Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

certificatemanager.DnsValidatedCertificate has too low timeout #5835

Closed
konstantinj opened this issue Jan 16, 2020 · 2 comments · Fixed by #8552
Closed

certificatemanager.DnsValidatedCertificate has too low timeout #5835

konstantinj opened this issue Jan 16, 2020 · 2 comments · Fixed by #8552
Assignees
@skinny85
Labels
@aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager bug This issue is a bug. in-progress This issue is being actively worked on. p2

Comments

@konstantinj
Copy link

When creating a DnsValidatedCertificate currently in the us-east-1 region my stack creation fails due to not being able to validate the certificate in time. It's set to 15 minutes currently:

aws-cdk/packages/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts

Line 65 in e3305d8

timeout: cdk.Duration.minutes(15),

The AWS console reminds that it can take up to 30mins. Since DnsValidatedCertificate is creating a new certificate in a new stack all the time, it is (at least currently) not possible to create a stack with a DnsValidatedCertificate in us-east-1.

Reproduction Steps

        const hostedZone = HostedZone.fromLookup(this, 'HostedZone', {
            domainName: 'example.com',
        })

        const certificate = new DnsValidatedCertificate(this, 'Certificate', {
            'example.com',
            subjectAlternativeNames: [
                '*.example.com',
            ],
            hostedZone: hostedZone,
        })

Error Log

50/55 | 2:29:40 PM | CREATE_FAILED        | AWS::CloudFormation::CustomResource         | client-tracking-listener-us/Certificate/CertificateRequestorResource/Default (CertificateCertificateRequestorResource2890C6B7) Failed to create resource. Resource is not in the state certificateValidated
        new CustomResource (/Users/kjakobi/workspace/infrastructure/tracking/node_modules/@aws-cdk/aws-cloudformation/lib/custom-resource.ts:163:21)
    \_ new DnsValidatedCertificate (/Users/kjakobi/workspace/infrastructure/tracking/node_modules/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts:81:29)
    \_ new TrackingListenerStack (/Users/kjakobi/workspace/infrastructure/tracking/lib/tracking-listener-stack.ts:72:29)
    \_ Object.<anonymous> (/Users/kjakobi/workspace/infrastructure/tracking/bin/tracking.ts:40:1)
    \_ Module._compile (internal/modules/cjs/loader.js:1144:30)
    \_ Module.m._compile (/Users/kjakobi/workspace/infrastructure/tracking/node_modules/ts-node/src/index.ts:536:23)
    \_ Module._extensions..js (internal/modules/cjs/loader.js:1164:10)
    \_ Object.require.extensions.<computed> [as .ts] (/Users/kjakobi/workspace/infrastructure/tracking/node_modules/ts-node/src/index.ts:539:12)
    \_ Module.load (internal/modules/cjs/loader.js:993:32)
    \_ Function.Module._load (internal/modules/cjs/loader.js:892:14)
    \_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:71:12)
    \_ main (/Users/kjakobi/workspace/infrastructure/tracking/node_modules/ts-node/src/bin.ts:212:14)
    \_ Object.<anonymous> (/Users/kjakobi/workspace/infrastructure/tracking/node_modules/ts-node/src/bin.ts:470:3)
    \_ Module._compile (internal/modules/cjs/loader.js:1144:30)
    \_ Object.Module._extensions..js (internal/modules/cjs/loader.js:1164:10)
    \_ Module.load (internal/modules/cjs/loader.js:993:32)
    \_ Function.Module._load (internal/modules/cjs/loader.js:892:14)
    \_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:71:12)
    \_ /usr/local/lib/node_modules/npm/node_modules/libnpx/index.js:268:14

Environment

  • CLI Version : 1.21.0
  • Framework Version: 1.21.0
  • OS : osx
  • Language : typescript

This is 🐛 Bug Report
@konstantinj konstantinj added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jan 16, 2020
@SomayaB SomayaB added the @aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager label Jan 16, 2020
@rix0rrr rix0rrr added the p2 label Jan 17, 2020
@rix0rrr
Copy link
Contributor

rix0rrr commented Jan 17, 2020

A solution would be to switch to the new custom resource provider framework.

@rix0rrr rix0rrr assigned skinny85 and unassigned rix0rrr Jan 23, 2020
@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label Mar 5, 2020
@Dzhuneyt
Copy link
Contributor

Duplicate of #5831.

jogold added a commit to jogold/aws-cdk that referenced this issue Jun 15, 2020
@jogold
feat(certificate-manager): native CloudFormation DNS validated certif…
89122f9 
…icate

Automatically adding Amazon Route 53 CNAME records for DNS validation is
now natively supported by CloudFormation.

Add a `validation` prop to `Certificate` to handle both email and DNS
validation. Deprecate `DnsValidatedCertificate`.

The default remains email validation (non-breaking).

Closes aws#5831
Closes aws#5835
Closes aws#6081
Closes aws#6516
Closes aws#7150
Closes aws#7941
Closes aws#7995
Closes aws#7996
jogold added a commit to jogold/aws-cdk that referenced this issue Jun 15, 2020
@jogold
feat(certificatemanager): native CloudFormation DNS validated certifi…
adb63fc 
…cate

Automatically adding Amazon Route 53 CNAME records for DNS validation is
now natively supported by CloudFormation.

Add a `validation` prop to `Certificate` to handle both email and DNS
validation. Deprecate `DnsValidatedCertificate`.

The default remains email validation (non-breaking).

Closes aws#5831
Closes aws#5835
Closes aws#6081
Closes aws#6516
Closes aws#7150
Closes aws#7941
Closes aws#7995
Closes aws#7996
@jogold jogold mentioned this issue Jun 15, 2020
Merged
@SomayaB SomayaB added the in-progress This issue is being actively worked on. label Jun 15, 2020
@mergify mergify bot closed this as completed in #8552 Jul 10, 2020
mergify bot pushed a commit that referenced this issue Jul 10, 2020
@jogold
feat(certificatemanager): native CloudFormation DNS validated certifi…
337279f 
…cate (#8552)

Automatically adding Amazon Route 53 CNAME records for DNS validation is
now natively supported by CloudFormation.

Add a `validation` prop to `Certificate` to handle both email and DNS
validation. `DnsValidatedCertificate` is now only useful for cross-region
certificate creation.

The default remains email validation (non-breaking).

Closes #5831
Closes #5835
Closes #6081
Closes #6516
Closes #7150
Closes #7941
Closes #7995
Closes #7996
Closes #8282 
Closes #8659
Closes #8783

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skinny85 skinny85

Labels
@aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager bug This issue is a bug. in-progress This issue is being actively worked on. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(certificatemanager): native CloudFormation DNS validated certificate jogold/aws-cdk
5 participants
@skinny85 @rix0rrr @Dzhuneyt @konstantinj @SomayaB