I have the following aws Cloud formation script. It is supposed to wire up some components of a webapp I have been working on. It seems to be stuck on some cert validation. The 2 certs that where validated though email were validated just find. I can’t seem to figure out how to get the www.congresscritters.org cert to validate. Any help would be appreciated.
AWSTemplateFormatVersion: '2010-09-09'
Resources:
BaseHostedZone:
Type: 'AWS::Route53::HostedZone'
Properties:
Name: congresscritters.org.
WebCert:
Type: 'AWS::CertificateManager::Certificate'
Properties:
DomainName: www.congresscritters.org
ValidationMethod: DNS
DomainValidationOptions:
- DomainName: www.congresscritters.org
HostedZoneId: !Ref BaseHostedZone
SubjectAlternativeNames:
- congresscritters.org
WebDistribution:
Type: 'AWS::CloudFront::Distribution'
Properties:
DistributionConfig:
Aliases:
- www.congresscritters.org
DefaultRootObject: index.html
Origins:
- DomainName: congress-critters-web-ui-bucket.s3.amazonaws.com
Id: S3Origin
S3OriginConfig:
OriginAccessIdentity: ''
DefaultCacheBehavior:
AllowedMethods: ['GET', 'HEAD']
TargetOriginId: S3Origin
ViewerProtocolPolicy: redirect-to-https
Compress: true
ForwardedValues:
QueryString: false
ViewerCertificate:
AcmCertificateArn: !Ref WebCert
SslSupportMethod: sni-only
Enabled: true
HttpVersion: http2
BaseRecordSetGroup:
Type: 'AWS::Route53::RecordSetGroup'
Properties:
HostedZoneId: !Ref BaseHostedZone
RecordSets:
- Name: www.congresscritters.org
Type: A
AliasTarget:
HostedZoneId: !GetAtt WebDistribution.DomainName
DNSName: Z2FDTNDATAQYW2 # Fixed value for CloudFront
Comment: Website domain record
APICert:
Type: 'AWS::CertificateManager::Certificate'
Properties:
DomainName: api.congresscritters.org
ValidationMethod: EMAIL
APIDevCert:
Type: 'AWS::CertificateManager::Certificate'
Properties:
DomainName: api-dev.congresscritters.org
ValidationMethod: EMAIL
APIRecordSet:
Type: 'AWS::Route53::RecordSet'
Properties:
HostedZoneId: !Ref BaseHostedZone
Name: api.congresscritters.org
Type: A
AliasTarget:
DNSName: 7wqzggw1za.execute-api.us-east-1.amazonaws.com
HostedZoneId: Z1UJRXOUMOOFQ8 # Fixed value for API Gateway
Comment: API domain record
APIDevRecordSet:
Type: 'AWS::Route53::RecordSet'
Properties:
HostedZoneId: !Ref BaseHostedZone
Name: api-dev.congresscritters.org
Type: A
AliasTarget:
DNSName: orb9e3jc05.execute-api.us-east-1.amazonaws.com
HostedZoneId: Z1UJRXOUMOOFQ8 # Fixed value for API Gateway
Comment: API dev domain record
I have tried checking the various web controls on aws management console as well as reading there documentation.
2
Answers
Since you set
ValidationMethod: EMAIL
, you have to check the email associated with the domain and verify the SSL cert using the email that you got from the AWS. Alternatively, useDNS
validation method.Use DNS validation method however Since you set ValidationMethod: EMAIL, you have to check the email associated with the domain and verify the SSL cert using the email that you got from the AWS.