This resource represents a successful validation of a Fastly TLS Subscription in concert with other resources.
Most commonly, this resource is used together with a resource for a DNS record and fastly.TlsSubscription to request a DNS validated certificate, deploy the required validation records and wait for validation to complete.
Warning: This resource implements a part of the validation workflow. It does not represent a real-world entity in Fastly, therefore changing or deleting this resource on its own has no immediate effect.
Example Usage
DNS Validation with AWS Route53:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fastly from "@pulumi/fastly";
import * as std from "@pulumi/std";
// NOTE: Creating a hosted zone will automatically create SOA/NS records.
const production = new aws.index.Route53Zone("production", {name: "example.com"});
const example = new aws.index.Route53domainsRegisteredDomain("example", {
nameServer: Object.entries(production.nameServers).map(([k, v]) => ({key: k, value: v})).map(entry => ({
name: entry.value,
})),
domainName: "example.com",
});
const subdomains = [
"a.example.com",
"b.example.com",
];
const exampleServiceVcl = new fastly.ServiceVcl("example", {
domains: subdomains.map((v, k) => ({key: k, value: v})).map(entry => ({
name: entry.value,
})),
name: "example-service",
backends: [{
address: "127.0.0.1",
name: "localhost",
}],
forceDestroy: true,
});
const exampleTlsSubscription = new fastly.TlsSubscription("example", {
domains: exampleServiceVcl.domains.apply(domains => .map(domain => (domain.name))),
certificateAuthority: "lets-encrypt",
});
const domainValidation: aws.index.Route53Record[] = [];
exampleTlsSubscription.domains.apply(domains => {
for (const range of Object.entries(domains.reduce((__obj, domain) => ({ ...__obj, [domain]: exampleTlsSubscription.managedDnsChallenges.apply(managedDnsChallenges => managedDnsChallenges.filter(obj => obj.recordName == `_acme-challenge.${domain}`).map(obj => (obj)))[0] }))).map(([k, v]) => ({key: k, value: v}))) {
domainValidation.push(new aws.index.Route53Record(`domain_validation-${range.key}`, {
name: range.value.recordName,
type: range.value.recordType,
zoneId: production.zoneId,
allowOverwrite: true,
records: [range.value.recordValue],
ttl: 60,
}, {
dependsOn: [exampleTlsSubscription],
}));
}
});
// This is a resource that other resources can depend on if they require the certificate to be issued.
// NOTE: Internally the resource keeps retrying `GetTLSSubscription` until no error is returned (or the configured timeout is reached).
const exampleTlsSubscriptionValidation = new fastly.TlsSubscriptionValidation("example", {subscriptionId: exampleTlsSubscription.id}, {
dependsOn: [domainValidation],
});
// This data source lists all available configuration objects.
// It uses a `default` attribute to narrow down the list to just one configuration object.
// If the filtered list has a length that is not exactly one element, you'll see an error returned.
// The single TLS configuration is then returned and can be referenced by other resources (see aws_route53_record below).
//
// IMPORTANT: Not all customers will have a 'default' configuration.
// If you have issues filtering with `default = true`, then you may need another attribute.
// Refer to the fastly_tls_configuration documentation for available attributes:
// https://registry.terraform.io/providers/fastly/fastly/latest/docs/data-sources/tls_configuration#optional
const defaultTls = fastly.getTlsConfiguration({
"default": true,
});
// Once validation is complete and we've retrieved the TLS configuration data, we can create multiple subdomain records.
const subdomain: aws.index.Route53Record[] = [];
for (const range = {value: 0}; range.value < std.index.toset({
input: subdomains,
}).result; range.value++) {
subdomain.push(new aws.index.Route53Record(`subdomain-${range.value}`, {
name: range.value,
records: .filter(record => record.recordType == "CNAME").map(record => (record.recordValue)),
ttl: 300,
type: "CNAME",
zoneId: production.zoneId,
}));
}
import pulumi
import pulumi_aws as aws
import pulumi_fastly as fastly
import pulumi_std as std
# NOTE: Creating a hosted zone will automatically create SOA/NS records.
production = aws.index.Route53Zone("production", name=example.com)
example = aws.index.Route53domainsRegisteredDomain("example",
name_server=[{
name: entry.value,
} for entry in [{"key": k, "value": v} for k, v in production.name_servers]],
domain_name=example.com)
subdomains = [
"a.example.com",
"b.example.com",
]
example_service_vcl = fastly.ServiceVcl("example",
domains=[{
"name": entry["value"],
} for entry in [{"key": k, "value": v} for k, v in subdomains]],
name="example-service",
backends=[{
"address": "127.0.0.1",
"name": "localhost",
}],
force_destroy=True)
example_tls_subscription = fastly.TlsSubscription("example",
domains=example_service_vcl.domains.apply(lambda domains: [domain.name for domain in domains]),
certificate_authority="lets-encrypt")
domain_validation = []
def create_domain_validation(range_body):
for range in [{"key": k, "value": v} for [k, v] in enumerate(range_body)]:
domain_validation.append(aws.index.Route53Record(f"domain_validation-{range['key']}",
name=range.value.record_name,
type=range.value.record_type,
zone_id=production.zone_id,
allow_overwrite=True,
records=[range.value.record_value],
ttl=60,
opts = pulumi.ResourceOptions(depends_on=[example_tls_subscription])))
example_tls_subscription.domains.apply(lambda resolved_outputs: create_domain_validation({domain: example_tls_subscription.managed_dns_challenges.apply(lambda managed_dns_challenges: [obj for obj in managed_dns_challenges if obj.record_name == f"_acme-challenge.{domain}"])[0] for domain in resolved_outputs['domains']}))
