https://pulumi.com logo
#aws
Title
# aws
f

fast-vase-27755

01/09/2024, 2:25 AM
Hi! please help me to understand issue with
aws:acm:CertificateValidation
- stack creates properly
aws:acm:Certificate
and Route53 record for validation, but when it comes to validation "action" it cannot find certificate
Copy code
reading ACM Certificate (arn:aws:acm:us-east-1:ACCOUNTNUMBER:certificate/8fafc6fb-2035-4fc2-8fa5-622ae7d07ad5): couldn't find resource
but I checked many times - certificate is there and ARN is correct, it hangs in pending state though can you please give me some hints Thank you here is excerpt from my yaml:
Copy code
zone:
    type: aws:route53/zone:Zone
    properties:
      name: ${domain}.
  us-east-provider: # ACM certificates must be created in the us-east-1 region.
    type: pulumi:providers:aws
    properties:
      region: us-east-1
  certificate:
    type: aws:acm:Certificate
    properties:
      domainName: ${domain}
      validationMethod: DNS
    options:
      # ACM certificates must be created in the us-east-1 region
      provider: ${us-east-provider}
  # Validate the ACM certificate with DNS.
  certValidation:
    type: aws:route53:Record
    properties:
      name: ${certificate.domainValidationOptions[0].resourceRecordName}
      type: ${certificate.domainValidationOptions[0].resourceRecordType}
      zoneId: ${zone.zoneId}
      ttl: 60
      records:
        - ${certificate.domainValidationOptions[0].resourceRecordValue}
  certCertificateValidation:
    type: aws:acm:CertificateValidation
    properties:
      certificateArn: ${certificate.arn}
      validationRecordFqdns:
        - ${certValidation.fqdn}
BTW, yaml docs are gravely wrong
Ok, I figured that docs are missing provider option:
Copy code
certCertificateValidation:
    type: aws:acm:CertificateValidation
    properties:
      certificateArn: ${certificate.arn}
      validationRecordFqdns:
        - ${certValidation.fqdn}
    options:
      provider: ${us-east-provider}
which is redundant as only
us-east-1
certs are good for CDN but anyway now what we have is that validation has no errors but it times out, it just never happens 😞
nobody emphasizes this but you MUST create hosted zone manually and MATCH NS records from domain with hosted zone when hosted zone is curated by Pulumi it is being recreated multiple times and your NS records get messed
2 Views