Stack creation fails in existing VPC
Closed this issue · 2 comments
I seem to be getting the exact same error when attempting to deploy into our existing VPC. It appears to be an issue creating the ACM certificate. Manually creating the certificate and then defining it also results in the same error.
Values used:
Key | Value
ACMSSLCertificateArn | -
AccessCIDR | 0.0.0.0/0
BastionSecurityGroupID | sg-09346cbab09740be0
DomainName |
HostedZoneID | Z2K7DBB4T367G1
KeyPairName | vault-cluster
LoadBalancerType | Internal
PrivateSubnet1ID | subnet-ff21da88
PrivateSubnet2ID | subnet-6956f30c
PrivateSubnet3ID | subnet-e20f14a4
PublicSubnet1ID | subnet-fc21da8b
PublicSubnet2ID | subnet-7956f31c
PublicSubnet3ID | subnet-e80f14ae
QSS3BucketName | aws-quickstart
QSS3BucketRegion | us-east-1
QSS3KeyPrefix | quickstart-hashicorp-vault/
VPCCIDR | 10.50.0.0/16
VPCID | vpc-51e62f34
VaultAMIOS | CIS-Ubuntu-1604-HVM
VaultClientNodes | 0
VaultClientRoleName | vault
VaultInstanceType | m5.large
VaultKubernetesCertificate | -
VaultKubernetesEnable | FALSE
VaultKubernetesHostURL | https://192.168.99.100:8443
VaultKubernetesJWT | -
VaultKubernetesNameSpace | default
VaultKubernetesPolicies | default
VaultKubernetesRoleName | kube-auth-role
VaultKubernetesServiceAccount | vault-auth
VaultNumberOfKeys | 5
VaultNumberOfKeysForUnseal | 3
VaultServerNodes | 5
VaultVersion | 1.4.0
Any assistance would be very appreciated.
I believe I can see the issue. The value for DomainName parameter was not specified. This is required since this provides the name to include for the ACM Certificate. I will add an issue to add up front Validation to enforce the use of DomainName and HostedZoneID.
If you have created the ACM Certificate yourself you should only specify ACMSSLCertificateArn and NOT specify DomainName and HostedZoneID.
Defining the ACMSSLCertificateArn without the DomainName and HostedZoneID corrected the error. Thanks for your assisstance.