DNS validated certificate handler sometimes fails with subject alternative names. #7995
Description
The DNS validated certificate handler, only waits for the first certificate ResourceRecord to be available.
This can be a problem when using subject alternative names, as the resource records aren't necessarily all made available at the same time.
Reproduction Steps
Reproduction is sporadic.
Create a certificate request with subject alternative names, wait for it to fail.
Error Log
START RequestId: f2555d41-030b-4f5e-91b9-271ea7be8803 Version: $LATEST
2020-05-15T03:30:18.205Z f2555d41-030b-4f5e-91b9-271ea7be8803 INFO Requesting certificate for redacted
2020-05-15T03:30:19.947Z f2555d41-030b-4f5e-91b9-271ea7be8803 INFO Certificate ARN: arn:aws:acm:us-east-1:redacted:certificate/redacted
2020-05-15T03:30:19.947Z f2555d41-030b-4f5e-91b9-271ea7be8803 INFO Waiting for ACM to provide DNS records for validation...
2020-05-15T03:30:23.430Z f2555d41-030b-4f5e-91b9-271ea7be8803 INFO Caught error TypeError: Cannot read property 'Name' of undefined. Uploading FAILED message to S3.
END RequestId: f2555d41-030b-4f5e-91b9-271ea7be8803
Environment
- CLI Version : 1.38.0 (build d5fa31f)
- Framework Version: 1.38.0
- OS : macos
- Language : typescript
Other
The lambda packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler needs to be updated to wait for all ressourcerecords, PR incoming.
This is 🐛 Bug Report