Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

CloudFormation broke my "AWS::ElasticLoadBalancingV2::Listener Certificate" configuration

0

Last week I created an ECS stack which included an ELBv2 resource and an https listener:

    "Listeners": [
      { "Port": 443,
        "Protocol": "https",
        "Certificates": [{ "Ref":"ParamDefaultCert" }],

Everything worked fine in 2 of the 3 AWS accounts that I created it in. Then on the 3rd account I got an error about the “Certificates” parameter expecting a JSONObject and not a String. I thought it was weird that I used the exact same CFN template in 2 other accounts and it worked but failed in the 3rd one.

I checked the documentation, and sure enough, it lists a JSONObject. Oh well, maybe I messed up somewhere.

So I changed my template to follow the documentation:

    "Listeners": [
      { "Port": 443,
        "Protocol": "https",
        "Certificates": [{ "CertficateArn": { "Ref":"ParamDefaultCert" }}],

and rebuilt the CFN stack.

Wouldn’t you know it, now 2 out of the 3 AWS Account accept the new configuration but the 3rd one now gives me this error:

Resource handler returned message: 
"Model validation failed (#: extraneous key [CertficateArn] is not permitted)" 
(RequestToken: 20037927-eb59-9c8a-3d1a-d55c573052f5, HandlerErrorCode: InvalidRequest)

What the heck is going on with CFN?!?!?!

Tópicos
Gestão e governançaRede e entrega de conteúdo
Tags
AWS CloudFormationElastic Load Balancing
Idioma
English
profile picture
RNHurt
feita há um mês305 visualizações
1 Resposta
1
Resposta aceita

Hello.

I thought it might be a spelling mistake.
Try making your template like this:
CertficateArn→CertificateArn

    "Listeners": [
      { "Port": 443,
        "Protocol": "https",
        "Certificates": [{ "CertificateArn": { "Ref":"ParamDefaultCert" }}],

In the document below, it is "CertificateArn" and your template is "CertificateArn".
Your template is missing the "i" in "CertificateArn".
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-certificate.html

profile picture
ESPECIALISTA
Riku_Kobayashi
respondido há um mês
profile picture
ESPECIALISTA
Oleksii Bebych
avaliado há um mês
  • RNHurt
    há um mês

    Holy Carp! I do believe that you're right about the misspelling. Thanx!

    The only question I have is that CFN accepted my template last week as a String and not a JSONObject. But this week it seems to require the JSONObject (CertificateArn), which is weird.

    I wonder if it's possible to see the previous version of the AWS documentation. I looked on GitHub but I can't seem to find the docs there.

  • RNHurt
    há um mês

    Even more interesting is that CFN let me create the stack with the misspelled "CertficateArn" string! I corrected the spelling in my templates and compared them to the template in the stack and it shows the difference in spelling. WTF??!?

    CFN is doing some really weird stuff this morning.

  • Riku_Kobayashi ESPECIALISTA
    há um mês

    In the past, it seemed like you could see the change history of the document on GitHub, but now it seems like you can't see it. https://aws.amazon.com/jp/blogs/aws/retiring-the-aws-documentation-on-github/
    It's interesting that the deployment was successful even though the spelling was incorrect.

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante