By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cloudformation and Route 53

0

Hi, I'm a bit of a rookie on AWS so please bear with me. I have a Cloudformation stack and I registered a domain name on Route 53. I'm trying to request a certificate for my domain. I tried DNS validation, but it says action required. Which action? I tried email validation, did not receive any email. How does the validation get done?

Topics
Networking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon CloudFrontAmazon Route 53AWS Certificate Manager
Language
English
Stevo
asked 3 months ago191 views
3 Answers
1
Accepted Answer

Ok, here's how I was able to create a record in Route53 pointing to my distribution.

In Route53, went to my hosted zone, clicked "Create record", checked "Alias". Picked "Alias to a cloudfront distribution". Then I was able to pick my cloudfront distribution in the dropdown. That's a breakthrough! However, now i get 403 Bad request. To be continued...

Stevo
answered 3 months ago
profile picture
EXPERT
Oleksii Bebych
reviewed a month ago
1

Hello.

If you define ACM in CloudFormation as shown below, DNS validation should be performed automatically.
In the example below, a CNAME record for DNS verification is registered in the hosted zone on Route 53 called "test.com".
"HostedZoneId" can be confirmed from the Route53 screen.
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  Certificate:
    Type: AWS::CertificateManager::Certificate
    Properties:
      DomainName: test.com
      DomainValidationOptions:
        - DomainName: test.com
          HostedZoneId: Z040XXXXXXXXXXXXXXXX
      ValidationMethod: DNS

If you want to perform manual verification, you need to register a CNAME record for verification in Route53.
https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html

profile picture
EXPERT
Riku_Kobayashi
answered 3 months ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 3 months ago
  • Stevo
    3 months ago

    that's nice! Thanks for the tip. I managed to create my cert using cloudformation template, however all my resources are located in Paris region, and if I try to create a cloudfront distribution, adding a CNAME to it requires to provide a certificate, and my new cert does not appear in the dropdown. It says that certificate should be in N. Virginia region. How can I request a cert in N. Virginia when my default region is Paris and all my resources in cloudformation template are in Paris?

  • Riku_Kobayashi EXPERT
    3 months ago

    I think you only need to create the ACM and CloudFront parts in the "us-east-1" region in the CloudFormation template. In the case of CloudFormation, resources are created in the region where the template is deployed, so you need to change it to the desired region.

0

So following you guys' advice, I moved my resources to N. Virginia and I was able to create a certificate and use it in a cloudfront distribution with my domain name as a CNAME. However, my domain still isn't delivering content! What am I doing wrong? Enter image description here origin screenshot

Stevo
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content