Reputation: 7491
Error creating API Gateway Domain Name by terraform
I have the terraform definition:
resource "aws_api_gateway_domain_name" "apigatewatDomainName" {
domain_name = servername.companyname.com
certificate_arn = "arn:aws:acm:us-east-1:12345566:certificate/dddddd-3333-4444-5555 0123456789a"
}
When I apply the terraform I am getting the error:
Error: Error creating API Gateway Domain Name: BadRequestException: The certificate that is attached to your distribution doesn't cover the alternate domain name (CNAME) that you're trying to add.
When I apply the command
aws acm describe-certificate --certificate-arn <certificate-arn>
I am getting in the description
"DomainValidationOptions": [
{
"ValidationStatus": "SUCCESS",
"ResourceRecord": {
"Type": "CNAME",
"Name": "_88f0a9b77497411fd26c281d7d61fbd9.servername.companyname.com",
"Value": "_4cee246cb2515f9a0c1f101edaee900e.hkvuiqjoua.acm-validations.aws."
},
"ValidationDomain": "*.servername.companyname.com",
"ValidationMethod": "DNS",
"DomainName": "*.servername.companyname.com"
}
],
Also, in this description I see
"SubjectAlternativeNames": [
"*.servername.companyname.com"
],
So, I assume that I can create a domain like “aaa.servername.companyname.com”, so I specified resource
"aws_api_gateway_domain_name" "aaa.servername.companyname.com" {
But terraform does not allow to have dots in a resource name, I see the error
“A name must start with a letter or underscore and may contain only letters, digits, underscores, and dashes.”
Upvotes: 2
Views: 7176
Answers (1)
Reputation: 238081
It seems that your domain servername.companyname.com is not covered by a ACM certificate issued for for *.servername.companyname.com.
About wildcard names from docs:
When you request a wildcard certificate, the asterisk (*) must be in the leftmost position of the domain name and can protect only one subdomain level. For example, *.example.com can protect login.example.com and test.example.com, but it cannot protect test.login.example.com. Also note that *.example.com protects only the subdomains of example.com, it does not protect the bare or apex domain (example.com).
Also from the same docs:
However, you can request a certificate that protects a bare or apex domain and its subdomains by specifying multiple domain names in your request. For example, you can request a certificate that protects example.com and *.example.com
Upvotes: 3
Related Questions
- terraform elasticsearch: invalid value for domain_name
- Terraform - Error creating NAT Gateway: InvalidElasticIpID.Malformed
- Terraformed AWS API Gateway Custom Domain Names throws 403 Forbidden
- terraform aws apigateway path_part
- BadRequestException when creating AWS APIGateway via terraform
- Terraform error: error creating route: InvalidEgressOnlyInternetGatewayId.Malformed
- Terraform add aws_api_gateway_integration response json
- Cannot create elasticSearch Domain using terraform
- AWS API Gateway resource: invalid or unknown key: tags
- How do I create an API Proxy using Terraform and AWS API Gateway