providerの設定を変更したものを用意して、aliasを使うことで解決
provider "aws" {}
provider "aws" {
alias = "virginia"
region = "us-east-1"
}
# 証明書発行リクエスト
resource "aws_acm_certificate" "cert" {
domain_name = "${lookup(var.domain_name, "${terraform.workspace}.value")}"
validation_method = "DNS"
provider = "aws.virginia"
lifecycle {
create_before_destroy = true
}
}
# DNSによる検証用レコードの登録
resource "aws_route53_record" "cert_validation" {
name = "${aws_acm_certificate.cert.domain_validation_options.0.resource_record_name}"
type = "${aws_acm_certificate.cert.domain_validation_options.0.resource_record_type}"
zone_id = "${aws_route53_zone.xxxxxx.zone_id}"
records = ["${aws_acm_certificate.cert.domain_validation_options.0.resource_record_value}"]
ttl = 60
}
# 検証
resource "aws_acm_certificate_validation" "cert" {
certificate_arn = "${aws_acm_certificate.cert.arn}"
validation_record_fqdns = ["${aws_route53_record.cert_validation.fqdn}"]
provider = "aws.virginia"
}
resource "aws_cloudfront_distribution" "xxxxxx" {
# ~~略~~
viewer_certificate {
acm_certificate_arn = "${aws_acm_certificate.cert.arn}"
ssl_support_method = "sni-only"
minimum_protocol_version = "TLSv1"
}
# ~~略~~
}
参考URL
amazon web services - How to specify a ACM certificate in a specific region for a data source? - Stack Overflow
TerraformによるAWS Certificate Manager(ACM)からの証明書取得とドメイン検証 - Qiita