Does anyone know how I can set up the apigateway custom Doma Pulumi Community #aws

Does anyone know how I can set up the apigateway c...

victorious-memory-43562

08/13/2022, 7:15 PM

Does anyone know how I can set up the apigateway custom DomainName when my route 53 hosted zone & ACM cert for that domain are in a different account in the same organization? I’m reading this and am struggling figuring out how to do this with Pulumi

billowy-army-68599

08/13/2022, 8:05 PM

expost the route53 zone and acm cert using resource access manager: https://aws.amazon.com/ram/

billowy-army-68599

08/13/2022, 8:06 PM

this is for a transit gateway, but can be used as a reference to share other things: https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/aws/transit_gateway_multi_account/sharedTransitGateway.ts#L32-L47

victorious-memory-43562

08/13/2022, 8:54 PM

@billowy-army-68599 Super helpful! Thank you

victorious-memory-43562

08/13/2022, 8:55 PM

Oh wow that handles the IAM too?? Incredible

👍 1

victorious-memory-43562

08/16/2022, 3:49 PM

It seems you can’t share hosted zone IDs… they have a pretty limited list of the resources you can share with RAM. Looking for another solution now

billowy-army-68599

08/16/2022, 3:59 PM

oh that sucks 😞 You should be able to set a provider on the resource and update the original account

victorious-memory-43562

08/16/2022, 8:07 PM

Update: you can have ACM certs for the same domain in different accounts/regions, they just need to be verified by the owner. So I can create a cert during the provisioning of each account, trigger an event to the base account to handle the DNS verification, then use that domain on APIGWs in that account by referencing the cert created in that account

victorious-memory-43562

08/16/2022, 8:07 PM

Not too bad actually

2 Views

Open in Slack

Previous Next