无法跨账户使用 Lambda 将 ACM Public 证书附加到 ALB 侦听器
Unable to attach ACM Public certificate with ALB Listener using Lambda across account
我正在使用来自主账户的 lambda 函数在 AWS 组织账户中创建 ACM public 证书,
创建 ACM 证书并附加侦听器的代码是:
resp_acm = client_acm.request_certificate(
DomainName='test.example.com',
ValidationMethod= 'DNS',
)
acm_arn = resp_acm['CertificateArn']
print(acm_arn)
resp_listener = client_elbv.create_listener(
Certificates=[
{
'CertificateArn': acm_arn,
},
],
DefaultActions=[
{
'Type': 'forward',
'TargetGroupArn': Target_group_arn,
},
],
LoadBalancerArn=alb_arn,
Port=443,
Protocol='HTTPS',
SslPolicy='ELBSecurityPolicy-2016-08',
)
但是我收到这个错误:
"errorMessage": "An error occurred (UnsupportedCertificate) when calling the CreateListener operation: The certificate
'arn:aws:acm:eu-west-2:xxxxxxxxx:certificate/675071212-cdd1-4gg5-9d49-6a89a47eee88' must have a fully-qualified domain name,
a supported signature, and a supported key size.",
任何人都请帮忙。主域在主账户中,正在为子域 aws 组织跨账户创建证书。
我已经解决了这个问题,在获得 ACM 证书后,您必须在等待一段时间后进行验证。您可以使用以下代码片段:
acm_arn = resp_acm['CertificateArn']
print(acm_arn)
time.sleep(10)
#describe acm certificate
acm_describe = client_acm.describe_certificate(
CertificateArn=acm_arn
)
name = acm_describe['Certificate']['DomainValidationOptions'][0]['ResourceRecord']['Name']
value = acm_describe['Certificate']['DomainValidationOptions'][0]['ResourceRecord']['Value']
#validating acm certificate using DNS
acm_validation = client_route53.change_resource_record_sets(
HostedZoneId=HostedZoneID,
ChangeBatch={
'Comment': 'DNS Validation',
'Changes': [
{
'Action': 'CREATE',
'ResourceRecordSet': {
'Name': name,
'Type': 'CNAME',
'TTL': 1800,
'ResourceRecords': [
{
'Value': value
},
],
}
},
]
}
)
#waiting for acm to get validated using dns
waiter = client_acm.get_waiter('certificate_validated')
waiter.wait(
CertificateArn=acm_arn,
WaiterConfig={
'Delay': 15,
'MaxAttempts': 80
}
)
time.sleep(10)
希望这也能解决您的问题。
我正在使用来自主账户的 lambda 函数在 AWS 组织账户中创建 ACM public 证书,
创建 ACM 证书并附加侦听器的代码是:
resp_acm = client_acm.request_certificate(
DomainName='test.example.com',
ValidationMethod= 'DNS',
)
acm_arn = resp_acm['CertificateArn']
print(acm_arn)
resp_listener = client_elbv.create_listener(
Certificates=[
{
'CertificateArn': acm_arn,
},
],
DefaultActions=[
{
'Type': 'forward',
'TargetGroupArn': Target_group_arn,
},
],
LoadBalancerArn=alb_arn,
Port=443,
Protocol='HTTPS',
SslPolicy='ELBSecurityPolicy-2016-08',
)
但是我收到这个错误:
"errorMessage": "An error occurred (UnsupportedCertificate) when calling the CreateListener operation: The certificate
'arn:aws:acm:eu-west-2:xxxxxxxxx:certificate/675071212-cdd1-4gg5-9d49-6a89a47eee88' must have a fully-qualified domain name,
a supported signature, and a supported key size.",
任何人都请帮忙。主域在主账户中,正在为子域 aws 组织跨账户创建证书。
我已经解决了这个问题,在获得 ACM 证书后,您必须在等待一段时间后进行验证。您可以使用以下代码片段:
acm_arn = resp_acm['CertificateArn']
print(acm_arn)
time.sleep(10)
#describe acm certificate
acm_describe = client_acm.describe_certificate(
CertificateArn=acm_arn
)
name = acm_describe['Certificate']['DomainValidationOptions'][0]['ResourceRecord']['Name']
value = acm_describe['Certificate']['DomainValidationOptions'][0]['ResourceRecord']['Value']
#validating acm certificate using DNS
acm_validation = client_route53.change_resource_record_sets(
HostedZoneId=HostedZoneID,
ChangeBatch={
'Comment': 'DNS Validation',
'Changes': [
{
'Action': 'CREATE',
'ResourceRecordSet': {
'Name': name,
'Type': 'CNAME',
'TTL': 1800,
'ResourceRecords': [
{
'Value': value
},
],
}
},
]
}
)
#waiting for acm to get validated using dns
waiter = client_acm.get_waiter('certificate_validated')
waiter.wait(
CertificateArn=acm_arn,
WaiterConfig={
'Delay': 15,
'MaxAttempts': 80
}
)
time.sleep(10)
希望这也能解决您的问题。