Skip to main content

One post tagged with "IaC"

View All Tags

Worry-free AWS ACM certificate DNS validation with Pulumi

· 4 min read
Akhan Zhakiyanov
Lead engineer

Quite often I need to create AWS ACM certificate and do DNS validation using Pulumi.

Pulumi aws.acm.CertificateValidation DNS example only show basic and naive implementation:

  • hardcoded single domain validation ¯_(ツ)_/¯
  • will fail if you try to validated wildcard and apex domain simultaneously
* creating Route 53 Record: InvalidChangeBatch: [Tried to create resource record set [name='_f22110437fea5500aa0f8bf286aed7c7.howto.ahanoff.dev.', type='CNAME'] but it already exists]

Today I'll show how to create validation that works for any domain

note
  • I will use howto.ahanoff.dev domain as example
  • I will use Pulumi with Typescript

I will create AWS ACM certificate with the following conditions:

  • multi domain certificate
  • validates wildcard domain: *.howto.ahanoff.dev
  • validates apex domain: howto.ahanoff.dev