I use the following functions to create r53 dns records which work as expected:

def add_acm_validation_records(self, cert: aws.acm.Certificate) -> list:

valid_fqdns = cert.domain_validation_options.apply(

lambda o: self.iterate_records(o)

)

return valid_fqdns

def iterate_records(self, validation_options):

fqdns = []

for record_to_add in validation_options:

record = aws.route53.Record(

f"r53-acm-verify-{record_to_add.domain_name}",

allow_overwrite=True,

name=record_to_add.resource_record_name,

ttl=60,

type=record_to_add.resource_record_type,

records=[record_to_add.resource_record_value],

zone_id=self.__customer_zone.zone_id,

)

fqdns.append(record.fqdn)

return fqdns

At this point on using the AWS console I can see the certificate is issued and is valid

I used the following function to validate the certificate

def validate(self, fqdns: list) -> aws.acm.Certificate:

cert_validation = aws.acm.CertificateValidation(

f"{self.__customer_code}-cert-validation",

certificate_arn=self.__customer_cert.arn,

validation_record_fqdns=[pulumi.Output.all(fqdns).apply(lambda l: f"{l}")],

opts=pulumi.ResourceOptions(provider=self.__aws_provider_west_2),

)

but get the following error:

aws:acm:CertificateValidation (abcd-cert-validation):

error: 1 error occurred:

* 3 errors occurred:

* missing *.<http://api.abcd.sanda.xxx.co.uk|api.abcd.sanda.xxx.co.uk> DNS validation record: _<http://aa.api.abcd.sanda.xxx.co.uk|aa.api.abcd.sanda.xxx.co.uk>

* missing *.<http://web.abcd.sanda.xxx.co.uk|web.abcd.sanda.xxx.co.uk> DNS validation record: _<http://bb.web.abcd.sanda.xxx.co.uk|bb.web.abcd.sanda.xxx.co.uk>

* missing *.<http://abcd.sanda.xxx.co.uk|abcd.sanda.xxx.co.uk> DNS validation record: _<http://cc.abcd.sanda.xxx.co.uk|cc.abcd.sanda.xxx.co.uk>

I check and the dns records and confirm they are present .. so i think my error is in how i am passing the

validation_record_fqdns=[pulumi.Output.all(fqdns).apply(lambda l: f"{l}")],

but i am not sure what i am doing wrong ...