By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

move single route 53 A record under acm wildcard to ACM in separate aws account

0

I have an app deployed in aws account B, until now I had an acm certificate in account A for mydomain.com and *.mydomain.com and a hosted zone in account A with an A record for myapp.mydomain.com pointing to the alb in account B, so far this worked fine. Now the app needs to be moved to a new domain "mydomain.xyz" while at the same time maintaining support for the previous route. I proceeded to create a mydomain.xyz acm in account B and got the DNS delegated and the acm was validated, now my app is live under "myapp.mydomain.xyz" but it lost the SSL support under the previous myapp.mydomain.com even though nothing was changed in account A.

I'm thinking I need to update the acm in account B to also list the previous domain and update the DNS delegation, but wanted to make sure Im going in the right direction.

Also there's other records set up in route 53 in account A using the wildcard acm, is there any risk by adding the domain to the acm domain list in account B for any of the other domains listed in account A?

Topics
Networking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon Route 53AWS Certificate Manager
Language
English
davel
asked 3 months ago107 views
2 Answers
0

To address your question:

  • You can add the previous domain "mydomain.com" and wildcard domain "*.mydomain.com" to the ACM certificate in account B. This will allow your application to continue supporting the previous domain names.
  • When adding additional domains to an ACM certificate, there is no risk to any other domains or certificates managed in a different AWS account. ACM certificates are scoped to the AWS account.
  • You will need to update the DNS records for "mydomain.com" and "*.mydomain.com" to point to the resources in account B, such as the Application Load Balancer. This ensures proper validation of the ACM certificate.
  • No changes are needed for the other domains managed in account A using the wildcard certificate. Adding domains to the certificate in account B will not affect any domains in other accounts.
  • Verify the ACM certificate in account B now covers both the new and previous domain names before removing the application endpoints for the old domains. This ensures continuous SSL support.
profile picture
EXPERT
Giovanni Lauria
answered 3 months ago
0

You will need to add NEW CNAMES to the Zone mydomain.com in Account A in order for ACM to issue a cert for the domain mydomain.com in account B

profile picture
EXPERT
Gary Mclean
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content