I am having trouble with ACM and I suspect the cause is from using a specific region provider. I am using an S3 backend, and most of my project will take place in our default region (

us-west-2

). I am creating a certificate in

us-east-1

because I need to use it as part of a cloudfront distribution, which requires the cert to live there.

// [...]
const regionProvider = new aws.Provider('us-east-provider', {region: 'us-east-1'});

const certCertificate = new aws.acm.Certificate('cert', {
  domainName: '<http://dashboard.mydomain.com|dashboard.mydomain.com>',
  subjectAlternativeNames: [
    '*.<http://dashboard.mydomain.com|dashboard.mydomain.com>',
  ],
  validationMethod: 'DNS',
  tags,
}, {provider: regionProvider});

const certValidation = new aws.route53.Record('certValidation', {
  name: certCertificate.domainValidationOptions[0].resourceRecordName,
  records: [certCertificate.domainValidationOptions[0].resourceRecordValue],
  ttl: 300,
  type: certCertificate.domainValidationOptions[0].resourceRecordType,
  zoneId: dashboardR53Zone.id,
});

const certCertificateValidation = new aws.acm.CertificateValidation('cert', {
  certificateArn: certCertificate.arn,
  validationRecordFqdns: [
    certValidation.fqdn,
    certValidation.fqdn, // both entries use the same value/name per the AWS console
  ],
});

After running

pulumi up

I receive the following error:

Diagnostics:
  aws:acm:CertificateValidation (cert):
    error: Error describing certificate: ResourceNotFoundException: Could not find certificate arn:aws:acm:us-east-1:[REDACTED]:certificate/60c[REDACTED]df9d9.
        status code: 400, request id: 4c00[REDACTED]aef6

I can see the certificate with that ARN in the AWS console, so I'm not sure how to proceed