CloudFormation broke my "AWS::ElasticLoadBalancingV2::Listener Certificate" configuration
Last week I created an ECS stack which included an ELBv2 resource and an https listener:
"Listeners": [
{ "Port": 443,
"Protocol": "https",
"Certificates": [{ "Ref":"ParamDefaultCert" }],
Everything worked fine in 2 of the 3 AWS accounts that I created it in. Then on the 3rd account I got an error about the “Certificates” parameter expecting a JSONObject and not a String. I thought it was weird that I used the exact same CFN template in 2 other accounts and it worked but failed in the 3rd one.
I checked the documentation, and sure enough, it lists a JSONObject. Oh well, maybe I messed up somewhere.
So I changed my template to follow the documentation:
"Listeners": [
{ "Port": 443,
"Protocol": "https",
"Certificates": [{ "CertficateArn": { "Ref":"ParamDefaultCert" }}],
and rebuilt the CFN stack.
Wouldn’t you know it, now 2 out of the 3 AWS Account accept the new configuration but the 3rd one now gives me this error:
Resource handler returned message:
"Model validation failed (#: extraneous key [CertficateArn] is not permitted)"
(RequestToken: 20037927-eb59-9c8a-3d1a-d55c573052f5, HandlerErrorCode: InvalidRequest)
What the heck is going on with CFN?!?!?!
- 最新
- 投票最多
- 评论最多
Hello.
I thought it might be a spelling mistake.
Try making your template like this:
CertficateArn→CertificateArn
"Listeners": [
{ "Port": 443,
"Protocol": "https",
"Certificates": [{ "CertificateArn": { "Ref":"ParamDefaultCert" }}],
In the document below, it is "CertificateArn" and your template is "CertificateArn".
Your template is missing the "i" in "CertificateArn".
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-certificate.html
Holy Carp! I do believe that you're right about the misspelling. Thanx!
The only question I have is that CFN accepted my template last week as a String and not a JSONObject. But this week it seems to require the JSONObject (CertificateArn), which is weird.
I wonder if it's possible to see the previous version of the AWS documentation. I looked on GitHub but I can't seem to find the docs there.
Even more interesting is that CFN let me create the stack with the misspelled "CertficateArn" string! I corrected the spelling in my templates and compared them to the template in the stack and it shows the difference in spelling. WTF??!?
CFN is doing some really weird stuff this morning.
In the past, it seemed like you could see the change history of the document on GitHub, but now it seems like you can't see it. https://aws.amazon.com/jp/blogs/aws/retiring-the-aws-documentation-on-github/
It's interesting that the deployment was successful even though the spelling was incorrect.