to a legacy bug in terraform that caused the subject alternative names to always return out of order, causing changes in the plan. I see that this has since been fixed in Terraform, so we could probably unlock that. That said, updating subject alternative names actually requires recreating the ACM cert, so it’s best to just avoid the import and create a new ACM cert to avoid downtime.