By using AWS re:Post, you agree to the Terms of Use

Questions tagged with AWS Certificate Manager

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

CloudFormation stack CREATE_FAILED because of "Internal Error"

Hey folks, I was trying to replicate the service I work on to a separate burner account. I was able to replicate all the other stacks except the ECS Service stack (the main one for the service). I get an error while running bb cdk deploy <ECSServiceStackName> which says: Received response status [FAILED] from custom resource. Message returned: Internal Error (RequestId: f67e9cec-b153-47fa-8bf6-8c1ac962394c) I believe it is due to other resources that failed to create: The following resource(s) failed to create: [LoadBalancerBE9EEC3A, LambdaCanary44B53221, SslCertificateArnSsmParameterFBC7F579]. Rollback requested by user. Based on the events and time stamps I can see that the SslCertificateArnSsmParameter resource failed first (also started creating first) due to which the other 2 are failing. Is this Certificate resource an issue with regards to a burner account? Is it okay that I am trying to replicate this resource in a separate AWS account apart from the original Alpha account (Yes, I am replicating all the resources from the alpha account)? If anyone is curious about why I am replicating everything to a burner account- The goal is to get the service up and running in a separate AWS account and for that I am trying it on a burner account first before going ahead with a new permanent Conduit account. TIA :) Attached 1 images 1) the CloudFormation Console![Enter image description here](/media/postImages/original/IMkJjzEqt4RuW6rZza6P2ptg) 2) CW logs associated with the resource. `{ "Status": "FAILED", "Reason": "Internal Error", "PhysicalResourceId": "2022/09/13/[$LATEST]<id>", "StackId": "arn:aws:cloudformation:us-west-2:<aws_accountID>:stack/IhmPrimsDecouplerEcsService-<aws_accountID>/<some_ID>, "RequestId": "<RequestID>", "LogicalResourceId": "SslCertificateArnSsmParameterFBC7F579", "NoEcho": false, "Data": {} }` `INFO ParameterNotFound: null at Request.extractError (/tmp/node_modules/aws-sdk/lib/protocol/json.js:52:27) at Request.callListeners (/tmp/node_modules/aws-sdk/lib/sequential_executor.js:106:20) at Request.emit (/tmp/node_modules/aws-sdk/lib/sequential_executor.js:78:10) at Request.emit (/tmp/node_modules/aws-sdk/lib/request.js:686:14) at Request.transition (/tmp/node_modules/aws-sdk/lib/request.js:22:10) at AcceptorStateMachine.runTo (/tmp/node_modules/aws-sdk/lib/state_machine.js:14:12) at /tmp/node_modules/aws-sdk/lib/state_machine.js:26:10 at Request.<anonymous> (/tmp/node_modules/aws-sdk/lib/request.js:38:9) at Request.<anonymous> (/tmp/node_modules/aws-sdk/lib/request.js:688:12) at Request.callListeners (/tmp/node_modules/aws-sdk/lib/sequential_executor.js:116:18) { code: 'ParameterNotFound'`
1
answers
0
votes
26
views
asked 11 days ago

ACM Certificate issued for an private hosted zone, status stuck on pending validation

Hi, we have a certificate issued by ACM for the domain for renewal, and the status of this certificate is `pending validation`. I tried to add the CNAME record by `Create Records in Route 53`, and it pop as "the record is successfully created". Waited for a day, the certificate is still on `pending validation` status. To give a clear example, naming the domain that needs verification as `api.example.com`. I checked in route53 that there is no CNAME record in the hosted zone "api.example.com", however we have a record in the hosted zone `example.com`. I'm not sure about the relationship of this two domain names. But `api.example.com` is a **private hosted zone ** and `example.com` is a **public hosted zone ** that has the CNAME record we need to add to `api.example.com`. The record in the public hosted zone has CNAME has record name. I have followed [DNS validation](https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html) and [Why is my AWS Certificate Manager (ACM) certificate DNS validation status still pending validation?](https://aws.amazon.com/premiumsupport/knowledge-center/acm-certificate-pending-validation/?nc1=h_ls) and it's a bit confusing that is this the correct certificate we get for a private hosted zone? Shouldn't we get it from ACM CA? If no, where should I add this record to? I pasted the example below, how do I complete validation for this domain? ![Route 53 Dashboard](/media/postImages/original/IMIGfX3gQFT6OTpL1NG61-3A) ![Certificate](/media/postImages/original/IMj6JK8q3HRdST1BZkFD3cpA)
0
answers
0
votes
26
views
asked 17 days ago