Hi
This is a known issue but we customers cannot solve it without AWS support.
I have basic support on my AWS account and shouldn't require a premium for something beyond my remit and powers.
A while ago I created 2 Custom Domains in AWS API Gateway and associated them with 2 ACM certificates. All is going well so far.
Now, yesterday I removed both Custom Domains, but I cannot remove the ACM certificates as they are still associated to the internal LBs owned by AWS (AWS creates some internal infrastructure LB/Cloudfront to allow you having Custom Domains in API GW and there is NO way I can remove those AWS owned resources by myself.
I've read every single bit of documentation and everybody confirms that this is a known issue and we customers need AWS support helping us to remove those associated services.
Note: I've red all the posts around Repost and it's clearly a bug from AWS front.
Once again: I don't own the Associated LBs, are AWS owned and I not longer have Custom Domains in my API GW.
Snipset after running:
aws acm describe-certificate --certificate-arn xxxxxxxxxxx
"InUseBy": [ "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az1-1-33/fa57f97d0668e571", "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az1-1-45/3f784cacb907ecad", "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az1-1-60/aee29144eb7ac8e3", "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az1-1-61/84b4da0b4176ccb2", "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az1-1-8/89d5fbb68293b9af", "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az2-1-18/29b54dce6ed3b532", "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az2-1-20/799edd39d1563729", "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az2-1-36/b19fa3bd406c55fb", "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az2-1-48/def42093e81b1c77", "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az2-1-51/d85bfe035469fb36", "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az3-1-19/4cdbd9ec822b6f87", "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az3-1-2/367b1ddcfadef3b6", "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az3-1-23/ff8d4f6564d75138", "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az3-1-6/bf9439cd276f2f1b", "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az3-1-62/266a9eb434ed12e1", "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az3-1-7/81d7deccd82e85be"
I don't own any of that. That's AWS owned.
Many thanks