# aws


01/12/2024, 1:15 PM
Hello. I'm attempting to create a Certificate for use with a Cloudfront distribution and the certificate must be validated before referencing it in the Cloudfront distribution. The documentation for CertificateValidation and most of (if not all of) the articles I've found so far suggest updating a Route53 zone with the needed validation records. At this time I don't wish to use a Route 53 zone since the zone in question is already with a 3rd party. Does anyone have any recommendations as to how handle creating, manually validating, and then using a cert in a single pulumi project/stack? For example, is there a way to split a stack into two phases? Or, is there away to have Pulumi print the DNS validation records during
and wait for me to create them manually? Are there conditional flow control options in general in Pulumi? It appears that CertificateValidation immediately fails if the certificate isn't yet validated, so that does not seem useful for checking on it's status and conditionally doing something else. But, I have found that I can get the certificate status with
but I'm not yet sure what I can do with that in the context of how Pulumi works. I'm using Javascript, btw.


01/12/2024, 2:00 PM
Without that, I'm not sure how you'd do it... You need an ACM cert, and generating that ACM could be a separate pre-stack, with the cert ARN as an output that you can reference I suppose?
The other option is to automate the Zone/DNS update of the third party provider.
(as in, within Pulumi, like the godaddy/cloudflare providers.


01/12/2024, 2:25 PM
@worried-knife-31967 I appreciate the input, thanks. I was hoping to avoid the overhead of maintaining two stacks but perhaps that is the way to do it.