DnsValidatedCertificate: Tokens in the hostedZone property breaks cdk synth #6133
Labels
@aws-cdk/aws-certificatemanager
Related to Amazon Certificate Manager
bug
This issue is a bug.
effort/small
Small work item 鈥撀爈ess than a day of effort
in-progress
This issue is being actively worked on.
p1
馃悰 Bug Report
For the DnsValidatedCertificate construct, tokens within the
hostedZone
property break thecdk synth
with the following error:Ideally, the validation done in the construct should take into account tokens and not try to validate the string value of the token since, well, that is useless since it will always end up being something like
${Token[Default.Parameter.Value.1371]}
opposed to the domain you would expect.Background
We have our Route53 hosted zone deployed in
us-east-1
. However, we run a global service and need to be able to reference the hosted zone from any region to be able to do things like creating certificates, creating region-specific CNAMES, etc.With that and to get past the inability to import values directly, we write the hosted zone id and name into SSM's parameter store using the StringParameter construct.
Then, whenever we need the
IHostedZone
reference, we leverage a custom resource (SSMParameterReader
) that enables us to read parameters stored in whatever region we specify.Using that custom resource, we can then read the hosted zone id/name and HostedZone.fromHostedZoneAttributes method.
With this, we can then use the
hostedZone
like it was deployed locally. We have used this extensively for creating CNAMES and aliases in the hosted zone from any region but we ran into issues whenever we tried to use theDnsValidatedCertificate
since it's validation logic doesn't take into account tokens which are what the output of custom resources get referenced as.Environment
1.20.0
The text was updated successfully, but these errors were encountered: