magnificent-soccer-44287
11/19/2023, 11:31 PMconst domainCertificate = new aws.acm.Certificate(pre('domain-cert'), {
domainName,
validationMethod: "DNS",
});
const certValidation = new aws.route53.Record(pre('certValidation'), rootZoneId.apply(zoneId => {
return {
name: domainCertificate.domainValidationOptions[0].resourceRecordName,
zoneId: rootZoneId,
type: domainCertificate.domainValidationOptions[0].resourceRecordType,
records: [domainCertificate.domainValidationOptions[0].resourceRecordValue],
ttl: 60,
}
}), { provider: sharedAccountProvider});
const certValidationOption = new aws.acm.CertificateValidation("certValidationOption", {
certificateArn: domainCertificate.arn,
validationRecordFqdns: [certValidation.fqdn],
}, { provider: sharedAccountProvider } );
when it comes to "certValidationOption"...
domainCertificate is in my subaccount
certValidation is in the shared account
how do I look for CertificateValidation when the fqdn is in the parent account but the validation is in the subaccount?{
"Action": [
"route53:ChangeResourceRecordSets",
"route53:GetChange",
"route53:GetHostedZone",
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
"acm:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:route53:::hostedzone/id",
"arn:aws:route53:::hostedzone/id",
"arn:aws:acm:*",
"arn:aws:route53:::change/*"
]
}
],
error in the code:
is not authorized to perform: acm:ListCertificates because no identity-based policy allows the acm:ListCertificates action
ðŸ˜gifted-gigabyte-53859
11/22/2023, 1:58 AMmagnificent-soccer-44287
11/22/2023, 1:59 AM