Reputation: 2219
How to specify region in Cloudformation template to validate the ACM certificate via DNS
I am writing a Cloudformation template to request an ACM certificate for the Cloudfront to have SSL via DNS
My template:
ACMCertificate:
Type: "AWS::CertificateManager::Certificate"
Properties:
DomainName: mywebsite.com
SubjectAlternativeNames:
- www.mywebsite.com
DomainValidationOptions:
- DomainName: mywebsite.com
HostedZoneId: !Ref MyHostedZoneId
- DomainName: www.mywebsite.com
HostedZoneId: !Ref MyHostedZoneId
ValidationMethod: DNS
Outputs:
ACMCertificateArn:
Value: !Ref ACMCertificate
The issue: the certificate was created in the region of the AWS account, in my case it's eu-west-1. You know that this certificate can not be used for SSL, need to be created in us-east-1
How to specify the region in the Cloudformation template for validating the ACM certificate?
Any suggestion is appreciated.
Upvotes: 5
Views: 2387
Answers (2)
Reputation: 238209
Sadly, you can't do this from within the template. You have to create your stack in us-east-1 "manually". This means that if you are using AWS Console for that, you have to change the region in the console, and create your stack in that region using CloudFormation console.
If you are using AWS CLI's create-stack command, you can add --region us-east-1 as one of its parameters. For AWS SDK, such as boto3 you can do analogical operation.
You can also look at StackSets which allow you to deploy your templates across multiple accounts and regions from one central location.
Upvotes: 1
Reputation: 2123
You may be able to specify an AWS region to create the certificate in, specifice region is independent of the Cloudformation stack region which for example makes it possible to deploy a certificate in region us-east-1 (to use with cloudfront) while deploying the stack in region eu-west-1. By using custom resouce in cloudformaion
CreateCertificateCustomResource:
Type: Custom::CreateCertificates
Properties:
ServiceToken: CreateCertificateFunction.Arn
DomainName: yourdomain
ValidationDomain: DomainName
HostedZoneId: yourzoneid
CertificateRegion: yourRegion
IdempotencyToken: CreateCertificateCustomReource
CertificateTafs:
- Key: Name
Value: DomainName
Upvotes: 2
Related Questions
- How to create and verify a cross region public certificate through CloudFormation?
- ACM certificates cross account DNS validation
- How to specify a ACM certificate in a specific region for a data source?
- How to attach an ACM certificate from a different region (us-east1) to an application load balancer in another region using terraform
- Cloudformation: Reference created ACM Certificate in other region
- CloudFormation AWS::CertificateManager::Certificate automated certificate validation
- How can I instruct an AWS CloudFormation template to create resources in a specific region?
- How do I reference an existing AWS Cert in a CloudFormation template?
- Create CloudFormation resources in different region
- AWS Cloudformation Template - Set Region in S3 Bucket