aws-cdk icon indicating copy to clipboard operation
aws-cdk copied to clipboard
verified publisher icon aws

cloudfront_origins: CloudFrontOriginAccessIdentity is creating in the s3 stack instead of the cloudfront stack)

Open mosestam97 opened this issue 1 year ago • 1 comments

Describe the bug

I am creating two stack: one is the s3 and one is for the cloudfront, what i am seeing is that even tho in my s3 stack i didnt reference anything for cloudfront, it will create a AWS::CloudFront::CloudFrontOriginAccessIdentity resources

Regression Issue

  • [ ] Select this option if this issue appears to be a regression.

Last Known Working CDK Version

2.138.0

Expected Behavior

the cloudfront components should be create within the cloudfront stack and not the s3 stack

Current Behavior

the AWS::CloudFront::CloudFrontOriginAccessIdentity is being created in the s3 stack

Reproduction Steps

s3 stack:

import aws_cdk as cdk
from constructs import Construct
import aws_cdk.aws_s3 as s3

class S3Stack(cdk.Stack):
    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        self.bucket = s3.Bucket(
            self,
            "DemoBucket",
            bucket_name="demo-cloudfront-s3-bucket",
            access_control=s3.BucketAccessControl.PRIVATE,
            block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
            removal_policy=cdk.RemovalPolicy.DESTROY,
            auto_delete_objects=True
        )

        cdk.CfnOutput(self, "BucketName", value=self.bucket.bucket_name)

cloudfront stack:

import aws_cdk as cdk
from constructs import Construct
import aws_cdk.aws_cloudfront as cloudfront
import aws_cdk.aws_cloudfront_origins as origins
import aws_cdk.aws_s3 as s3

class CloudFrontStack(cdk.Stack):
    def __init__(self, scope: Construct, construct_id: str, s3_bucket: s3.Bucket, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        distribution = cloudfront.Distribution(
            self,
            "DemoDistribution",
            default_behavior=cloudfront.BehaviorOptions(
                origin=origins.S3Origin(s3_bucket),
                viewer_protocol_policy=cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS
            )
        )

        cdk.CfnOutput(self, "DistributionDomainName", value=distribution.distribution_domain_name)

if I remove the cloudfront stack from my app file, the AWS::CloudFront::CloudFrontOriginAccessIdentity will not be create. however if both are within my app file it will create it

Possible Solution

I am thinking cdk read through the whole stacks file and figure the s3 will need the AWS::CloudFront::CloudFrontOriginAccessIdentity setting

Additional Information/Context

No response

CDK CLI Version

2.138.0

Framework Version

Python

Node.js Version

NA

OS

Linix

Language

Python

Language Version

Python 3.9.6

Other information

this is what my app file look like: import aws_cdk as cdk from stacks.s3_stack import S3Stack from stacks.cloudfront_stack import CloudFrontStack

app = cdk.App()

s3_stack = S3Stack(app, "DemoS3Stack") cloudfront_stack = CloudFrontStack(app, "DemoCloudFrontStack", s3_bucket=s3_stack.bucket)

app.synth()

mosestam97 avatar Aug 28 '24 05:08 mosestam97

This is because when S3Origin is created, it essentially creates an S3BucketOrigin with the bucket as its scope(details) and it has to be in the bucket stack per explained here.

pahud avatar Aug 28 '24 16:08 pahud

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

github-actions[bot] avatar Aug 30 '24 20:08 github-actions[bot]