如何在數據源的特定區域中指定ACM證書？

Question

由於我的主要服務器位於ap-northeast-1，並且CloudFront需要在我們位於east-1的證書，因此我已在兩個區域（ap-northeast-1和us-east-1）爲同一個域頒發了2個證書。

我想選擇一個在我們東1作爲terraform數據源，但這些具有相同的域名。

我定義證書資源等

# ACM Certificate on us-east-1 (Global) 
data "aws_acm_certificate" "cert_global" { 
    domain = "my.example.com" 
    statuses = ["ISSUED"] 
} 

，我提到了它喜歡

resource "aws_cloudfront_distribution" "static" { 
    (snip) 
    viewer_certificate { 
    acm_certificate_arn = "${data.aws_acm_certificate.cert_global.arn}" 
    minimum_protocol_version = "TLSv1" 
    ssl_support_method = "sni-only" 
    } 
} 

導致

1 error(s) occurred: 

* aws_cloudfront_distribution.static: 1 error(s) occurred: 

* aws_cloudfront_distribution.static: InvalidViewerCertificate: The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain. 
    status code: 400, request id: ceece17f-6610-11e7-977d-114d7e67d7c1 

我理解terraform檢測到與兩個相同的域名兩個證書地區，但不知道如何指定。

文件隻字未提區域特定資源https://www.terraform.io/docs/providers/aws/d/acm_certificate.html

如何使用一個在美國東1？

Answer 1

我自己找到了答案。 data具有provider屬性。

provider "aws" { 
    alias = "virginia" 
    region = "us-east-1" 
} 

data "aws_acm_certificate" "cert_global" { 
    domain = "my.example.com" 
    statuses = ["ISSUED"] 
    provider = "aws.virginia" 
} 

找到us-east-1中的證書。