https://pulumi.com logo
Powered by
Title
v

victorious-memory-43562

08/13/2022, 7:15 PM
Does anyone know how I can set up the apigateway custom DomainName when my route 53 hosted zone & ACM cert for that domain are in a different account in the same organization? I’m reading this and am struggling figuring out how to do this with Pulumi
b

billowy-army-68599

08/13/2022, 8:05 PM
expost the route53 zone and acm cert using resource access manager: https://aws.amazon.com/ram/
this is for a transit gateway, but can be used as a reference to share other things: https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/aws/transit_gateway_multi_account/sharedTransitGateway.ts#L32-L47
v

victorious-memory-43562

08/13/2022, 8:54 PM
@billowy-army-68599 Super helpful! Thank you
Oh wow that handles the IAM too?? Incredible
👍 1
It seems you can’t share hosted zone IDs… they have a pretty limited list of the resources you can share with RAM. Looking for another solution now
b

billowy-army-68599

08/16/2022, 3:59 PM
oh that sucks 😞 You should be able to set a provider on the resource and update the original account
v

victorious-memory-43562

08/16/2022, 8:07 PM
Update: you can have ACM certs for the same domain in different accounts/regions, they just need to be verified by the owner. So I can create a cert during the provisioning of each account, trigger an event to the base account to handle the DNS verification, then use that domain on APIGWs in that account by referencing the cert created in that account
Not too bad actually
2 Views
#awsJoin Slack
Powered by