BlueZero
Reputation: 144
Creating AWS Distribution With Default Viewer Certificate Results in InvalidViewerCertificate
I am trying to create new AWS Distribution via API, where I am setting:
"ViewerCertificate": {
"CloudFrontDefaultCertificate": true
},
This should use the default CF certificate, but as a result I am getting this error:
InvalidViewerCertificate
To add an alternate domain name (CNAME) to a CloudFront distribution, you must attach a trusted certificate that validates your authorization to use the domain name.
{
"DistributionConfig": {
"Aliases": {
"Quantity": 2,
"Items": ["www.xxyz.com", "xyz.com"]
},
"DefaultRootObject": "",
"Origins": {
"Quantity": 1,
"Items": [{
"Id": "RJMn5FUTvrqoh-cloudfrontxyz.com",
"DomainName": "chzsgor80ynsme.xyz.com",
"OriginPath": "",
"CustomHeaders": {
"Quantity": 0
},
"CustomOriginConfig": {
"HTTPPort": 80,
"HTTPSPort": 443,
"OriginProtocolPolicy": "http-only",
"OriginSslProtocols": {
"Quantity": 4,
"Items": ["SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"]
}
}
}]
},
"DefaultCacheBehavior": {
"TargetOriginId": "RJMn5FUTvrqoh-cloudfrontxyz.com",
"ForwardedValues": {
"QueryString": true,
"Cookies": {
"Forward": "all"
},
"Headers": {
"Quantity": 1,
"Items": ["Host"]
}
},
"TrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "allow-all",
"AllowedMethods": {
"Quantity": 7,
"Items": ["HEAD", "DELETE", "POST", "GET", "OPTIONS", "PUT", "PATCH"],
"CachedMethods": {
"Quantity": 2,
"Items": ["HEAD", "GET"]
}
},
"SmoothStreaming": false,
"MinTTL": 0,
"DefaultTTL": 3600,
"MaxTTL": 31536000,
"Compress": false
},
"CacheBehaviors": {
"Quantity": 0
},
"CustomErrorResponses": {
"Quantity": 0
},
"Comment": "",
"Logging": {
"Enabled": false,
"Bucket": "",
"Prefix": "",
"IncludeCookies": true
},
"Enabled": true,
"PriceClass": "PriceClass_100",
"ViewerCertificate": {
"CloudFrontDefaultCertificate": true
},
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"WebACLId": "",
"CallerReference": "xyz-1555690298"
}
}
This actually worked few weeks ago, but something probably changed. Or, maybe there is a limitation to the amount of distributions allowed with a default certificate?
Thank you for your help!
Upvotes: 1
Views: 322
Answers (1)
James Dean
Reputation: 4421
I think it's because of CloudFront recent announcement:
https://forums.aws.amazon.com/ann.jspa?annID=6725
Since you're adding the CNAME: "Aliases": { "Quantity": 2, "Items": ["www.xxyz.com", "xyz.com"] }
Upvotes: 1
Related Questions
- ACM Requested Public SSL certificate not appearing in CloudFront
- Create CloudFrontWebDistribution with viewerCertificate, how to configure
- cannot see certificate under settings in cloudfront distribution despite adding valid arn
- Cloudfront with EC2 instance
- Having trouble associated SSL cert with Amazon Cloudfront
- Attaching Certificate to CloudDistribution with ARN fails with InvalidViewerCertificate
- Access denied on Cloudfront distribution using signed URL's
- CloudFront "MalformedPolicy" error with signed URLs
- Use CA certificate for AWS CloudFront
- AWS CloudFront SSL Certificate - MalformedCertificate error