search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.58k stars 3.88k forks source link

(certificatemanager): DnsValidatedCertificate: Tokens in the domainName property break cdk deploy #15925

Closed piotrekwitkowski closed 3 years ago

piotrekwitkowski commented 3 years ago

For the DnsValidatedCertificate construct, tokens within the domainName property break the cdk deploy with the following error:

Received response status [FAILED] from custom resource. Message returned: 1 validation error detected:
Value '{{resolve:secretsmanager:arn:aws:secretsmanager:eu-central-1:123456789012:secret:DOMAIN_NAME:SecretString:::}}'
at 'domainName' failed to satisfy constraint: Member must satisfy regular expression pattern:
^(\*\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$
(RequestId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

Reproduction Steps

// in stack
const hostedZone = HostedZone.fromHostedZoneAttributes(this, 'HostedZone', {
  hostedZoneId: hostedZoneId,
  zoneName: hostedZoneName
});

const domainNameSecret = Secret.fromSecretNameV2(this, 'DomainName', DOMAIN_NAME);
const domainName = domainNameSecret.secretValue.toString();

new DnsValidatedCertificate(this, 'Certificate', {
  hostedZone: hostedZone,
  domainName: domainName,
})

What did you expect to happen?

I wanted to get a (wildcard) certificate for my hosted zone and domain name and be able to use tokens for the domainName, the same way I'm using it for the hostedZoneId and hostedZoneName. There was a similar issue with hostedZone

What actually happened?

I got the error.

Environment

This is :bug: Bug Report

njlynch commented 3 years ago

Same issue as #15926, with the same resolution. (CloudFormation doesn't currently support dynamic references + custom resources).

github-actions[bot] commented 3 years ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.