-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DNS validation with aws-certificate-manager #605
Comments
In my mind - this would have to fall back to a custom resource that either "reads" the events and parses it (gross) or calls ACM Describe looking for the pending one (also, not super fun) Upside - we do it once here - no one really ever needs to know how "gnarly" it is. Other ideas? |
@mindstorms6, could there ever be more than 1 pending verification on a domain? Because if so, the Describe call cannot work without more information, no? So we'd always have to parse our own CloudFormation stack and look for events with the correct logicalID? Which we don't know either? Ew. Might just be easier to do the whole ACM call inside a CustomResource as well? |
Indeed - you can have many pending requests for the same domain - you'd want some sort of disambiguation. CFN might install a tag or something like that. Being said - I imagine the resource could call "DescribeStackEvents" and we could get the pending physical Id then call ACM describe, and insert the records. That sounds more reasonable to me. |
This would be really useful, especially after seeing how nicely Terraform does it 🙏 |
CloudFormation now supports validating ACM certificates with DNS, however it seems a little gnarly, integration-wise.
In an ideal world, we could retrieve the verification
CNAME
as a return value and add it to a hosted zone automatically.The text was updated successfully, but these errors were encountered: