https://pulumi.com logo
#aws
Title
# aws
v

victorious-dusk-75271

09/05/2022, 6:48 PM
A task is stuck in creating replacement for long. is there a way to debug it?
v

victorious-church-57397

09/05/2022, 6:49 PM
i think you just have to wait for the validation to complete? how long has it been?
v

victorious-dusk-75271

09/05/2022, 6:49 PM
an hour
v

victorious-church-57397

09/05/2022, 6:50 PM
hmm, ive seen them take 20 mins before, have you checked in the UI the status of it? how come the validation is recreating? did you change something in it?
v

victorious-dusk-75271

09/05/2022, 6:53 PM
Yes i have.
Copy code
10             const sslCertificate = new aws.acm.Certificate(`${stack}-ssl-cert`, {
    9                 domainName: env.APP_DOMAIN,
    8                 subjectAlternativeNames: subjectAlternativeNames,
    7                 validationMethod: 'DNS',
    6             })
    5
    4             const sslCertificateValidationDnsRecords = sslCertificate.domainValidationOptions.apply(a => {
    3                 return a.map((option, index) => {
    2                     return new aws.route53.Record(`${stack}-ssl-cert-validation-dns-record-${index}`, {
    1                         zoneId: zone.then(z => z.zoneId),
  28                          name: option.resourceRecordName,
    1                         type: option.resourceRecordType,
    2                         records: [option.resourceRecordValue],
    3                         allowOverwrite: true,
    4                         ttl: 10 * 60,
    5                     }, { dependsOn: sslCertificate }).fqdn
    6                 })
    7             })
    8
    9             const validatedSslCertificate = new aws.acm.CertificateValidation(`${stack}-ssl-cert-validation`, {
   10                 certificateArn: sslCertificate.arn,
   11                 validationRecordFqdns: sslCertificateValidationDnsRecords,
   12             }, { dependsOn: sslCertificate })
v

victorious-church-57397

09/05/2022, 6:57 PM
its strange that its been stuck for an hour - unsure on how to troubleshoot it other than looking around in the ui to see if it is actually still pending legitimately, what did you change?
v

victorious-dusk-75271

09/05/2022, 6:58 PM
i just changed the name of tasks
v

victorious-church-57397

09/05/2022, 6:58 PM
tasks?
v

victorious-dusk-75271

09/05/2022, 6:58 PM
i mean resources
Copy code
aws.acm.Certificate(`${stack}-ssl-cert`, {})
aws.acm.CertificateValidation(`${stack}-ssl-cert-validation`, {})
oh i see whats going on. sslCertificate.domainValidationOptions.apply(a => { }) is not being called at all
so validation is keep waiting for dns forever
v

victorious-church-57397

09/05/2022, 7:01 PM
i dont see that in the code you pasted -
v

victorious-dusk-75271

09/05/2022, 7:01 PM
Copy code
4             const sslCertificateValidationDnsRecords = sslCertificate.domainValidationOptions.apply(a => {
    3                 return a.map((option, index) => {
    2                     return new aws.route53.Record(`${stack}-ssl-cert-validation-dns-record-${index}`, {
    1                         zoneId: zone.then(z => z.zoneId),
  28                          name: option.resourceRecordName,
    1                         type: option.resourceRecordType,
    2                         records: [option.resourceRecordValue],
    3                         allowOverwrite: true,
    4                         ttl: 10 * 60,
    5                     }, { dependsOn: sslCertificate }).fqdn
    6                 })
    7             })
this
v

victorious-church-57397

09/05/2022, 7:02 PM
ahhh ok yeah sorry i missed that, glad you spotted
v

victorious-dusk-75271

09/05/2022, 7:08 PM
thank you
I cant get it called before validation, any idea how to fix it?
v

victorious-church-57397

09/05/2022, 7:21 PM
id try putting that declaration below the
validatedSslCertificate
and then adding
validatedSslCertificate
to the
dependsOn
in
sslCertificateValidationDnsRecords
if that makes sense?
Copy code
10             const sslCertificate = new aws.acm.Certificate(`${stack}-ssl-cert`, {
    9                 domainName: env.APP_DOMAIN,
    8                 subjectAlternativeNames: subjectAlternativeNames,
    7                 validationMethod: 'DNS',
    6             })
    5
    8
    9             const validatedSslCertificate = new aws.acm.CertificateValidation(`${stack}-ssl-cert-validation`, {
   10                 certificateArn: sslCertificate.arn,
   11                 validationRecordFqdns: sslCertificateValidationDnsRecords,
   12             }, { dependsOn: sslCertificate })

    4             const sslCertificateValidationDnsRecords = sslCertificate.domainValidationOptions.apply(a => {
    3                 return a.map((option, index) => {
    2                     return new aws.route53.Record(`${stack}-ssl-cert-validation-dns-record-${index}`, {
    1                         zoneId: zone.then(z => z.zoneId),
  28                          name: option.resourceRecordName,
    1                         type: option.resourceRecordType,
    2                         records: [option.resourceRecordValue],
    3                         allowOverwrite: true,
    4                         ttl: 10 * 60,
    5                     }, { dependsOn: [sslCertificate, validatedSslCertificate] }).fqdn
    6                 })
    7             })
v

victorious-dusk-75271

09/05/2022, 7:23 PM
i think the record has be created before aws.acm.CertificateValidation though
v

victorious-church-57397

09/05/2022, 7:24 PM
ah of course sorry, let me find an example of this
we've done it at my place
v

victorious-church-57397

09/05/2022, 7:25 PM
have you tried doing it like in the example?
they arent using an apply there
v

victorious-dusk-75271

09/05/2022, 7:25 PM
yes. its for single though
i am adding multiple subdomains to ssl certificate's subjectAlternativeNames
v

victorious-church-57397

09/05/2022, 7:27 PM
have you tried logging out
option
and
index
to make sure they contain what you're expecting?
v

victorious-dusk-75271

09/05/2022, 7:29 PM
actually the records are being added to route53 but i am not sure why CertificateValidation is just kept on waiting forever
Yes, i found the record it want to verify and they do exists in route53.

https://puu.sh/JjRqk/98533c6125.png