Hey everyone! I'm a student diving into AWS and I've stumbled upon a frustrating situation involving AWS Certificate Manager (ACM). I created an SSL certificate for my domain `api.railradar.in`, but later noticed unexpected charges of around **$15**. I wasn't aware that certificates could incur costs, especially since I've been used to free SSL options like Cloudflare without any setup fee warnings.
Now, I'm trying to delete this certificate, but I keep getting the message that it's "in use" and citing a resource related to API Gateway, specifically `arn:aws:apigateway:ap-south-1::/domainnames/api.railradar.in`. The problem is, I can't find any custom domains in the API Gateway console or through the CLI - it's all showing up empty.
I've tried various debugging steps to investigate but no luck so far:
- Checked domain names and found nothing.
- Checked base path mappings with no success.
- When describing the certificate, the output still shows it's in use by the earlier-mentioned ARN, but it looks like that resource doesn't exist anymore.
As I'm testing and learning, the unexpected charges are stressing me out. I contacted AWS Support for help, but I'm wondering:
- Has anyone else encountered this kind of ghost API Gateway domain issue?
- Are there any workarounds besides waiting for AWS support to clean things up?
- How can I avoid surprise billing while I'm learning AWS?
Thanks for any advice or shared experiences!
2 Answers
It sounds like you might have accidentally created an exportable certificate, which isn’t necessary for your use with API Gateway. Remember, regular public certificates are free.
To check the associated resources, go into the ACM service on the AWS Management Console, find your certificate, and scroll to the bottom of the page. You should see any linked resources there. This should help you identify what's using the certificate. As for the billing, try setting up alerts through AWS Budgets to avoid surprises in the future!
I had a similar issue, and it turned out I had linked my domain incorrectly. Make sure to double-check your API settings!
You're not alone—it's uncommon, but ghost resources can happen in AWS. Since you're a student, AWS is usually very understanding about these kinds of mix-ups, so explaining your situation might help get those charges waived.
It’s worth mentioning that ACM certs are free unless they’re marked as exportable. Double-check your certificate type as well. AWS support is there to help, and they often take these mistakes into account, especially for students learning the platform!
I tried adding a domain for verification, but I didn't actually import it, and now I'm stuck too. It shows up on the cert page even after deleting from API Gateway.
AWS support is pretty approachable about these issues. Just reach out and explain; they can often help you out!
I checked the resources but didn't see them listed. I removed everything from API Gateway, yet the certificate still shows those links. Any idea how I can fix this?