I am attempting to use the CloudFormation template for a new VPC and workload as provided within https://aws-quickstart.s3.amazonaws.com/quickstart-hashicorp-vault/doc/hashicorp-vault-on-the-aws-cloud.pdf to create a vault cluster. However, I am seeing the following:
VaultServerListener HTTPS CREATE_FAILED Certificate ARN '' is not valid (Service: AmazonElasticLoadBalancingV2; Status Code: 400; Error Code: ValidationError; Request ID: 650c7ca1-0abe-4bae-9b30-d114c220423d)
Based on your additional info, it seems that the error originates here:
VaultServerListenerHTTPS:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
Certificates:
- CertificateArn: !If [ CreateDns, !GetAtt "ACMCertificate.Outputs.ACMCertificate", !Ref ACMSSLCertificateArn ]
Your comments indicate that there is no ACM certificate setup. However, if you look at the code above, an ACM certificate must be provided.
Either you create your own ACM certificate and provide its arn in ACMSSLCertificateArn parameter, or let the template create one for you using this template.
For the ACM certificate, you need to have a custom domain, for example setup in Route53.