Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

aws-certificatemanager: DnsValidatedCertificate instances throw on applyRemovalPolicy

See original GitHub issue

Describe the bug

Calling applyRemovalPolicy on DnsValidatedCertificate instances throws CfnResource error and fails to synthesize the stack.

Expected Behavior

Chosen retention policy should be applied to DnsValidatedCertificate created resources.

Current Behavior

Currently calling applyRemovalPolicy on DnsValidatedCertificate instance will throw

Error: Cannot apply RemovalPolicy: no child or not a CfnResource. Apply the removal policy on the CfnResource directly.
    at DnsValidatedCertificate.applyRemovalPolicy (/Users/ignotasmikalauskas/Projects/resq-infra/certificates/node_modules/aws-cdk-lib/core/lib/resource.ts:227:13)

Reproduction Steps

The error is thrown while attempting to run the following construct

import { Construct } from 'constructs';
import { DnsValidatedCertificate } from 'aws-cdk-lib/aws-certificatemanager';
import { RemovalPolicy } from 'aws-cdk-lib';
import { IHostedZone } from 'aws-cdk-lib/aws-route53';

export interface CertificateProps {
  hostedZone: IHostedZone;
  domainName: string;
  region: string;
}

export class Certificate extends Construct {
  constructor(scope: Construct, id: string, props: CertificateProps) {
    super(scope, id);

    const { domainName, region, hostedZone } = props;

    const certificate = new DnsValidatedCertificate(this, 'Certificate', {
      domainName: `*.${domainName}`,
      hostedZone,
      region
    });
    certificate.applyRemovalPolicy(RemovalPolicy.RETAIN);

   // ... business logic ...
  }
}

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.24.1 (build 585f9ca)

Framework Version

No response

Node.js Version

v16.14.0

OS

macOS Monterey 12.2.1

Language

Typescript

Language Version

3.9.7

Other information

No response

Issue Analytics

State:
Created a year ago
Reactions:2
Comments:6 (3 by maintainers)

Top GitHub Comments

3reactions

peterwoodworthcommented, Jun 7, 2022

This happens because the DnsValidatedCertificate doesn’t leverage the CfnCertificate resource, but rather utilizes a custom resource. As a result, custom resources can’t have removal policy set the same way as when using the CloudFormation resource directly.

We should call this out in the docs, and potentially support setting removal policy through the custom resource if possible

0reactions

github-actions[bot]commented, Sep 15, 2022

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

Top Results From Across the Web

class DnsValidatedCertificate (construct) · AWS CDK

A certificate managed by AWS Certificate Manager. Will be automatically validated using DNS validation against the specified Route 53 hosted zone.

@aws-cdk/aws-certificatemanager | Yarn - Package Manager

AWS Certificate Manager (ACM) handles the complexity of creating, storing, and renewing public and private SSL/TLS X.509 certificates and keys that protect ...

CDK DnsValidatedCertificate: Can create a certificate in a ...

For the sake of completeness, I'll post the easy answer here: use the Certificate class instead of DnsValidatedCertificate.

awscertificatemanager - Go Packages

AWS Certificate Manager (ACM) handles the complexity of creating, ... func NewDnsValidatedCertificate_Override(d DnsValidatedCertificate, scope constructs.