This message was deleted.
# awss
sparse-intern-71089
08/13/2022, 7:15 PMThis message was deleted.
b
billowy-army-68599
08/13/2022, 8:05 PM
expost the route53 zone and acm cert using resource access manager:
https://aws.amazon.com/ram/
billowy-army-68599
08/13/2022, 8:06 PM
this is for a transit gateway, but can be used as a reference to share other things: https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/aws/transit_gateway_multi_account/sharedTransitGateway.ts#L32-L47
v
victorious-memory-43562
08/13/2022, 8:54 PM@billowy-army-68599 Super helpful! Thank you
victorious-memory-43562
08/13/2022, 8:55 PMOh wow that handles the IAM too?? Incredible
👍 1
victorious-memory-43562
08/16/2022, 3:49 PMIt seems you can’t share hosted zone IDs… they have a pretty limited list of the resources you can share with RAM. Looking for another solution now
b
billowy-army-68599
08/16/2022, 3:59 PM
oh that sucks 😞
You should be able to set a provider on the resource and update the original account
v
victorious-memory-43562
08/16/2022, 8:07 PMUpdate: you can have ACM certs for the same domain in different accounts/regions, they just need to be verified by the owner. So I can create a cert during the provisioning of each account, trigger an event to the base account to handle the DNS verification, then use that domain on APIGWs in that account by referencing the cert created in that account
victorious-memory-43562
08/16/2022, 8:07 PMNot too bad actually
2 Views