By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

ACM certificate has resources in use arn:aws:elasticloadbalancing:us-east-1 even after deleting domains in API gateway.

0

There are about 12 load balancing resources in use tied to my certificate. When I try to delete the certificate it gives me an error that it is in use.

This stems from me removing a service from lambda & api gateway. I used the serverless framework. Now when I am trying to recreate the domain to tie to a lambda service in api gateway and select edge optimized endpoint it throws an error

"One or more aliases specified for the distribution includes an incorrectly configured DNS record that points to another CloudFront distribution. You must update the DNS record to correct the problem. For more information, see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-restrictions (Service: AmazonCloudFront; Status Code: 409; Error Code: CNAMEAlreadyExists; Request ID: cdfeacf9-7ced-47a2-bbcc-8e9d537776af; Proxy: null)"

After doing some research it appears those load balance resources come from having maybe in the past used a regional endpoint instead of edge optimized.

I am looking for a solution on how to delete these resources so that I can create a new edge optimized endpoint configuration in api gateway so I can host my lambda service on a human readable domain.

  • AWS-User-1169997
    2 years ago

    Please raise a support case with ACM team on this. They will help you resolve this issue.

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content Delivery
Tags
AWS LambdaAmazon API GatewayElastic Load BalancingAmazon CloudFront
Language
English
AWS-User-1468084
asked 2 years ago464 views
1 Answer
0

For the inability to delete the ACM record used with API Gateway, see this article: https://repost.aws/questions/QU63csgGNEQl2M--xCdy-oxw/cant-delete-certificate-because-there-are-dangling-load-balancer-resources

For the attempt to reuse the domain, most likely, it is not a load balancer that is causing this. When you setup an ELB, you use a CNAME or alias record to point the traffic to the ELB: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-elb-load-balancer.html#routing-to-elb-load-balancer-configuring

The DNS record would be the problem, not the ELB itself. Check the DNS server setup for the domain in question or query any DNS server via a tool like dig or nslookup.

dig your_domain

Any response that resolves to an IP means the hostname is in use for something else. If it is CNAME'd or aliased to an ELB as you suspect, you would need to delete the CNAME/alias DNS record.

If you remove a CNAME/alias but still get the error, another CloudFront distribution could be using the domain. To fix that, Disable the CloudFront distribution currently using the domain name. Follow this doc to Disable it: https://aws.amazon.com/premiumsupport/knowledge-center/resolve-cnamealreadyexists-error/

If still not fixed, check if API Gateway has the domain setup as a custom domain. If yes, delete the custom domain. Look at this document on creating regional domains, delete the existing alias for your domain instead of creating a new one. https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-regional-api-custom-domain-create.html

AWS
Geary_S
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content