By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Unable to Delete ACM Certificate - No API Gateway, Custom Domain or Cloud Front Distribution Exists

0

I am attempting to delete an ACM certificate from my AWS Account. This is not able to happen because it has some associated resources. Upon doing some research I found that this can happen because API Gateway or CloudFront will associate the certificate with its own Load Balancer. However, I do not have an API Gateway, Custom Domain, or CloudFront distribution active on this account.

Arns Look like:

arn:aws:elasticloadbalancing:us-east-1:250044486744:loadbalancer/app/prod-iad-1-az1-1-0/9c18104fa6102224
arn:aws:elasticloadbalancing:us-east-1:250044486744:loadbalancer/app/prod-iad-1-az2-1-103/b0fab4aa61af247a
arn:aws:elasticloadbalancing:us-east-1:250044486744:loadbalancer/app/prod-iad-1-az5-1-8/af057e0e069b45d2
arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdws-71/3ef2e951b96d90d1
arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdws-84/fa5b5f00887fe6f1
arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdws-88/0fcd61b701b03141

What is the best way to resolve this? Are there other managed services that may associate my certificate with a load balancer that I am not thinking of? Will they eventually be deleted?

  • It'll eventually be deleted. Wait a couple hours before submitting a support ticket.

4 Answers
1

Edit: Just read your comment that those ARNs are from deleted API gateways, just double check one more time in us-east-1 if you have any API GW left, if not you can open a support case that you are not able to remove the ACM because of these ARNs.

The ARNs in your questions look like an API Gateway regional endpoint ARN. I have seen similar naming patterns for regional endpoints ALB ARNs.

I am sure you already know this but would like clarify for anyone reading in future, Deploying a Regional API endpoint creates an Application Load Balancer by API Gateway. The CloudFront distribution or Application Load Balancer is owned by API Gateway, not your account. The ACM certificate provided to deploy API Gateway is associated with the CloudFront distribution or Application Load Balancer.

Please follow the steps documented at: https://aws.amazon.com/premiumsupport/knowledge-center/acm-certificate-resources/

answered 3 years ago
  • Hi,

    I have seen those steps in my troubleshooting process and have attempted to follow them.

    The problem is, I do not currently have an API Gateway or Custom Domain provisioned in my account. They were deleted. Yet the ACM association persists.

  • Then you can ask Support for diagnose :)

1

Everyone, wait a couple hours before submitting a support ticket.

I had the same issue today. I was in the middle of writing up a support ticket and I was able to delete my cert by the time I was done writing it. It probably took about 30-60 minutes for it to be disassociated.

answered 3 years ago
0

All services which can use ACM you can find here.

As I remember certificate should show where is it used, but I can't confirm it right now.

Last advice :) you should avoid showing your account number because it's very sensitive data.

profile picture
answered 3 years ago
  • Hi, thanks for the advice.

    I currently have nothing provisioned from that list.

    None of the account numbers in the Arns I showed are my account. They are the Arns of the Load Balancers that are associated presumably with a deleted API gateway, causing the issue.

0

Use the AWS Config service. For resource type select AWS ACM Certificate and then either select your certificate or enter the ARN of your certificate. Select Resource Timeline and focus on the configuration changes listed. Here you should be able to view the change details and you would be interested in the ones that call out Configuration.InUseBy.

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions