From 334d5c864115a7d3ff44d26c15537f45d6c715e3 Mon Sep 17 00:00:00 2001
From: Matt H <matt_henderson@sil.org>
Date: Tue, 1 Aug 2023 10:40:29 -0400
Subject: [PATCH 1/2] Always have a `aws_acm_certificate_validation` resource

This is how we can depend on / know when the certificate has been
validated and issued.
---
 main.tf    | 1 -
 outputs.tf | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index 78c3e99..7f8f687 100644
--- a/main.tf
+++ b/main.tf
@@ -23,7 +23,6 @@ resource "cloudflare_record" "validation" {
 }
 
 resource "aws_acm_certificate_validation" "this" {
-  count                   = var.create_dns_validation ? 1 : 0
   certificate_arn         = aws_acm_certificate.this.arn
   validation_record_fqdns = [cloudflare_record.validation[0].hostname]
 }
diff --git a/outputs.tf b/outputs.tf
index af4b706..c390485 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -6,5 +6,5 @@ output "certificate_arn" {
 
 output "validation_id" {
   description = "The time at which the certificate was issued"
-  value       = one(aws_acm_certificate_validation.this[*].id)
+  value       = aws_acm_certificate_validation.this.id
 }

From b49662a9d12f9a13142332de6083277c21b10a80 Mon Sep 17 00:00:00 2001
From: Matt H <matt_henderson@sil.org>
Date: Tue, 1 Aug 2023 10:41:21 -0400
Subject: [PATCH 2/2] Get the certificate ARN from the validation resource

The validation resource's certificate ARN is available once the
certificate has been issued.
---
 outputs.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/outputs.tf b/outputs.tf
index c390485..c265ef6 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,7 +1,7 @@
 
 output "certificate_arn" {
-  description = "The ARN of the AWS ACM Certificate this created"
-  value       = aws_acm_certificate.this.arn
+  description = "The ARN of the (validated) AWS ACM Certificate this created"
+  value       = aws_acm_certificate_validation.this.certificate_arn
 }
 
 output "validation_id" {