CC-2437: Split Validation based on provider

terraform/environments/ccms-ebs/ccms-certificates.tf

@@ -120,8 +120,8 @@ resource "aws_route53_record" "external_validation_core_vpc" {
 #   zone_id         = local.cert_zone_id
 # }
 
-resource "aws_acm_certificate_validation" "external" {
-  count = local.is-production ? 1 : 1
+resource "aws_acm_certificate_validation" "external_nonprod" {
+  count = local.is-production ? 0 : 1
 
   depends_on = [
     aws_route53_record.external_validation_core_network,
@@ -138,3 +138,18 @@ resource "aws_acm_certificate_validation" "external" {
     create = "10m"
   }
 }
+
+resource "aws_acm_certificate_validation" "external" {
+  count = local.is-production ? 1 : 0
+
+  depends_on = [
+    aws_route53_record.external_validation_core_network
+  ]
+
+  certificate_arn         = local.cert_arn
+  validation_record_fqdns = [for record in aws_route53_record.external_validation_core_network : record.fqdn]
+
+  timeouts {
+    create = "10m"
+  }
+}

terraform/environments/ccms-ebs/member-locals.tf

@@ -25,11 +25,7 @@ locals {
     data.aws_subnet.public_subnets_c.id
   ]
 
-  cert_opts = local.environment == "production" ? [
-    {
-      domain_name : "ccms-ebs.service.justice.gov.uk",
-    }
-  ] : tolist(aws_acm_certificate.external[0].domain_validation_options)
+  cert_opts    = local.environment == "production" ? aws_acm_certificate.external-service[0].domain_validation_options : aws_acm_certificate.external[0].domain_validation_options
   cert_arn     = local.environment == "production" ? aws_acm_certificate.external-service[0].arn : aws_acm_certificate.external[0].arn
   cert_zone_id = local.environment == "production" ? data.aws_route53_zone.application-zone.zone_id : data.aws_route53_zone.network-services.zone_id
 }