AWS certificate manager empty `subjectAlternativeNames` with no alt domain.
AWS certificate manager gives an error if I try to deploy a single subdomain with no apex domain, like this:
This produced an error:
[ERROR] software.amazon.awssdk.services.acm.model.AcmException: 1 validation error detected: Value '' at 'subjectAlternativeNames' failed to satisfy constraint: Member must have length greater than or equal to 1 (Service: Acm, Status Code: 400, Request ID: …)
As a workaround the error could be suppressed by adding an alt domain:
We'll need to double-check the AWS SDK; we may have to put something in subjectAlternativeNames, wherever that is defined in the code.
This was simply a matter of declining to indicate certificate subject alternative names if there were none to indicate. The AWS SDK in general doesn't seem to like empty sets, and prefers that the consumer leave attributes unconfigured if the value is empty.