Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ApplicationLoadBalancer.addListener fails with "Up to '1' certificate ARNs can be specified, but '2' were specified" #3757

Closed
markusl opened this issue Aug 22, 2019 · 2 comments 路 Fixed by #4116
Closed

ApplicationLoadBalancer.addListener fails with "Up to '1' certificate ARNs can be specified, but '2' were specified" #3757

markusl opened this issue Aug 22, 2019 · 2 comments 路 Fixed by #4116
Assignees
@rix0rrr
Labels
@aws-cdk/aws-elasticloadbalancing Related to Amazon Elastic Load Balancing feature-request A feature should be added or improved.

Comments

@markusl
Copy link
Contributor

markusl commented Aug 22, 2019

馃悰 Bug Report

What is the problem?

ApplicationLoadBalancer.addListener fails with "Up to '1' certificate ARNs can be specified, but '2' were specified"

The certificateArns property is a list, but providing multiple certificates will cause a deployment failure.

Reproduction Steps


    const listener = loadBalancer
      .addListener(`${awsAppPrefix}HttpsListener`, {
        port: 443,
        // Use two certs
        certificateArns: certificates.map((cert) => cert.certificateArn),
        open: false,
      });

Environment

  • CDK CLI Version: 1.5.0
  • OS: Macbook
  • Language: TypeScript
@markusl markusl added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Aug 22, 2019
@markusl
Copy link
Contributor Author

markusl commented Aug 22, 2019

Workaround is to do something like this, but it's not very intuitive:

    const listener = loadBalancer
      .addListener(`${awsAppPrefix}HttpsListener`, {
        port: 443,
        certificateArns: [certificates[0].certificateArn],
        open: false,
      });

    new elbv2.ApplicationListenerCertificate(this, 'dd', {
      listener,
      certificateArns: certificates.map((cert) => cert.certificateArn),
    });

@rix0rrr rix0rrr added feature-request A feature should be added or improved. @aws-cdk/aws-elasticloadbalancing Related to Amazon Elastic Load Balancing and removed bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Aug 27, 2019
@rix0rrr
Copy link
Contributor

rix0rrr commented Aug 30, 2019

This is because the CloudFormation resource accepts an array that must have exactly one entry: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-certificates

The solution will be to take all certificates after the first (if any) and create ApplicationListenerCertificates for them automatically.

MrArnoldPalmer pushed a commit to MrArnoldPalmer/aws-cdk that referenced this issue Sep 17, 2019
fix(elasticloadbalancingv2): Allow Multiple Certificates on ALB Listener
ec2381c 
Fixes a cloudformation error when attaching multiple certificates to an alb listener. Cloudformation allows only a single certificate attached to the `LoadBalancer` resource. If multiple certificates are passed to the construct on initialization or through the `.addCertificateArns` method, separate `ListenerCertificate` resources are created for all after the first.

Closes [issue aws#3757](aws#3757)
@MrArnoldPalmer MrArnoldPalmer mentioned this issue Sep 17, 2019
Merged
MrArnoldPalmer pushed a commit to MrArnoldPalmer/aws-cdk that referenced this issue Sep 17, 2019
fix(elasticloadbalancingv2): Allow Multiple Certificates on ALB Listener
8fd47e5 
Fixes a cloudformation error when attaching multiple certificates to an alb listener. Cloudformation allows only a single certificate attached to the `LoadBalancer` resource. If multiple certificates are passed to the construct on initialization or through the `.addCertificateArns` method, separate `ListenerCertificate` resources are created for all after the first.

Closes [issue aws#3757](aws#3757)
@mergify mergify bot closed this as completed in #4116 Sep 19, 2019
mergify bot pushed a commit that referenced this issue Sep 19, 2019
@MrArnoldPalmer @mergify
fix(elbv2): allow multiple certificates on ALB listener (#4116)
d1f8e5c 
* fix(elasticloadbalancingv2): Allow Multiple Certificates on ALB Listener

Fixes a cloudformation error when attaching multiple certificates to an alb listener. Cloudformation allows only a single certificate attached to the `LoadBalancer` resource. If multiple certificates are passed to the construct on initialization or through the `.addCertificateArns` method, separate `ListenerCertificate` resources are created for all after the first.

Closes [issue #3757](#3757)

* PR Revisions
eladb pushed a commit that referenced this issue Sep 23, 2019
@MrArnoldPalmer
fix(elbv2): allow multiple certificates on ALB listener (#4116)
ca0ed5d 
* fix(elasticloadbalancingv2): Allow Multiple Certificates on ALB Listener

Fixes a cloudformation error when attaching multiple certificates to an alb listener. Cloudformation allows only a single certificate attached to the `LoadBalancer` resource. If multiple certificates are passed to the construct on initialization or through the `.addCertificateArns` method, separate `ListenerCertificate` resources are created for all after the first.

Closes [issue #3757](#3757)

* PR Revisions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rix0rrr rix0rrr

Labels
@aws-cdk/aws-elasticloadbalancing Related to Amazon Elastic Load Balancing feature-request A feature should be added or improved.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(elbv2): allow multiple certificates on ALB listener MrArnoldPalmer/aws-cdk
2 participants
@rix0rrr @markusl