Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

I can't delete my certificate because it's associated with an invisible cloudfront distribution

0

I have a certificate in AWS Certificate manager that I would like to delete (I need to recreate it to include a root domain). When I try to delete it, I get an error saying that it is associated with a Cloudfront distribution and cannot be deleted. However, in Cloudfront, I have no distributions listed. How can dissociate the certificate from the resource?

I found a similar question and looked for API Gateway resources. I found one and it had a custom domain name similar to the certificate. I've deleted both the custom domain and the API Gateway and they're no longer listed in API Gateway interface, but I'm still not able to delete the certificate because it's associated with this unknown cloudfront resource. Enter image description here Enter image description here

Themen
Vernetzung & Bereitstellung von InhaltenSicherheit, Identität & Konformität
Tags
Amazon CloudFrontAWS Zertifikatsmanager
Sprache
English
ben
gefragt vor 2 Jahren1849 Aufrufe
4 Antworten
0
Akzeptierte Antwort

After some time passed, I was able to delete the certificate. It seems that deleting the API Gateway was indeed the cause of the error, and it simply needed some additional time to pass after deletion before I could delete the associated certificate.

ben
beantwortet vor 2 Jahren
profile picture
EXPERTE
Giovanni Lauria
überprüft vor einem Monat
0

Hello Ben,

From your question I have understood that you are unable to find an ACM certificate and the associations with it. You were correct that to delete a certificate that is in use, you must first remove the certificate association. This can be done using the console or CLI for the associated service. I will link a general guide below: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-delete.html

profile pictureAWS
SUPPORT-TECHNIKER
Chirag_R
beantwortet vor 2 Jahren
0

Yep API GW edge-optimised APIs are accessed through a CloudFront distribution you don't own - it's in an AWS-managed account. It will use your cert though as you've seen. "aws apigateway get-domain-names" can be used to see the distribution domain names.

EXPERTE
skinsman
beantwortet vor 2 Jahren
0

I'm facing the same issue, it's been 1 day already since I deleted the associated API gateway custom domain. The certificate still seems to be associated to some resources that does not exist in my account, this is what i see:

Associated resources (3)

arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-104/87ea7bd28e18ef45

arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-793/dd9eb9379f71a0ba

arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-862/56fc8591797a2875

This shown account id is not mine.

profile picture
Kevin
beantwortet vor 2 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt