I can't delete my certificate because it's associated with an invisible cloudfront distribution
I have a certificate in AWS Certificate manager that I would like to delete (I need to recreate it to include a root domain). When I try to delete it, I get an error saying that it is associated with a Cloudfront distribution and cannot be deleted. However, in Cloudfront, I have no distributions listed. How can dissociate the certificate from the resource?
I found a similar question and looked for API Gateway resources. I found one and it had a custom domain name similar to the certificate. I've deleted both the custom domain and the API Gateway and they're no longer listed in API Gateway interface, but I'm still not able to delete the certificate because it's associated with this unknown cloudfront resource.
- 最新
- 投票最多
- 评论最多
After some time passed, I was able to delete the certificate. It seems that deleting the API Gateway was indeed the cause of the error, and it simply needed some additional time to pass after deletion before I could delete the associated certificate.
Hello Ben,
From your question I have understood that you are unable to find an ACM certificate and the associations with it. You were correct that to delete a certificate that is in use, you must first remove the certificate association. This can be done using the console or CLI for the associated service. I will link a general guide below: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-delete.html
Yep API GW edge-optimised APIs are accessed through a CloudFront distribution you don't own - it's in an AWS-managed account. It will use your cert though as you've seen. "aws apigateway get-domain-names" can be used to see the distribution domain names.
I'm facing the same issue, it's been 1 day already since I deleted the associated API gateway custom domain. The certificate still seems to be associated to some resources that does not exist in my account, this is what i see:
Associated resources (3)
arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-104/87ea7bd28e18ef45
arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-793/dd9eb9379f71a0ba
arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-862/56fc8591797a2875
This shown account id is not mine.
相关内容
AWS 官方已更新 2 年前- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
