AWS China CloudFront Error when provisioned using terraform

Question

I am attempting to deploy two cloudfront distributions in cn-northwest-1 and I cannot seem to get ACM certificates attached to them, terraform keeps returning the following error

```
error creating CloudFront Distribution: InvalidViewerCertificate: The specified SSL certificate source isn't available in this region.
│       status code: 400
```
The ACM certificates are being generated in us-east-1 and the validation is completing successfully, but it seems that the cloudfront distribution which is created in china cannot access the certificates in the account with access to us-east-1 and RAM does not work for ACM Certificates as far as I could find.

Has anyone run into the similar issue, is the only solution here using SSL/TLS certificates and manually importing them?

Answer

Unfortunately, Amazon CloudFront in the China Regions currently does not support Amazon Certificate Manager. You must get an SSL/TLS certificate from a different third-party certificate authority (CA) and then upload it to the IAM certificate store.

For more information, see Importing an SSL/TLS Certificate in the Amazon CloudFront Developer Guide.

https://docs.amazonaws.cn/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-procedures.html#cnames-and-https-uploading-certificates
https://docs.amazonaws.cn/en_us/aws/latest/userguide/cloudfront.html

AWS China CloudFront Error when provisioned using terraform

관련 콘텐츠