- Newest
- Most votes
- Most comments
I would suggest not deleting a CloudFront distribution while it has a custom TLS certificate associated with it. It's safest to disassociate custom certificates from the distribution first, let it wait for a while to reach eventual consistency, and only delete the distribution when it's switched to using CloudFront's default TLS certificate and not your custom certificate.
If you can see the distribution in your AWS account, you should be able to modify its settings not to use a custom SSL certificate, causing it to fall back to CloudFront's default certificate, making it ready to be deleted.
If you mean that you aren't seeing the CloudFront distribution at all and perhaps never did, if it is/was an AWS-managed CloudFront distribution automatically created behind the scenes for the Cognito User Pool, and you're just seeing in the ACM certificate's details it still linked to the invisible CloudFront distribution, then that's what I've seen before with our custom CloudFront distros, when they've been deleted without first detaching our custom certificate. Since you already deleted the Cognito User Pool, you won't be able to modify its TLS settings, so I believe it will have to be removed by AWS's CloudFront or Cognito service team, to whom AWS support can escalate the case.
I suppose you know this, but to be sure, ACM certificates are free, so there's no financial impact to the ACM certificate lingering.
Thanks for the info. Yes to the second case ("you aren't seeing the CloudFront distribution at all and perhaps never did"), I cannot view the CloudFront distribution and I'm unable to delete the ACM certificate until the association with this invisible distribution is removed. I can see the distribution's ID from the ACM certificate page.
Like you said, I've contacted AWS Support but they closed my case and told me to either post about the issue here, open a new case, or pay for premium support. I've opened a new case in the hopes that they will fix it this time around.
Clear. That's the same phenomenon we've seen before for our custom CloudFront distributions, when CloudFormation has deleted it without detaching the certificate first. We got those resolved through Enterprise support, but I have no wisdom to share on how unpaid support handles these. I can only guess they suggested re:Post thinking incorrectly that there's nothing to fix on AWS's side but only advice and guidance needed that could be obtained here. Hopefully they'll be more responsive to your new case.
Thanks, hope so too
Relevant content
- Accepted Answerasked 2 years ago
- Accepted Answerasked 10 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 3 months ago
What error do you see when trying to remove CloudFront ?
@Oleksii Bebych I actually cannot see any CloudFront distributions since the distribution was created by AWS. When I try to delete the ACM certificate, I get this error:
Certificate is in use The certificate (X) is in use (associated with other AWS resources) and cannot be deleted. Dissociate the certificate from each resource in the list and try again. Associated resources arn:aws:cloudfront::X:distribution/X