Thread
#aws
    v

    victorious-dusk-75271

    3 weeks ago
    A task is stuck in creating replacement for long. is there a way to debug it?
    v

    victorious-church-57397

    3 weeks ago
    i think you just have to wait for the validation to complete? how long has it been?
    v

    victorious-dusk-75271

    3 weeks ago
    an hour
    v

    victorious-church-57397

    3 weeks ago
    hmm, ive seen them take 20 mins before, have you checked in the UI the status of it? how come the validation is recreating? did you change something in it?
    v

    victorious-dusk-75271

    3 weeks ago
    Yes i have.
    10             const sslCertificate = new aws.acm.Certificate(`${stack}-ssl-cert`, {
        9                 domainName: env.APP_DOMAIN,
        8                 subjectAlternativeNames: subjectAlternativeNames,
        7                 validationMethod: 'DNS',
        6             })
        5
        4             const sslCertificateValidationDnsRecords = sslCertificate.domainValidationOptions.apply(a => {
        3                 return a.map((option, index) => {
        2                     return new aws.route53.Record(`${stack}-ssl-cert-validation-dns-record-${index}`, {
        1                         zoneId: zone.then(z => z.zoneId),
      28                          name: option.resourceRecordName,
        1                         type: option.resourceRecordType,
        2                         records: [option.resourceRecordValue],
        3                         allowOverwrite: true,
        4                         ttl: 10 * 60,
        5                     }, { dependsOn: sslCertificate }).fqdn
        6                 })
        7             })
        8
        9             const validatedSslCertificate = new aws.acm.CertificateValidation(`${stack}-ssl-cert-validation`, {
       10                 certificateArn: sslCertificate.arn,
       11                 validationRecordFqdns: sslCertificateValidationDnsRecords,
       12             }, { dependsOn: sslCertificate })
    v

    victorious-church-57397

    3 weeks ago
    its strange that its been stuck for an hour - unsure on how to troubleshoot it other than looking around in the ui to see if it is actually still pending legitimately, what did you change?
    v

    victorious-dusk-75271

    3 weeks ago
    i just changed the name of tasks
    v

    victorious-church-57397

    3 weeks ago
    tasks?
    v

    victorious-dusk-75271

    3 weeks ago
    i mean resources
    aws.acm.Certificate(`${stack}-ssl-cert`, {})
    aws.acm.CertificateValidation(`${stack}-ssl-cert-validation`, {})
    oh i see whats going on. sslCertificate.domainValidationOptions.apply(a => { }) is not being called at all
    so validation is keep waiting for dns forever
    v

    victorious-church-57397

    3 weeks ago
    i dont see that in the code you pasted -
    v

    victorious-dusk-75271

    3 weeks ago
    4             const sslCertificateValidationDnsRecords = sslCertificate.domainValidationOptions.apply(a => {
        3                 return a.map((option, index) => {
        2                     return new aws.route53.Record(`${stack}-ssl-cert-validation-dns-record-${index}`, {
        1                         zoneId: zone.then(z => z.zoneId),
      28                          name: option.resourceRecordName,
        1                         type: option.resourceRecordType,
        2                         records: [option.resourceRecordValue],
        3                         allowOverwrite: true,
        4                         ttl: 10 * 60,
        5                     }, { dependsOn: sslCertificate }).fqdn
        6                 })
        7             })
    this
    v

    victorious-church-57397

    3 weeks ago
    ahhh ok yeah sorry i missed that, glad you spotted
    v

    victorious-dusk-75271

    3 weeks ago
    thank you
    I cant get it called before validation, any idea how to fix it?
    v

    victorious-church-57397

    3 weeks ago
    id try putting that declaration below the
    validatedSslCertificate
    and then adding
    validatedSslCertificate
    to the
    dependsOn
    in
    sslCertificateValidationDnsRecords
    if that makes sense?
    10             const sslCertificate = new aws.acm.Certificate(`${stack}-ssl-cert`, {
        9                 domainName: env.APP_DOMAIN,
        8                 subjectAlternativeNames: subjectAlternativeNames,
        7                 validationMethod: 'DNS',
        6             })
        5
        8
        9             const validatedSslCertificate = new aws.acm.CertificateValidation(`${stack}-ssl-cert-validation`, {
       10                 certificateArn: sslCertificate.arn,
       11                 validationRecordFqdns: sslCertificateValidationDnsRecords,
       12             }, { dependsOn: sslCertificate })
    
        4             const sslCertificateValidationDnsRecords = sslCertificate.domainValidationOptions.apply(a => {
        3                 return a.map((option, index) => {
        2                     return new aws.route53.Record(`${stack}-ssl-cert-validation-dns-record-${index}`, {
        1                         zoneId: zone.then(z => z.zoneId),
      28                          name: option.resourceRecordName,
        1                         type: option.resourceRecordType,
        2                         records: [option.resourceRecordValue],
        3                         allowOverwrite: true,
        4                         ttl: 10 * 60,
        5                     }, { dependsOn: [sslCertificate, validatedSslCertificate] }).fqdn
        6                 })
        7             })
    v

    victorious-dusk-75271

    3 weeks ago
    i think the record has be created before aws.acm.CertificateValidation though
    v

    victorious-church-57397

    3 weeks ago
    ah of course sorry, let me find an example of this
    we've done it at my place
    v

    victorious-church-57397

    3 weeks ago
    have you tried doing it like in the example?
    they arent using an apply there
    v

    victorious-dusk-75271

    3 weeks ago
    yes. its for single though
    i am adding multiple subdomains to ssl certificate's subjectAlternativeNames
    v

    victorious-church-57397

    3 weeks ago
    have you tried logging out
    option
    and
    index
    to make sure they contain what you're expecting?
    v

    victorious-dusk-75271

    3 weeks ago
    actually the records are being added to route53 but i am not sure why CertificateValidation is just kept on waiting forever
    Yes, i found the record it want to verify and they do exists in route53.

    https://puu.sh/JjRqk/98533c6125.png