ACM Certs and API GW Custom Domain -- AWS Bug

Question

Hi
This is a known issue but we customers cannot solve it without AWS support.
I have basic support on my AWS account and shouldn't require a premium for something beyond my remit and powers.

A while ago I created 2 Custom Domains in AWS API Gateway and associated them with 2 ACM certificates. All is going well so far.
Now, yesterday I removed both Custom Domains, but I cannot remove the ACM certificates as they are still associated to the internal LBs owned by AWS (AWS creates some internal infrastructure LB/Cloudfront to allow you having Custom Domains in API GW and there is NO way I can remove those AWS owned resources by myself.
I've read every single bit of documentation and everybody confirms that this is a known issue and we customers need AWS support helping us to remove those associated services.

Note: I've red all the posts around Repost and it's clearly a bug from AWS front.
Once again: I don't own the Associated LBs, are AWS owned and I not longer have Custom Domains in my API GW.

Snipset after running:

aws acm describe-certificate --certificate-arn xxxxxxxxxxx

`        "InUseBy": [
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az1-1-33/fa57f97d0668e571",
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az1-1-45/3f784cacb907ecad",
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az1-1-60/aee29144eb7ac8e3",
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az1-1-61/84b4da0b4176ccb2",
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az1-1-8/89d5fbb68293b9af",
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az2-1-18/29b54dce6ed3b532",
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az2-1-20/799edd39d1563729",
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az2-1-36/b19fa3bd406c55fb",
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az2-1-48/def42093e81b1c77",
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az2-1-51/d85bfe035469fb36",
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az3-1-19/4cdbd9ec822b6f87",
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az3-1-2/367b1ddcfadef3b6",
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az3-1-23/ff8d4f6564d75138",
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az3-1-6/bf9439cd276f2f1b",
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az3-1-62/266a9eb434ed12e1",
            "arn:aws:elasticloadbalancing:ap-southeast-1:xxxxxxxxxxxxxxx:loadbalancer/app/prod-sin-1-az3-1-7/81d7deccd82e85be"`

I don't own any of that. That's AWS owned.

Many thanks

Accepted Answer

Hello.

If it is an AWS bug, I think you can remove it by opening a case with AWS Support under "Account and billing" as an issue with your AWS account.  
You can inquire about "Account and billing" through AWS Support for the basic plan (free).  
https://docs.aws.amazon.com/awssupport/latest/user/case-management.html

The person who asked the URL below is in the same situation as you, but when he contacted AWS Support, he was able to delete it.  
https://repost.aws/ja/questions/QUD6O2O6z2QjelpBx6bcnBaA/cannot-delete-acm-certificate-due-to-uncontrollable-resource-associations

ACM Certs and API GW Custom Domain -- AWS Bug

Conteúdo relevante