En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

I can't delete my certificate because it's associated with an invisible cloudfront distribution

0

I have a certificate in AWS Certificate manager that I would like to delete (I need to recreate it to include a root domain). When I try to delete it, I get an error saying that it is associated with a Cloudfront distribution and cannot be deleted. However, in Cloudfront, I have no distributions listed. How can dissociate the certificate from the resource?

I found a similar question and looked for API Gateway resources. I found one and it had a custom domain name similar to the certificate. I've deleted both the custom domain and the API Gateway and they're no longer listed in API Gateway interface, but I'm still not able to delete the certificate because it's associated with this unknown cloudfront resource. Enter image description here Enter image description here

Sujets
Réseaux et diffusion de contenuSécurité, identité et conformité
Balises
Amazon CloudFrontGestionnaire de certificats AWS
Langue
English
ben
demandé il y a 2 ans1816 vues
4 réponses
0
Réponse acceptée

After some time passed, I was able to delete the certificate. It seems that deleting the API Gateway was indeed the cause of the error, and it simply needed some additional time to pass after deletion before I could delete the associated certificate.

ben
répondu il y a 2 ans
profile picture
EXPERT
Giovanni Lauria
vérifié il y a un mois
0

Hello Ben,

From your question I have understood that you are unable to find an ACM certificate and the associations with it. You were correct that to delete a certificate that is in use, you must first remove the certificate association. This can be done using the console or CLI for the associated service. I will link a general guide below: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-delete.html

profile pictureAWS
INGÉNIEUR EN ASSISTANCE TECHNIQUE
Chirag_R
répondu il y a 2 ans
0

Yep API GW edge-optimised APIs are accessed through a CloudFront distribution you don't own - it's in an AWS-managed account. It will use your cert though as you've seen. "aws apigateway get-domain-names" can be used to see the distribution domain names.

EXPERT
skinsman
répondu il y a 2 ans
0

I'm facing the same issue, it's been 1 day already since I deleted the associated API gateway custom domain. The certificate still seems to be associated to some resources that does not exist in my account, this is what i see:

Associated resources (3)

arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-104/87ea7bd28e18ef45

arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-793/dd9eb9379f71a0ba

arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-862/56fc8591797a2875

This shown account id is not mine.

profile picture
Kevin
répondu il y a 2 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents