minimum timeout for validating dnsvalidatedcertificates. #3912
Description
🚀 Feature Request
General Information
- 👋 I may be able to implement this feature request
-
⚠️ This feature might incur a breaking change
Description
I'm finding that my DNS validated certificates are passing validation, about 20 seconds after the CDK code gives up on its sixth attempt.
` let record;
const maxAttempts = 6;
for (let attempt = 0; attempt < maxAttempts - 1 && !record; attempt++) {
const { Certificate } = await acm.describeCertificate({
CertificateArn: reqCertResponse.CertificateArn
}).promise();
const options = Certificate.DomainValidationOptions || [];
if (options.length > 0 && options[0].ResourceRecord) {
record = options[0].ResourceRecord;
} else {
// Exponential backoff with jitter based on 200ms base
await sleep(Math.random() * (Math.pow(2, attempt) * 200));
}
}`
Basically I see this in my console:
8/10 | 3:36:35 PM | CREATE_FAILED | AWS::CloudFormation::CustomResource | mapCertificate/CertificateRequestorResource/Default (mapCertificateCertificateRequestorResource0BCE5E02) Failed to create resource. Response from describeCertificate did not contain DomainValidationOptions after 6 attempts.
and a bit later see the cert validate in the aws console.
Proposed Solution
If I could just add a property to the dns validator asking it to be a little more patient (maybe my aws region is just slower?) that would solve the issue. If my math is correct the max total wait is only 12.6 seconds. 30 seconds seems average for me in the console for my region.
even being able to adjust attempts would help.
Environment
- CDK CLI Version: 1.6.1
- Module Version: 1.6.1
- OS: Windows 10
- Language: TypeScript