Hi, I’m trying to create an aws network load balancer that attachs to some certificates in ACM. When running terraform I’m getting this error when setting up the default certificate:
module.swarm_cluster.module.network_lb.aws_lb_listener.listener-https-certs[0]: Still creating... [5m0s elapsed]
Error: Error creating LB Listener: CertificateNotFound: Certificate 'arn:aws:acm:us-east-2:828535259631:certificate/7632c411-02b1-4ac3-ad3c-c3de09b5b212' not found
status code: 400, request id: 7a48106e-beff-4c62-a441-a31154470e6d
But the certificate does exists, I can get it using aws acm cli:
$ aws acm get-certificate --region us-east-2 --profile work --certificate-arn arn:aws:acm:us-east-2:828535259631:certificate/7632c411-02b1-4ac3-ad3c-c3de09b5b212
2b1-4ac3-ad3c-c3de09b5b212
{
"Certificate": "-----BEGIN CERTIFICATE-----
...
This is the load balancer listener code:
resource "aws_lb_listener" "listener-https-certs" {
count = var.attach_certificates ? 1 : 0
load_balancer_arn = aws_lb.load_balancer.arn
port = 443
protocol = "TLS"
certificate_arn = "arn:aws:acm:us-east-2:828535259631:certificate/7632c411-02b1-4ac3-ad3c-c3de09b5b212"
default_action {
target_group_arn = aws_lb_target_group.tg-https.arn
type = "forward"
}
}
The terraform apply output for that resource:
# module.swarm_cluster.module.network_lb.aws_lb_listener.listener-https-certs[0] will be created
+ resource "aws_lb_listener" "listener-https-certs" {
+ arn = (known after apply)
+ certificate_arn = "arn:aws:acm:us-east-2:828535259631:certificate/7632c411-02b1-4ac3-ad3c-c3de09b5b212"
+ id = (known after apply)
+ load_balancer_arn = "arn:aws:elasticloadbalancing:us-east-2:828535259631:loadbalancer/net/nlb-prod/be5676851ad42121"
+ port = 443
+ protocol = "TLS"
+ ssl_policy = (known after apply)
+ default_action {
+ order = (known after apply)
+ target_group_arn = "arn:aws:elasticloadbalancing:us-east-2:828535259631:targetgroup/prod-nlb-tg-443/ba6e028afd6683a7"
+ type = "forward"
}
}
The curious thing is that this code was tested and working some weeks ago, the only thing different is that new certs were imported into ACM.
What could be making terraform think the certificate does not exist ?
full balancer code here: https://pastebin.com/aNh5F8sh