This plugin creates a certificate in the region of the CloudFormation stack. Our region is eu-central-1, which means this is where it gets created.
The problem is that AWS requires certificates for the CloudFront always to be located in us-east-1, and in this situation the stack will fail with error:
Resource handler returned message: "Invalid request provided: Certificate must be in us-east-1. (Service: AppSync, Status Code: 400)
Understandably this plugin can't access regions other than the one in which the CloudFormation stack is. As a result, I don't think that the custom domain certificate generation feature could work in any other region than us-east-1.
We've resolved this by generating a certificate manually and referencing it using domain.certificateArn configuration.
It would probably make sense to make that clear in the documentation.
This plugin creates a certificate in the region of the CloudFormation stack. Our region is
eu-central-1, which means this is where it gets created.The problem is that AWS requires certificates for the CloudFront always to be located in
us-east-1, and in this situation the stack will fail with error:Understandably this plugin can't access regions other than the one in which the CloudFormation stack is. As a result, I don't think that the custom domain certificate generation feature could work in any other region than
us-east-1.We've resolved this by generating a certificate manually and referencing it using
domain.certificateArnconfiguration.It would probably make sense to make that clear in the documentation.