Associating a custom domain with a different certificate - Amazon Redshift
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Associating a custom domain with a different certificate

In order to change the certificate association for a custom domain name, the following IAM permissions are required:

  • redshift:ModifyCustomDomainAssociation

  • acm:DescribeCertificate

As a best practice, we recommend attaching permissions policies to an IAM role and then assigning it to users and groups as needed. For more information, see Identity and access management in Amazon Redshift.

Use the following command to associate the custom domain with a different certificate. The ––custom-domain-name and custom-domain-certificate-arn arguments are mandatory. The ARN for the new certificate must be different than the existing ARN.

aws redshift modify-custom-domain-association ––cluster-id redshiftcluster ––custom-domain-name customdomainname ––custom-domain-certificate-arn certificatearn

The following sample shows how to associate the custom domain with a different certificate for an Amazon Redshift Serverless workgroup.

aws redshift-serverless modify-custom-domain-association ––workgroup-name redshiftworkgroup ––custom-domain-name customdomainname ––custom-domain-certificate-arn certificatearn

There is a maximum delay of 30 seconds before you can connect to the cluster. Part of the delay occurs as the Amazon Redshift cluster updates its properties, and there is some additional delay as DNS is updated. For more information about the API and each property setting, see ModifyCustomDomainAssociation.