search

dflook / cloudformation-dns-certificate

Cloudformation DNS Validated Certificate Resource
MIT License
48 stars 13 forks source link

Using SubjectAlternativeNames causes unexpected behaviour #2

Closed sirhc9 closed 6 years ago

sirhc9 commented 6 years ago

Take the following example..

The lambda is unhappy because it appears to be looking for another HostedZoneId for *.mywebsite.com, however there isn't a documented location to put the next HostedZoneId or why it is needed since they would likely share the same zone.

"DomainValidationOptions":[
{
"DomainName":"mywebsite.com", "HostedZoneId":"123456789" } ], "DomainName":"mywebsite.com", "ValidationMethod":"DNS", "SubjectAlternativeNames":[
"*.mywebsite.com" ], "Tags":[
{
"Value":"Example Certificate", "Key":"Name" } ]

dflook commented 6 years ago

Hi, thanks for creating an issue.

Right now it needs a DomainValidationOptions entry for each of the DomainName and SubjectAlternativeNames. With multiple DomainValidationOptions your example would look like:

{
  "DomainValidationOptions": [
    {
      "DomainName": "mywebsite.com",
      "HostedZoneId": "123456789"
    },
    {
      "DomainName": "*.mywebsite.com",
      "HostedZoneId": "123456789"
    }
  ],
  "DomainName": "mywebsite.com",
  "ValidationMethod": "DNS",
  "SubjectAlternativeNames": [
    "*.mywebsite.com"
  ],
  "Tags": [
    {
      "Value": "Example Certificate",
      "Key": "Name"
    }
  ]
}

I agree this is a bug as it doesn't match the behaviour of AWS::CertificateManager::Certificate (which can just have DomainValidationOptions for the parent domain)

dflook commented 6 years ago

This should now work as expected

sirhc9 commented 6 years ago

Can you also please add documentation for this feature for both activation through the parent domain and multiple domains?

dflook commented 6 years ago

I've added some more examples to the readme.

sirhc9 commented 6 years ago

Love your work 👍