Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can you create Certificates in the same stack as the bluegreenhook? #299

Closed
mrpackethead opened this issue Jan 17, 2021 · 2 comments
Closed

Can you create Certificates in the same stack as the bluegreenhook? #299

mrpackethead opened this issue Jan 17, 2021 · 2 comments

Comments

@mrpackethead
Copy link

I've used your code as the basis for another project, but run into a problem.

(https://github.com/aws-samples/aws-reinvent-2019-trivia-game/blob/master/trivia-backend/infra/cdk/ecs-service-blue-green.ts)

If i create the cert for the load balancer in the same stack as the bluegreen hook, cloudformation fails on updates.. ( it thinks theres a change in the cert )..

In your code you've imported the cert from an existing one.

I wonder if you've tryed to create a cert in the same stack. I raised a support ticket, and the support engineer found an internal aws ticket about this issue, but its not very clear...

This was the errors i got from CF.

2021-01-17 19:41:55 UTC+1300	TaskCertificateechoserverdevcontactappsnz2459CD99	UPDATE_FAILED	1 validation error detected: Value null at 'domainValidationOptions.1.member.validationDomain' failed to satisfy constraint: Member must not be null (Service: AWSCertificateManager; Status Code: 400; Error Code: ValidationException; Request ID: 07f4dd7a-743e-47e7-b102-7e49ee148dd6; Proxy: null)

2021-01-17 19:41:55 UTC+1300	TaskCertificateechoserverdevcontactappsnz2459CD99	UPDATE_IN_PROGRESS	Requested update requires the creation of a new physical resource; hence creating one.
Stack ID(s) / Stack ARN: arn:aws:cloudformation:ap-southeast-2:2xxxxxxxxxx4:stack/gnd-dev-ApplicationStack/7ca8f4f0-5869-11eb-b947-0663c7d01c4a
@clareliguori
Copy link
Member

I haven't tried with the blue-green hook specifically, but another part of this project uses the CDK to create DNS-validated certificates:
https://github.com/aws-samples/aws-reinvent-2019-trivia-game/blob/master/static-site/cdk/static-site.ts#L35

The only thing I can think of is that I have seen issues in the past with case sensitivity in the CodeDeploy transform, where it can silently drop attributes in ECS resources that have the wrong casing according to the CloudFormation resource spec (even though CloudFormation itself accepts them). Example:
aws/aws-cdk#11465
Not sure why that would impact the certificate resource though, but worth checking the cdk synth output just in case.

@mrpackethead
Copy link
Author

I have done the same thing now, and placed the creation of the certificate in another stack (created by cdk), and referenced its arn.

Thanks for the heads up on the other issue. I'll feed that back into the support ticket. It does seem something odd is going on under the covers of the green/blue deploy..

@mrpackethead mrpackethead mentioned this issue Jan 19, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@clareliguori @mrpackethead