Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Pitfall: ACM Certificate With CloudFormation

DZone's Guide to

Pitfall: ACM Certificate With CloudFormation

CloudFormation recently started supporting the AWS Certificate Manager — but some users might run into an SSL certificate error. Here's a quick workaround.

· Cloud Zone ·
Free Resource

Discover a centralized approach to monitor your virtual infrastructure, on-premise IT environment, and cloud infrastructure – all on a single platform.

Good news, CloudFormation added support for AWS Certificate Manager recently. Creating a CloudFront distribution which is using an ACM certificate is finally possible with CloudFromation as well.

The following listing shows the definition of an ACM certificate as well as its usage within a CloudFront distribution.

"Certificate" : {
  "Type": "AWS::CertificateManager::Certificate",
  "Properties": {
    "DomainName": "example.com",
    "DomainValidationOptions": [{
      "DomainName": "example.com",
      "ValidationDomain": "example.com"
    }]
  }
},
"Distribution": {
  "Type": "AWS::CloudFront::Distribution",
  "Properties": {
    "DistributionConfig": {
      "Aliases": "example.com",
      "ViewerCertificate": {
        "AcmCertificateArn": {"Ref": "Certificate"},
        "SslSupportMethod": "sni-only"
      },
      [...]
    }
  }
}

Sounds great so far. Nevertheless, I struggled to create a stack containing the ACM certificate and a CloudFront distribution.

CloudFormation reported the following error:

CREATE_FAILED    
AWS::CloudFront::Distribution    
Distribution    
The specified SSL certificate doesn't exist, isn't valid, or doesn't include a valid certificate chain.

It took me some time to figure out the reason: I tried to create the stack in eu-west-1. But the ACM certificate needs to be created in us-east-1 when used together with CloudFront. So one possible solution was to create the CloudFormation stack in us-east-1. Lesson learned!

Learn how to auto-discover your containers and monitor their performance, capture Docker host and container metrics to allocate host resources, and provision containers.

Topics:
amazon web services ,cloudformation ,certificate ,error ,cloudfront

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}