Comments (5)
from scar.
Hi @yanlinaung30 - the manual workaround for this issue is to manually delete the CNAME record first before deleting the CloudFormation stack.
You can do this by using the AWS Route 53 console to open the hosted zone that was created as part of your stack, selecting the CNAME record set, then "Delete Record Set". After that, you should be able to fully delete the CloudFormation stack as it will then be able to delete the hosted zone.
Let me know if that works.
from scar.
@cloudkj
Thanks for your reply!
I delete CNAME manually as soon as the certificate is issued successfully.
But I encountered another issue.
I upload json template file to my s3 bucket of my region & Create the CloudFormation stack in my region
CloudFrontRootDistribution
The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain. (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidViewerCertificate; Request ID: 67acde6a-8687-11e9-b0a2-4f83c31ceffd)
CloudFrontWWWDistribution
The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain. (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidViewerCertificate; Request ID: 67944d42-8687-11e9-aadb-fd94b97f8503)
from scar.
Hi @yanlinaung30 - it looks like ACM has a restriction that requires certificates to be created in the us-east-1 region in order to be used with CloudFront: https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html
To use an ACM Certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region. ACM Certificates in this region that are associated with a CloudFront distribution are distributed to all the geographic locations configured for that distribution.
Unfortunately, for now you'll have to create the stack in us-east-1. Note that there should be no degradation in performance for visitors since the CloudFront distribution will be global. However, I can see that there can be a performance/cost issue in dealing with uploading or syncing assets if us-east-1 is not your home region.
I'll open a separate issue to track this problem. At the very least, the docs should be updated to reflect this limitation. It's possible that CloudFormation Stack Sets can offer a path forward by requesting only the ACM certificate in us-east-1 but other resources in the chosen region, but some work is needed to see if that's possible.
from scar.
@cloudkj
Oh, this must be the reason!
Thanks a lot for your reply and explanation.
I will create the CloudFormation in North Virginia for now.
Thank you!
from scar.
Related Issues (9)
- ACM Pricing HOT 2
- Update docs to reflect us-east-1 limitation due to restriction on using ACM and CloudFront
- Suggestion: Replace second bucket and CloudFront distribution with Lambda function HOT 2
- Suggestion: Add estimated cost to README HOT 1
- Diagram Tool HOT 1
- Add template for apex domain only
- Add template for www->apex redirection
- Include certificate validation using CNAME DNS record as part of template
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scar.