2021-09-03
// ... shared stack cdk code ...
const alb = new elbv2.ApllicationLoadBalancer(this, 'alb', { vpc })
const listener = alb.addListener('listener', {
open: true,
port: 443,
certificates: [
// a certificate for apis.gritts.dev
]
})
// ... service stack cdk code ...
const zone = HOSTED_ZONE // ... fetch your hosted zone
// Add an additional cert to the listener after the listener is created
// first create the new cert
const cert = new acm.Certificate(this, 'HuntNvCert', {
domainName: 'huntnv.apis.gritts.dev',
validation: acm.CertificateValidation.fromDns(zone)
})
// first method, caused cyclic reference error
props.listener.addCertificates('AnotherCert', [cert])
// second method, worked
const listenerCert = new elbv2.ApplicationListenerCertificate(this, 'HuntNvListenerCert', {
listener: props.listener,
certificates: [cert]
})
I'm experimenting moving all the DNS, listener, and CloudFront resource creation to indivdual service stacks. That way each service stach is self contained. It creates all its own resources. This also means that the shared infrastructure doesn't need to know all the domain names, listener targets, and CloudFront distributions before hand.
Important note, this is all based upon using multiple stacks to build the infrastructure.
My first attempt was to use the listener.addCertificates (docs) method provided by the ApplicationListener construct (docs). Unfortunately this thows a cyclic reference error. I can't tell you why.
Closer inspection of the documentation shows another method to attach additional certificates to a listener with the ApplicationListenerCertificate construct (docs). This does work and deploys correctly as intended.
mitchell@gritts.me
Built by me. Writing and images are my original work unless otherwise noted. Please attribute this site when sharing.
This content served from this URL (mitchell.gritts.net) is licensed with the Unlicense. Content served from other URLs may have other licenses. The repo is currently private while I actively build out the site.