I have a certificate which supports subdomains which I would like to use as part of a fargate deployment. The certificate known to work for the root domain and proposed subdomin (tested by applying to a cloudfront distribution).
When I try to apply the certificate to my stack I get the following error (elements redacted:
Stack Deployments Failed: Error: The stack named MyStack failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Resource handler returned message: "Certificate ARN 'arn:aws:acm:us-east-1:nnnnnnnnnnnn:certificate/x-x-x-x-x' is not valid (Service: ElasticLoadBalancingV2, Status Code: 400, Request ID: XXXX, Extended Request ID: null)" (RequestToken: XXXX, HandlerErrorCode: InvalidRequest)
Without the redirect_http
and certificate
parameters the stack deploys.
BASENAME="secure-stack"
DOMAIN_APEX = "example.org.uk"
SUBDOMAIN_NAME = f"costs.{DOMAIN_APEX}"
CERT_ARN='arn:aws:acm:us-east-1:nnnnnnnnnnnn:certificate/x-x-x-x-x'
class CynapseCostStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
vpc = ec2.Vpc(self, f"{BASENAME}-vpc", max_azs=2,)
cluster = ecs.Cluster(self, f"{BASENAME}-cluster", vpc=vpc)
task_image_options = ecs_patterns.ApplicationLoadBalancedTaskImageOptions(...)
ecs_patterns.ApplicationLoadBalancedFargateService(
self,
f"{BASENAME}-service",
service_name=f"{BASENAME}-service",
cluster=cluster,
cpu=256,
desired_count=1,
task_image_options=task_image_options,
memory_limit_mib=512,
public_load_balancer=True,
load_balancer_name=f"{BASENAME}-lb",
domain_name=SUBDOMAIN_NAME,
domain_zone=route53.HostedZone.from_lookup(self, f"{BASENAME}-zone", domain_name=DOMAIN_APEX),
redirect_http=True,
certificate=acm.Certificate.from_certificate_arn(self, f"{BASENAME}-cert", CERT_ARN),
)
Thank you, that is the issue as I'm deploying in eu-west-2. I've created a new DNS validated certificate in the correct region and it's now working.