# This is a resource that other resources can depend on if they require the certificate to be issued.
# NOTE: Internally the resource keeps retrying `GetTLSSubscription` until no error is returned (or the configured timeout is reached).
example_tls_subscription_validation = fastly.TlsSubscriptionValidation("example", subscription_id=example_tls_subscription.id,
opts = pulumi.ResourceOptions(depends_on=[domain_validation]))
# This data source lists all available configuration objects.
# It uses a `default` attribute to narrow down the list to just one configuration object.
# If the filtered list has a length that is not exactly one element, you'll see an error returned.
# The single TLS configuration is then returned and can be referenced by other resources (see aws_route53_record below).
#
# IMPORTANT: Not all customers will have a 'default' configuration.
# If you have issues filtering with `default = true`, then you may need another attribute.
# Refer to the fastly_tls_configuration documentation for available attributes:
# https://registry.terraform.io/providers/fastly/fastly/latest/docs/data-sources/tls_configuration#optional
default_tls = fastly.get_tls_configuration(default=True)
# Once validation is complete and we've retrieved the TLS configuration data, we can create multiple subdomain records.
subdomain = []
for range in [{"value": i} for i in range(0, std.index.toset(input=subdomains).result)]:
subdomain.append(aws.index.Route53Record(f"subdomain-{range['value']}",
name=range.value,
records=[record.record_value for record in default_tls.dns_records if record.record_type == CNAME],
ttl=300,
type=CNAME,
zone_id=production.zone_id))
Example coming soon!
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Fastly = Pulumi.Fastly;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
// NOTE: Creating a hosted zone will automatically create SOA/NS records.
var production = new Aws.Index.Route53Zone("production", new()
{
Name = "example.com",
});
var example = new Aws.Index.Route53domainsRegisteredDomain("example", new()
{
NameServer = .Select(entry =>
{
return
{
{ "name", entry.Value },
};
}).ToList(),
DomainName = "example.com",
});
var subdomains = new[]
{
"a.example.com",
"b.example.com",
};
var exampleServiceVcl = new Fastly.ServiceVcl("example", new()
{
Domains = subdomains.Select((v, k) => new { Key = k, Value = v }).Select(entry =>
{
return new Fastly.Inputs.ServiceVclDomainArgs
{
Name = entry.Value,
};
}).ToList(),
Name = "example-service",
Backends = new[]
{
new Fastly.Inputs.ServiceVclBackendArgs
{
Address = "127.0.0.1",
Name = "localhost",
},
},
ForceDestroy = true,
});
var exampleTlsSubscription = new Fastly.TlsSubscription("example", new()
{
Domains = exampleServiceVcl.Domains.Apply(domains => .Select(domain =>
{
return domain.Name;
}).ToList()),
CertificateAuthority = "lets-encrypt",
});
var domainValidation = new List<Aws.Index.Route53Record>();
foreach (var range in exampleTlsSubscription.Domains.Apply(domains => domains.ToDictionary(item => {
var domain = item.Value;
return domain;
}, item => {
var domain = item.Value;
return exampleTlsSubscription.ManagedDnsChallenges.Apply(managedDnsChallenges => managedDnsChallenges.Where(obj => obj.RecordName == $"_acme-challenge.{domain}").Select(obj =>
{
return obj;
}).ToList())[0];
})).Select(pair => new { pair.Key, pair.Value }))
{
domainValidation.Add(new Aws.Index.Route53Record($"domain_validation-{range.Key}", new()
{
Name = range.Value.RecordName,
Type = range.Value.RecordType,
ZoneId = production.ZoneId,
AllowOverwrite = true,
Records = new[]
{
range.Value.RecordValue,
},
Ttl = 60,
}, new CustomResourceOptions
{
DependsOn =
{
exampleTlsSubscription,
},
}));
}
// This is a resource that other resources can depend on if they require the certificate to be issued.
// NOTE: Internally the resource keeps retrying `GetTLSSubscription` until no error is returned (or the configured timeout is reached).
var exampleTlsSubscriptionValidation = new Fastly.TlsSubscriptionValidation("example", new()
{
SubscriptionId = exampleTlsSubscription.Id,
}, new CustomResourceOptions
{
DependsOn =
{
domainValidation,
},
});
// This data source lists all available configuration objects.
// It uses a `default` attribute to narrow down the list to just one configuration object.
// If the filtered list has a length that is not exactly one element, you'll see an error returned.
// The single TLS configuration is then returned and can be referenced by other resources (see aws_route53_record below).
