Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_certificatemanager: validating certificate cross account #29645

Closed
andreprawira opened this issue Mar 29, 2024 · 3 comments
Closed

aws_certificatemanager: validating certificate cross account #29645

andreprawira opened this issue Mar 29, 2024 · 3 comments
Assignees
@khushail
Labels
@aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@andreprawira
Copy link

Describe the bug

I have 2 accounts, standard and gov cloud. What i'm trying to do is to create a public hosted zone in standard account and generate a public certificate in gov cloud. I will validate the certificate by bringing its CNAME to the hosted zone. However, i'm confused how can i export the hosted zone id cross account.

Below is the hosted zone stack code

class HostedZoneStack(Stack):
    def __init__(
        self, scope: Construct, construct_id: str,  **kwargs
    ) -> None:
        super().__init__(scope, construct_id, **kwargs)

        # Creating hosted zone
        hosted_zone = route53.HostedZone(
            self,
            "hosted-zone",
            zone_name="dev.keren.com",
        )

        # Creating parameter store to store hosted zone id 
        ssm.StringParameter(
            self,
            "hosted-zone-id",
            string_value=hosted_zone.hosted_zone_id,
            parameter_name="hosted-zone-id",
        )

Below is the acm stack code

class AcmStack(Stack):
    def __init__(
        self, scope: Construct, construct_id: str, **kwargs
    ) -> None:
        super().__init__(scope, construct_id, **kwargs)

        hosted_zone_id = ssm.StringParameter.from_string_parameter_name(
            self, "hosted-zone-id", string_parameter_name="hosted-zone-id"
        ).string_value

        # Importing hosted zone
        hosted_zone = route53.HostedZone.from_hosted_zone_attributes(
            self, "hosted-zone", hosted_zone_id=hosted_zone_id, zone_name="dev.keren.com"
        )

        # Creating a public certificate
        acm_cert = acm.Certificate(
            self,
            "cloudfront-certificate",
            domain_name="dev.keren.com",
            validation=acm.CertificateValidation.from_dns(hosted_zone),
        )

The problem with the code now is that it the parameter store that holds the hosted zone id is generated in standard account and i dont know how to read it from the gov cloud account. Any idea how can i do that or if theres a better method? Thanks

Expected Behavior

Able to validate certificate cross account

Current Behavior

Parameter store is generated in an account where the other account cant read it

Reproduction Steps

Please view the code above

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.131.0 (build 92b912d)

Framework Version

No response

Node.js Version

v18.18.0

OS

Windows

Language

Python

Language Version

Python 3.11.5

Other information

No response
@andreprawira andreprawira added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Mar 29, 2024
@github-actions github-actions bot added the @aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager label Mar 29, 2024
This was referenced Apr 1, 2024
Closed
Closed
Closed
@khushail khushail added the investigating This issue is being investigated and/or work is in progress to resolve the issue. label Apr 5, 2024
@khushail khushail self-assigned this Apr 5, 2024
@khushail khushail removed the needs-triage This issue or PR still needs to be triaged. label Apr 5, 2024
@khushail
Copy link
Contributor

khushail commented Apr 5, 2024
edited
Loading

Hi @andreprawira thanks for reaching out. looks like this issue is quite similar. This comment here also throws some light on the issue of cross-region /cross-account certificate usage.Please have a look and let us know.

@khushail khushail added p1 effort/medium Medium work item – several days of effort response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Apr 5, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 8, 2024

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Apr 8, 2024
@khushail khushail added p2 and removed p1 labels Apr 10, 2024
@github-actions github-actions bot added closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Apr 13, 2024
@aws-cdk-automation
Copy link
Collaborator

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

@aws aws locked as resolved and limited conversation to collaborators Jul 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@khushail khushail

Labels
@aws-cdk/aws-certificatemanager Related to Amazon Certificate Manager bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andreprawira @aws-cdk-automation @khushail