variable "gateway_custom_domains" {
  description = "List of custom domains for the Gateway."
  type = list(object({
    host_name                    = string
    certificate_id               = string
    negotiate_client_certificate = optional(bool, false)
    default_ssl_binding          = optional(bool, false)
    })
  )
  default = []
}

resource "azurerm_api_management_custom_domain" "gateway" {
  for_each   = { for domain in var.gateway_custom_domains : domain.host_name => domain }
  api_management_id = azurerm_api_management.apim.id

  gateway {
    host_name                   = each.value.host_name
    key_vault_id                = each.value.certificate_id
    negotiate_client_certificate = try(each.value.negotiate_client_certificate, false)
    default_ssl_binding          = try(each.value.default_ssl_binding, false)
  }
}

module "apim_01" {
  source              = ...
  
  ...

  gateway_custom_domains = [
    {
      host_name = "gw1.example.com"
      certificate_id = azurerm_key_vault_certificate.apimgw1.versionless_secret_id
      negotiate_client_certificate    = false
      default_ssl_binding             = true
    },
    {
      host_name = "gw2.example.com"
      certificate_id = azurerm_key_vault_certificate.apimgw2.versionless_secret_id
      negotiate_client_certificate    = false
      default_ssl_binding             = false
}

I have this Terraform code to create custom domain names for API Management, but I couldn´t get this working when passing multiple objects to the module, as the first one gets created but the others fail with a conflict error:

│ Error: creating/updating Custom Domain: (Name "default" / Service Name "apim-weu-01" / Resource Group "rg-weu-01"): performing CreateOrUpdate: unexpected status 409 (409 Conflict) with error: ServiceLocked: The API Service apim-weu-01 is transitioning at this time. Please try the request again later. 
1865│ 
1866│ with module.apim_01.azurerm_api_management_custom_domain.custom_domains["gw2.example.com"], 
1867│ on .terraform/modules/apim_01/custom-domains.tf line 1, in resource "azurerm_api_management_custom_domain" "custom_domains": 
1868│ 1: resource "azurerm_api_management_custom_domain" "custom_domains" { 
1869│ 
1870╵ 
1871Error: Terraform exited with code 1. 
1872Error: Process completed with exit code 1.

Thanks.

It looks like Terraform makes the api calls in the for_each iteration before the Apim instance gets available and I believe that there is no way to control de for_each to create subsequentially. I searched in the azurerm provider issue, it is wierd that there is nobody complaining about, I am afraid that I am doing something wrong. Is there any way to prevent this?

I also tried to create a dedicated module that would just create the custom domain name and then the customer would be able to call it multiple times to create multiple custom domain names, that is its requirement, but then the first one gets created and the second fails saying that the resource already exist and needs to be imported in the state. It seems that the resource refer to the custom domain name in the state with a reference to the apim instance and not to the custom domain itself and then it generates the error. Have smeone faced something similar and could solve that? Again there is no one complaining about it and this sounds wierd.

Any help would be appreciated.