//
// IMPORTANT: Not all customers will have a 'default' configuration.
// If you have issues filtering with `default = true`, then you may need another attribute.
// Refer to the fastly_tls_configuration documentation for available attributes:
// https://registry.terraform.io/providers/fastly/fastly/latest/docs/data-sources/tls_configuration#optional
var defaultTls = Fastly.GetTlsConfiguration.Invoke(new()
{
Default = true,
});
// Once validation is complete and we've retrieved the TLS configuration data, we can create multiple subdomain records.
var subdomain = new List<Aws.Index.Route53Record>();
for (var rangeIndex = 0; rangeIndex < Std.Index.Toset.Invoke(new()
{
Input = subdomains,
}).Result; rangeIndex++)
{
var range = new { Value = rangeIndex };
subdomain.Add(new Aws.Index.Route53Record($"subdomain-{range.Value}", new()
{
Name = range.Value,
Records = ,
Ttl = 300,
Type = "CNAME",
ZoneId = production.ZoneId,
}));
}
});
Example coming soon!
Example coming soon!
Create TlsSubscriptionValidation Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new TlsSubscriptionValidation(name: string, args: TlsSubscriptionValidationArgs, opts?: CustomResourceOptions);@overload
def TlsSubscriptionValidation(resource_name: str,
args: TlsSubscriptionValidationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def TlsSubscriptionValidation(resource_name: str,
opts: Optional[ResourceOptions] = None,
subscription_id: Optional[str] = None)func NewTlsSubscriptionValidation(ctx *Context, name string, args TlsSubscriptionValidationArgs, opts ...ResourceOption) (*TlsSubscriptionValidation, error)public TlsSubscriptionValidation(string name, TlsSubscriptionValidationArgs args, CustomResourceOptions? opts = null)
public TlsSubscriptionValidation(String name, TlsSubscriptionValidationArgs args)
public TlsSubscriptionValidation(String name, TlsSubscriptionValidationArgs args, CustomResourceOptions options)
type: fastly:TlsSubscriptionValidation
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args TlsSubscriptionValidationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args TlsSubscriptionValidationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args TlsSubscriptionValidationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args TlsSubscriptionValidationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args TlsSubscriptionValidationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var tlsSubscriptionValidationResource = new Fastly.TlsSubscriptionValidation("tlsSubscriptionValidationResource", new()
{
SubscriptionId = "string",
});
example, err := fastly.NewTlsSubscriptionValidation(ctx, "tlsSubscriptionValidationResource", &fastly.TlsSubscriptionValidationArgs{
SubscriptionId: pulumi.String("string"),
})
var tlsSubscriptionValidationResource = new TlsSubscriptionValidation("tlsSubscriptionValidationResource", TlsSubscriptionValidationArgs.builder()
.subscriptionId("string")
.build());
tls_subscription_validation_resource = fastly.TlsSubscriptionValidation("tlsSubscriptionValidationResource", subscription_id="string")
const tlsSubscriptionValidationResource = new fastly.TlsSubscriptionValidation("tlsSubscriptionValidationResource", {subscriptionId: "string"});
type: fastly:TlsSubscriptionValidation
properties:
subscriptionId: string
TlsSubscriptionValidation Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The TlsSubscriptionValidation resource accepts the following input properties:
- Subscription
Id string - The ID of the TLS Subscription that should be validated.
- Subscription
Id string - The ID of the TLS Subscription that should be validated.
- subscription
Id String - The ID of the TLS Subscription that should be validated.
- subscription
Id string - The ID of the TLS Subscription that should be validated.
- subscription_
id str - The ID of the TLS Subscription that should be validated.
- subscription
Id String - The ID of the TLS Subscription that should be validated.
Outputs
All input properties are implicitly available as output properties. Additionally, the TlsSubscriptionValidation resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing TlsSubscriptionValidation Resource
Get an existing TlsSubscriptionValidation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: TlsSubscriptionValidationState, opts?: CustomResourceOptions): TlsSubscriptionValidation@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
subscription_id: Optional[str] = None) -> TlsSubscriptionValidationfunc GetTlsSubscriptionValidation(ctx *Context, name string, id IDInput, state *TlsSubscriptionValidationState, opts ...ResourceOption) (*TlsSubscriptionValidation, error)public static TlsSubscriptionValidation Get(string name, Input<string> id, TlsSubscriptionValidationState? state, CustomResourceOptions? opts = null)public static TlsSubscriptionValidation get(String name, Output<String> id, TlsSubscriptionValidationState state, CustomResourceOptions options)resources: _: type: fastly:TlsSubscriptionValidation get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Subscription
Id string - The ID of the TLS Subscription that should be validated.
- Subscription
Id string - The ID of the TLS Subscription that should be validated.
- subscription
Id String - The ID of the TLS Subscription that should be validated.
- subscription
Id string - The ID of the TLS Subscription that should be validated.
- subscription_
id str - The ID of the TLS Subscription that should be validated.
- subscription
Id String - The ID of the TLS Subscription that should be validated.
Package Details
- Repository
- Fastly pulumi/pulumi-fastly
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fastlyTerraform Provider.
