Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws_cloudfront): (typescript requirement for distributions outside of us-east-1 with certificate not documented) #32066

Closed
janelletavares opened this issue Nov 8, 2024 · 3 comments
Closed

(aws_cloudfront): (typescript requirement for distributions outside of us-east-1 with certificate not documented) #32066

janelletavares opened this issue Nov 8, 2024 · 3 comments
Assignees
@khushail
Labels
@aws-cdk/aws-cloudfront Related to Amazon CloudFront documentation This is a problem with documentation. p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@janelletavares
Copy link

Describe the issue

I am writing up my app in Typescript. I don't know if any other language has the same behavior or the same kind of documentation situation... I did not check.

I have created a certificate in us-east-1 as required, but a distribution in another region. I reference this certificate by ARN in the distribution stack. When I deploy that distribution, I don't see the alias or the certificate I requested, nor an error. Through trial and error, it seems like I needed to declare a dependency between the certificate stack and distribution stack in order to get this to work as intended. I'm able to refer to all kinds of resources by ARN in other stacks without declaring a dependency, so this is unexpected. If this is indeed the intended behavior, please document that a dependency between the stacks is required. If there is some kind of temporary state to the code and the dependency won't always be required, it would also help to document that.

Modifying the example in the overview, it would look like...

// not us-east-1
import * as acm from 'aws-cdk-lib/aws-certificatemanager';

export class CertStack extends cdk.Stack {
declare const hostedZone: route53.HostedZone;
const myCertificate = acm.Certificate.CertificateFromArn(this, 'mySiteCert', 'arn');

declare const myBucket: s3.Bucket;
new cloudfront.Distribution(this, 'myDist', {
  defaultBehavior: { origin: new origins.S3Origin(myBucket) },
  domainNames: ['www.example.com'],
  certificate: myCertificate,
}); 
}
// always us-east-1
import * as acm from 'aws-cdk-lib/aws-certificatemanager';
import * as route53 from 'aws-cdk-lib/aws-route53';

export class DistributionStack extends cdk.Stack {
declare const hostedZone: route53.HostedZone;
const myCertificate = new acm.Certificate(this, 'mySiteCert', {
  domainName: 'www.example.com',
  validation: acm.CertificateValidation.fromDns(hostedZone),
});
}
const cert = new CertStack(app, 'cert-id', us-east-1-env);
const dist = new DistributionStack(app, 'cert-id', not-us-east-1-env-with-cross-region-references);
dist.addDependency(cert);

Links

https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront-readme.html
@janelletavares janelletavares added documentation This is a problem with documentation. needs-triage This issue or PR still needs to be triaged. labels Nov 8, 2024
@github-actions github-actions bot added the @aws-cdk/aws-cloudfront Related to Amazon CloudFront label Nov 8, 2024
@khushail khushail added needs-reproduction This issue needs reproduction. p2 and removed needs-triage This issue or PR still needs to be triaged. labels Nov 12, 2024
@khushail khushail self-assigned this Nov 12, 2024
@khushail khushail added the investigating This issue is being investigated and/or work is in progress to resolve the issue. label Nov 12, 2024
@khushail
Copy link
Contributor

Hi @janelletavares , thanks for reaching out.
I noticed that for using cross-region certs, one must declare crossRegionReferences as true. Example given here in Reference but I did not find any mention of addDependency(). Have you tried setting the property and using it as mentioned in the example here. I found some online post about the cross-region certs with cloudfornt distribution, might be helpful.

@khushail khushail added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. needs-reproduction This issue needs reproduction. labels Nov 12, 2024
@janelletavares
Copy link
Author

Hi @khushail thanks for your response and the pointers. Somehow, I missed that this feature was experimental. Unfortunately, my code has been working inconsistently. The link between the distribution and the certificate were working temporarily, and then it stopped. No combinations of crossRegionReferences and addDependency is making it work again. So it seems my issue is more of a bug than missing documentation at this point.

@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 13, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@khushail khushail

Labels
@aws-cdk/aws-cloudfront Related to Amazon CloudFront documentation This is a problem with documentation. p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@janelletavares @khushail