From f3e430df93efea8ca46b5c4e17609edb5453d3e0 Mon Sep 17 00:00:00 2001
From: Jasmine Schladen <jschladen@netflix.com>
Date: Wed, 12 Feb 2025 16:02:44 -0800
Subject: [PATCH 1/2] Log warning when attaching cert fails

---
 lemur/plugins/lemur_aws/plugin.py | 52 +++++++++++++++++--------------
 1 file changed, 29 insertions(+), 23 deletions(-)

diff --git a/lemur/plugins/lemur_aws/plugin.py b/lemur/plugins/lemur_aws/plugin.py
index e3cdf79b78..48261ac157 100644
--- a/lemur/plugins/lemur_aws/plugin.py
+++ b/lemur/plugins/lemur_aws/plugin.py
@@ -32,8 +32,9 @@
 .. moduleauthor:: Mikhail Khodorovskiy <mikhail.khodorovskiy@jivesoftware.com>
 .. moduleauthor:: Harm Weites <harm@weites.com>
 """
-from os.path import join
 import sys
+from os.path import join
+
 from acme.errors import ClientError
 from flask import current_app
 from sentry_sdk import capture_exception
@@ -392,28 +393,33 @@ def update_endpoint(self, endpoint, certificate):
 
         # relies on the fact that region is included in DNS name
         region = get_region_from_dns(endpoint.dnsname)
-        if endpoint.type == "elbv2":
-            listener_arn = elb.get_listener_arn_from_endpoint(
-                endpoint.name,
-                endpoint.port,
-                account_number=account_number,
-                region=region,
-            )
-            elb.attach_certificate_v2(
-                listener_arn,
-                endpoint.port,
-                [{"CertificateArn": arn}],
-                account_number=account_number,
-                region=region,
-            )
-        elif endpoint.type == "elb":
-            elb.attach_certificate(
-                endpoint.name,
-                endpoint.port,
-                arn,
-                account_number=account_number,
-                region=region,
-            )
+        try:
+            if endpoint.type == "elbv2":
+                listener_arn = elb.get_listener_arn_from_endpoint(
+                    endpoint.name,
+                    endpoint.port,
+                    account_number=account_number,
+                    region=region,
+                )
+                elb.attach_certificate_v2(
+                    listener_arn,
+                    endpoint.port,
+                    [{"CertificateArn": arn}],
+                    account_number=account_number,
+                    region=region,
+                )
+            elif endpoint.type == "elb":
+                elb.attach_certificate(
+                    endpoint.name,
+                    endpoint.port,
+                    arn,
+                    account_number=account_number,
+                    region=region,
+                )
+        except Exception as e:
+            current_app.logger.warning(
+                f"Error attaching certificate to endpoint named {endpoint.name} on port {endpoint.port} in account {account_number} and region {region}: {e}")
+            raise e
 
     def clean(self, certificate, options, **kwargs):
         account_number = self.get_option("accountNumber", options)

From a496fa38673e4c051ee8897821f52a13195ac121 Mon Sep 17 00:00:00 2001
From: Jasmine Schladen <jschladen@netflix.com>
Date: Wed, 12 Feb 2025 16:03:18 -0800
Subject: [PATCH 2/2] Add ID

---
 lemur/plugins/lemur_aws/plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/plugins/lemur_aws/plugin.py b/lemur/plugins/lemur_aws/plugin.py
index 48261ac157..6973e8c5ca 100644
--- a/lemur/plugins/lemur_aws/plugin.py
+++ b/lemur/plugins/lemur_aws/plugin.py
@@ -418,7 +418,7 @@ def update_endpoint(self, endpoint, certificate):
                 )
         except Exception as e:
             current_app.logger.warning(
-                f"Error attaching certificate to endpoint named {endpoint.name} on port {endpoint.port} in account {account_number} and region {region}: {e}")
+                f"Error attaching certificate to endpoint named {endpoint.name} (ID {endpoint.id}) on port {endpoint.port} in account {account_number} and region {region}: {e}")
             raise e
 
     def clean(self, certificate, options, **kwargs):