我正在使用主帐户的lambda函数在AWS组织帐户中创建ACM公共证书,
创建ACM证书并附加监听器的代码为:
resp_acm = client_acm.request_certificate(
DomainName='test.example.com',
ValidationMethod= 'DNS',
)
acm_arn = resp_acm['CertificateArn']
print(acm_arn)
resp_listener = client_elbv.create_listener(
Certificates=[
{
'CertificateArn': acm_arn,
},
],
DefaultActions=[
{
'Type': 'forward',
'TargetGroupArn': Target_group_arn,
},
],
LoadBalancerArn=alb_arn,
Port=443,
Protocol='HTTPS',
SslPolicy='ELBSecurityPolicy-2016-08',
)
但是我得到这个错误:
"errorMessage": "An error occurred (UnsupportedCertificate) when calling the CreateListener operation: The certificate
'arn:aws:acm:eu-west-2:xxxxxxxxx:certificate/675071212-cdd1-4gg5-9d49-6a89a47eee88' must have a fully-qualified domain name,
a supported signature, and a supported key size.",
谁来帮帮我。主域在主帐户中,正在为子域aws组织跨帐户创建证书。
我已经修复了这个问题,在获得ACM证书后,你需要等待一段时间来验证。您可以使用以下代码片段:
acm_arn = resp_acm['CertificateArn']
print(acm_arn)
time.sleep(10)
#describe acm certificate
acm_describe = client_acm.describe_certificate(
CertificateArn=acm_arn
)
name = acm_describe['Certificate']['DomainValidationOptions'][0]['ResourceRecord']['Name']
value = acm_describe['Certificate']['DomainValidationOptions'][0]['ResourceRecord']['Value']
#validating acm certificate using DNS
acm_validation = client_route53.change_resource_record_sets(
HostedZoneId=HostedZoneID,
ChangeBatch={
'Comment': 'DNS Validation',
'Changes': [
{
'Action': 'CREATE',
'ResourceRecordSet': {
'Name': name,
'Type': 'CNAME',
'TTL': 1800,
'ResourceRecords': [
{
'Value': value
},
],
}
},
]
}
)
#waiting for acm to get validated using dns
waiter = client_acm.get_waiter('certificate_validated')
waiter.wait(
CertificateArn=acm_arn,
WaiterConfig={
'Delay': 15,
'MaxAttempts': 80
}
)
time.sleep(10)
希望这也能解决你的问题。