fix(certificatemanager): exclude domain validation options when using dns validation#7941
Closed
tpunder wants to merge 1 commit intoaws:masterfrom
Closed
fix(certificatemanager): exclude domain validation options when using dns validation#7941tpunder wants to merge 1 commit intoaws:masterfrom
tpunder wants to merge 1 commit intoaws:masterfrom
Conversation
… dns validation As of 2020-05-11 CloudFormation now returns a "ValidationDomain cannot be used with DNS validation" error for some regions (e.g. us-west-2, eu-central-1) if you try to specify DomainValidationOptions on a Certificate when ValidationMethod is DNS. This fixes aws#7933 This CloudFormation template now causes an error: Resources: mysslcertF404C81B: Type: AWS::CertificateManager::Certificate Properties: DomainName: www.example.com DomainValidationOptions: - DomainName: www.example.com ValidationDomain: example.com ValidationMethod: DNS The correct template now excludes the DomainValidationOptions for DNS: Resources: mysslcertF404C81B: Type: AWS::CertificateManager::Certificate Properties: DomainName: www.example.com ValidationMethod: DNS
Collaborator
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
skinny85
suggested changes
May 13, 2020
Contributor
skinny85
left a comment
There was a problem hiding this comment.
Thanks for the quick fix @tpunder, it's great! However, let's hold out on this change for now. We're discussing whether the CloudFormation change is actually correct with the team. Let's see what happens with that discussion.
Putting in "Request changes" for now.
Contributor
Author
|
@skinny85 Sounds good. I would argue that the CloudFormation change is not a good idea since it breaks existing templates. I was able to verify that this PR solves my problem. |
jogold
added a commit
to jogold/aws-cdk
that referenced
this pull request
Jun 15, 2020
…icate Automatically adding Amazon Route 53 CNAME records for DNS validation is now natively supported by CloudFormation. Add a `validation` prop to `Certificate` to handle both email and DNS validation. Deprecate `DnsValidatedCertificate`. The default remains email validation (non-breaking). Closes aws#5831 Closes aws#5835 Closes aws#6081 Closes aws#6516 Closes aws#7150 Closes aws#7941 Closes aws#7995 Closes aws#7996
jogold
added a commit
to jogold/aws-cdk
that referenced
this pull request
Jun 15, 2020
…cate Automatically adding Amazon Route 53 CNAME records for DNS validation is now natively supported by CloudFormation. Add a `validation` prop to `Certificate` to handle both email and DNS validation. Deprecate `DnsValidatedCertificate`. The default remains email validation (non-breaking). Closes aws#5831 Closes aws#5835 Closes aws#6081 Closes aws#6516 Closes aws#7150 Closes aws#7941 Closes aws#7995 Closes aws#7996
mergify bot
pushed a commit
that referenced
this pull request
Jul 10, 2020
…cate (#8552) Automatically adding Amazon Route 53 CNAME records for DNS validation is now natively supported by CloudFormation. Add a `validation` prop to `Certificate` to handle both email and DNS validation. `DnsValidatedCertificate` is now only useful for cross-region certificate creation. The default remains email validation (non-breaking). Closes #5831 Closes #5835 Closes #6081 Closes #6516 Closes #7150 Closes #7941 Closes #7995 Closes #7996 Closes #8282 Closes #8659 Closes #8783 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note: I have been having problems fully building aws-cdk locally so have not been able to fully test this beyond building and running the updated tests in aws-certificatemanager.
As of 2020-05-11 CloudFormation now returns a "ValidationDomain cannot be used with DNS validation" error for some regions (e.g. us-west-2, eu-central-1) if you try to specify DomainValidationOptions on a Certificate when ValidationMethod is DNS. This fixes #7933
This CloudFormation template now causes an error:
The correct template now excludes the DomainValidationOptions for DNS:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license