- Newest
- Most votes
- Most comments
These ARNs may belong to ALBs created by regional API Gateway endpoints.
https://docs.aws.amazon.com/acm/latest/userguide/troubleshoot-apigateway.html
Hello,
You cannot delete an ACM certificate that is being used by another AWS service. To delete a certificate that is in use, you must first remove the certificate association. This is done using the console or CLI for the associated service. Open the ACM console at https://console.aws.amazon.com/acm/
Link- https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-delete.html
Similarly, defining a custom endpoint for your domain in Amazon ElasticSearch Service (Amazon ES) creates an Application Load Balancer. The Application Load Balancer is owned by the ElasticSearch service, not by your account. The ACM certificate provided with creating the custom endpoint is associated with the Application Load Balancer.
The below link will help you locate the certificate: https://aws.amazon.com/premiumsupport/knowledge-center/acm-certificate-resources/
Gathering details about the specific certificate might also be of use, and that can be done by following this link: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-describe.html
Hope this helps. Thanks for reaching out.
Upon further research, the ARNs are Gateway API regional endpoints using AWS system accounts, for example: arn:aws:elasticloadbalancing:us-east-1:392220576650:loadbalancer/app/prod-iad-1-cdtls-1-2-626/b90fa9e7c54b1b67
My Gateway APIs in that region do NOT use this cert for custom domains.
How can I determine if these are references to deleted or extant APIs? The cert expires soon, so I want to avoid things breaking when it does.
If they do reference deleted APIs, how can I remove the cert?
Thanks, Sean
Relevant content
- Accepted Answerasked 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 21 days ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago