-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(elasticloadbalancingv2): adding a new certificate to a multi-certificate listener will lose old extra ceritifactes #13150
Comments
Thanks for the bug report -- and for including the response from support! I suspect the answer is to alter the below code block: aws-cdk/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts Lines 266 to 271 in 9663093
Rather than creating one This should be a relatively straightforward change; PRs welcome if anyone has the time to go after it! |
|
If you try to add a new certificate to a listener that has already at least one extra certificate (i.e. one in addition to the main certificate), the old extract certificate will be lost by the end of update operation.
Reproduction Steps
(In my case, it happened like this:)
foo.com
(main one) andbar.com
(additional one) stack and deploy it.baz.com
to the list and deploy it.What did you expect to happen?
The listener should keep one main certificate and two extra certificates.
What actually happened?
The old extra certificate (
bar.com
) is gone.Environment
Other
Please note that, according to my findings from AWS support, this seems to be a bug/feature of CloudFormation. Interestingly, even though the
Certificates
field is of typeArray
, the documentation says: You can specify one certificate per resource.If my understanding is correct, CDK should not put all additional certificates into one
AWS::ElasticLoadBalancingV2::ListenerCertificate
resource. It should be oneAWS::ElasticLoadBalancingV2::ListenerCertificate
resource per each additional certificate.This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: