Getting error in adding SSL certificate in CloudFront using CloudFormation (needs to be specified)

Question

{
    "AWSTemplateFormatVersion" : "2010-09-09",
    "Parameters": {
    "AlternateDomainNames": {
        "Description": "CNAMEs (alternate domain names), if any, for the distribution. Example. test.codavel.com",
        "Type": "String",
        "Default": "test.example.com"
    }
},
    "Resources" : {
        "myDistribution" : {
            "Type" : "AWS::CloudFront::Distribution",
            "Properties" : {
                "DistributionConfig" : {
                    "Origins" : [ {
                            "DomainName" : "ELBfor-1234.region.elb.amazonaws.com",
                            "Id" : "myCustomOrigin",
                            "CustomOriginConfig" : {
                                "HTTPPort" : "80",
                                "HTTPSPort" : "443",
                                "OriginProtocolPolicy" : "match-viewer",
                                "OriginSSLProtocols" : [
                            "TLSv1",
                            "TLSv1.1",
                            "TLSv1.2",
                            "SSLv3"
                        ]
                            }
                    } ],
                    "HttpVersion": "http2",
                 "Aliases": [
                   {
                    "Ref": "AlternateDomainNames"
                   }
                 ],
                    "Enabled" : "true",
                    "Comment" : "example-cdn",
                    "DefaultCacheBehavior" : {
                        "TargetOriginId" : "myCustomOrigin",
                        "SmoothStreaming" : "false",
                        "AllowedMethods": [
                            "HEAD",
                            "GET",
                            "OPTIONS"
                        ],
                         "MaxTTL": "31536000",
                         "MinTTL": "0",
                        "Compress" : "true",
                        "ForwardedValues" : {
                            "QueryString" : "false",
                            "Cookies" : { "Forward" : "all" }
                        },
                        "ViewerProtocolPolicy" : "allow-all"
                    },
                   "PriceClass" : "PriceClass_All",
                   "Restrictions" : {
                       "GeoRestriction": {
                            "RestrictionType": "none",
                            "Locations": []
                        }
                   },
                   "ViewerCertificate": { 
                     "SslSupportMethod": "sni-only",
                     "AcmCertificateArn" : {
            "Fn::Sub": "arn:aws:acm:us-east-1:<ID>:certificate/2345f-534234"
        }
}
                   }
                }
            }
        }
    }

Hi Team,

I am using this in my cloudfront template to add my custom SSL on that and it is showing me some error:- Exactly one of [AcmCertificateArn,CloudFrontDefaultCertificate,IamCertificateId] needs to be specified.

So please let me know how will i add this or if there is any option to add in parameter so that it will list that certificate. Please guide me for the same. This is my certificate ARN - arn:aws:acm:us-east-1::certificate/2345f-534234

Answer 1

ViewerCertificate block should look like this in your case:

"ViewerCertificate": {
        "SslSupportMethod": "sni-only",
        "AcmCertificateArn": " arn:aws:acm:us-east-1::certificate/2345f-534234"
}

Also what you should always take care is that certificate is provisioned in us-east1 region (yours is, based on the ARN :)