Search code examples
aws-api-gatewayterraformterraform-provider-aws

Cannot import certificates for EDGE while REGIONAL is active


I am trying to use a certificate issued in eu-central-1 for my apigateway which is regional and works in the same region.

My terraform code is as follows:

//ACM Certificate

provider "aws" {
  region = "eu-central-1"
  alias = "eu-central-1"
}

resource "aws_acm_certificate" "certificate" {
  provider = "aws.eu-central-1"
  domain_name       = "*.kumite.xyz"
  validation_method = "EMAIL"
}

//Apigateway

resource "aws_api_gateway_rest_api" "kumite_writer_api" {
  name = "kumite_writer_api"
  endpoint_configuration {
    types = ["REGIONAL"]
  }
}

resource "aws_api_gateway_domain_name" "domain_name" {
  certificate_arn = aws_acm_certificate.certificate.arn
  domain_name     = "recorder.kumite.xyz"
  endpoint_configuration {
    types = ["REGIONAL"]
  }
}

Unfortunately, I constantly get this error:

Error: Error creating API Gateway Domain Name: BadRequestException: Cannot import certificates for EDGE while REGIONAL is active.

What I am missing here? I think my ApiGateway is not EDGE but REGIONAL so cannot find sense to the error...


Solution

  • Change certificate_arn to regional_certificate_arn.

    From documentation (emphasis mine):

    When referencing an AWS-managed certificate, the following arguments are supported:

    • certificate_arn - (Optional) The ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with certificate_name, certificate_body, certificate_chain, certificate_private_key, regional_certificate_arn, and regional_certificate_name.
    • regional_certificate_arn - (Optional) The ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with certificate_arn, certificate_name, certificate_body, certificate_chain, and certificate_private_key.