By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CloudFormation broke my "AWS::ElasticLoadBalancingV2::Listener Certificate" configuration

0

Last week I created an ECS stack which included an ELBv2 resource and an https listener:

    "Listeners": [
      { "Port": 443,
        "Protocol": "https",
        "Certificates": [{ "Ref":"ParamDefaultCert" }],

Everything worked fine in 2 of the 3 AWS accounts that I created it in. Then on the 3rd account I got an error about the “Certificates” parameter expecting a JSONObject and not a String. I thought it was weird that I used the exact same CFN template in 2 other accounts and it worked but failed in the 3rd one.

I checked the documentation, and sure enough, it lists a JSONObject. Oh well, maybe I messed up somewhere.

So I changed my template to follow the documentation:

    "Listeners": [
      { "Port": 443,
        "Protocol": "https",
        "Certificates": [{ "CertficateArn": { "Ref":"ParamDefaultCert" }}],

and rebuilt the CFN stack.

Wouldn’t you know it, now 2 out of the 3 AWS Account accept the new configuration but the 3rd one now gives me this error:

Resource handler returned message: 
"Model validation failed (#: extraneous key [CertficateArn] is not permitted)" 
(RequestToken: 20037927-eb59-9c8a-3d1a-d55c573052f5, HandlerErrorCode: InvalidRequest)

What the heck is going on with CFN?!?!?!

Topics
Management & GovernanceNetworking & Content Delivery
Tags
AWS CloudFormationElastic Load Balancing
Language
English
profile picture
RNHurt
asked 19 days ago283 views
1 Answer
1
Accepted Answer

Hello.

I thought it might be a spelling mistake.
Try making your template like this:
CertficateArn→CertificateArn

    "Listeners": [
      { "Port": 443,
        "Protocol": "https",
        "Certificates": [{ "CertificateArn": { "Ref":"ParamDefaultCert" }}],

In the document below, it is "CertificateArn" and your template is "CertificateArn".
Your template is missing the "i" in "CertificateArn".
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-certificate.html

profile picture
EXPERT
Riku_Kobayashi
answered 19 days ago
profile picture
EXPERT
Oleksii Bebych
reviewed 18 days ago
  • RNHurt
    19 days ago

    Holy Carp! I do believe that you're right about the misspelling. Thanx!

    The only question I have is that CFN accepted my template last week as a String and not a JSONObject. But this week it seems to require the JSONObject (CertificateArn), which is weird.

    I wonder if it's possible to see the previous version of the AWS documentation. I looked on GitHub but I can't seem to find the docs there.

  • RNHurt
    19 days ago

    Even more interesting is that CFN let me create the stack with the misspelled "CertficateArn" string! I corrected the spelling in my templates and compared them to the template in the stack and it shows the difference in spelling. WTF??!?

    CFN is doing some really weird stuff this morning.

  • Riku_Kobayashi EXPERT
    19 days ago

    In the past, it seemed like you could see the change history of the document on GitHub, but now it seems like you can't see it. https://aws.amazon.com/jp/blogs/aws/retiring-the-aws-documentation-on-github/
    It's interesting that the deployment was successful even though the spelling was incorrect.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content