cdk-constructs icon indicating copy to clipboard operation
cdk-constructs copied to clipboard

Published 20 hours ago verified publisher icon cloudcomponents

StaticSiteAuthorization cannot exist in multiple stacks within same aws account

Open crawfobw opened this issue 3 years ago • 2 comments

I have a situation where I'd like to have multiple stacks in the same account & region so multiple developers can have their own independent stack, however StaticSiteAuthorization appears to create a resource that does not generate a different id based on the id of the StaticSiteAuthorization which causes ownership conflicts.

Error:

File "/home/.venv/lib/python3.8/site-packages/jsii/_runtime.py", line 83, in __call__
    inst = super().__call__(*args, **kwargs)
  File "/home/static_website/authenticated_site_stack.py", line 26, in __init__
    authorization = StaticSiteAuthorization(
  File "/home/.venv/lib/python3.8/site-packages/jsii/_runtime.py", line 83, in __call__
    inst = super().__call__(*args, **kwargs)
  File "/home/.venv/lib/python3.8/site-packages/cloudcomponents/cdk_cloudfront_authorization/__init__.py", line 2290, in __init__
    jsii.create(StaticSiteAuthorization, self, [scope, id, props])
  File "/home/.venv/lib/python3.8/site-packages/jsii/_kernel/__init__.py", line 275, in create
    response = self.provider.create(
  File "/home/.venv/lib/python3.8/site-packages/jsii/_kernel/providers/process.py", line 344, in create
    return self._process.send(request, CreateResponse)
  File "/home/.venv/lib/python3.8/site-packages/jsii/_kernel/providers/process.py", line 326, in send
    raise JSIIError(resp.error) from JavaScriptError(resp.stack)
jsii.errors.JSIIError: There is already a Construct with name 'EdgeRole' in Stack [lambda-at-edge-support-stack]

Declaration of StaticSiteAuthorization where suffix and app_domain vary by stack

StaticSiteAuthorization(
            self,
            id="{}-static-auth".format(suffix),
            user_pool=user_pool,
            identity_providers=identity_providers,
            oauth_scopes=[aws_cognito.OAuthScope.EMAIL,
                          aws_cognito.OAuthScope.PROFILE,
                          aws_cognito.OAuthScope.OPENID],
            sign_out_url="https://{}/logout".format(app_domain),
        )

crawfobw avatar Apr 08 '21 19:04 crawfobw

@crawfobw I suspect it has something to do with the cdk-lambda-at-edge-pattern construct. A stack for the EdgeLambdas is created there in the background. How is your app structured exactly?

app:

  • stack1 - staticsite1
  • stack2 - staticsite2
  • ...

hupe1980 avatar Apr 12 '21 18:04 hupe1980

We have one static site stack for each team member within the app

crawfobw avatar Apr 14 '21 22:04 crawfobw