如何使用Cloud Formation用ACM证书配置CloudFront分配 [英] How to provision a CloudFront distribution with an ACM Certificate using Cloud Formation

问题描述

我正在尝试使用Cloud Formation在CloudFrontDistribution中设置证书。

I am attempting to set a certificate in my CloudFrontDistribution using Cloud Formation.

我的证书已通过证书管理器颁发。它已经被批准，并且我已经验证了证书可以通过CloudFront控制台直接进行手动配置。

My certificate has been issued via Certificate Manager. It has been approved, and I have validated that the certificate works by manual configuration directly through the CloudFront console.

在我的CloudFormation模板中，我尝试使用与证书中的证书关联的 Identifier 和 ARN 值IamCertificateId属性：

Within my CloudFormation template, I have attempted to use both the Identifier and ARN values associated with the certificate in the IamCertificateId property:

"ViewerCertificate" : {
  "IamCertificateId" : "********",
  "SslSupportMethod": "sni-only"
}

但是在两种情况下，我都会收到以下错误消息：

But in both cases I receive the following error:

The specified SSL certificate doesn't exist, isn't valid, or doesn't include a valid certificate chain.

阅读DistributionConfig复杂类型，看起来好像有一个'ACMCertificateArn'属性，但这似乎无法通过CloudFormation起作用。

Reading the docs for the DistributionConfig Complex Type it looks like there is a 'ACMCertificateArn' property, but this does not seem to work via CloudFormation.

任何帮助将不胜感激。

推荐答案

Cloudformation添加了此属性但没有记录。您可以像这样轻松使用：

Cloudformation added this property but it is not documented. You can use like this easily:

"ViewerCertificate": {
            "SslSupportMethod": "sni-only",
            "AcmCertificateArn": "CERTIFICATE_ARN"
}

请注意，证书必须在us-east-1地区创建，否则将不被接受。

Be aware that the certificate must be created in us-east-1 region, if not it won't be accepted.

这篇关于如何使用Cloud Formation用ACM证书配置CloudFront分配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！