AWS certificate manager empty `subjectAlternativeNames` with no alt domain.

Description

AWS certificate manager gives an error if I try to deploy a single subdomain with no apex domain, like this:

This produced an error:

[ERROR] software.amazon.awssdk.services.acm.model.AcmException: 1 validation error detected: Value '[]' at 'subjectAlternativeNames' failed to satisfy constraint: Member must have length greater than or equal to 1 (Service: Acm, Status Code: 400, Request ID: …)

As a workaround the error could be suppressed by adding an alt domain:

We'll need to double-check the AWS SDK; we may have to put something in subjectAlternativeNames, wherever that is defined in the code.

Environment

None

Activity

Show:
Garret Wilson
May 17, 2020, 8:48 PM

This was simply a matter of declining to indicate certificate subject alternative names if there were none to indicate. The AWS SDK in general doesn't seem to like empty sets, and prefers that the consumer leave attributes unconfigured if the value is empty.

Assignee

Garret Wilson

Reporter

Garret Wilson

Labels

None

Components

Fix versions

Affects versions

Priority

Critical
Configure