My SAM stack delete has just failed because a Certificate cannot be deleted because it has an "associated resource" pointing to the Cloud Front distribution that I created in the same stack. The Cloud Front distribution has been marked as successfully deleted. It's already been 2 days and the Certificate still thinks there is an associated resource. Any ideas what to do in this scenario?
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
I'm facing the same issue, it's been 1 day already since I deleted the associated API gateway custom domain. The certificate still seems to be associated to some resources that does not exist in my account, this is what i see:
Associated resources (3)
arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-104/87ea7bd28e18ef45
arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-793/dd9eb9379f71a0ba
arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-862/56fc8591797a2875
This shown account id is not mine.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
i got the same problem. created a temp certificate for testing purpose, after i deleted the domain cname record and all other resources, ther cert still think it is associated with a cloudfront distribution arn:aws:cloudfront::474240146802:distribution/E1UDZSUB323PD4 facing the same problem as kevin, this is not my account id
Got same error for RestApi regional and custom domains today almost mid-2024. Looks like it was an issue 2 years and 6 months ago, some comments in December 2022 confirm still active issue. When AWS states they have no ETA, they really mean no ETA it could be 5 years or longer before it is resolved. Luckily if you have paid support, you can put a service ticket with an ETA for first contact at 3 business days, so maybe being resolved could be 1 week.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
As of 07/15/2024, the way to resolve this issue especially after deleting the associated custom Api-Gateway Domain and the Certificate still doesn't delete is to: reach out to AWS Support and request service to remove "Stale Associations" or "Dangling resources" in regards to ACM Certificates.
In my case, the associated ELBs (with their ARN that had a different account number from the Certificate-ARN with the issue) was successfully removed by the AWS internal team because those resources belonged to API gateway and was created by API gateway-Service.
Relevant content
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago