cdk-constructs
cdk-constructs copied to clipboard
Published
20 hours ago •
cloudcomponents
cloudcomponents
cdk v2 cdk-cloudfront-authorization missing httpHeaders
cdk-cloudfront-authorization is throwing the following error:
{
"errorType": "TypeError",
"errorMessage": "Cannot convert undefined or null to object",
"stack": [
"TypeError: Cannot convert undefined or null to object",
" at Function.entries (<anonymous>)",
" at asCloudFrontHeaders (/var/task/index.js:8518:19)",
" at getConfig (/var/task/index.js:8512:28)",
" at Runtime.handler (/var/task/index.js:14932:41)",
" at Runtime.handleOnce (/var/runtime/Runtime.js:66:25)"
]
}
Seems like due to config.httpHeaders being undefined.
configuration.json
{
"logLevel": "warn",
"redirectPathSignIn": "/parseauth",
"redirectPathAuthRefresh": "/refreshauth",
"redirectPathSignOut": "/",
"userPoolId": "###",
"clientId": "###",
"oauthScopes": [
"phone",
"email",
"profile",
"openid",
"aws.cognito.signin.user.admin"
],
"cognitoAuthDomain": "###",
"cookieSettings": {
"idToken": "Path=/; Secure; SameSite=Lax",
"accessToken": "Path=/; Secure; SameSite=Lax",
"refreshToken": "Path=/; Secure; SameSite=Lax",
"nonce": "Path=/; Secure; HttpOnly; SameSite=Lax"
},
"nonceSigningSecret": "N"
}
CDK
// BUCKET
const bucket = new s3.Bucket(this, "SiteBucket", {
bucketName: siteDomain,
blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
encryption: s3.BucketEncryption.S3_MANAGED,
enforceSSL: true,
removalPolicy: RemovalPolicy.RETAIN,
});
const userPool = aws_cognito.UserPool.fromUserPoolId(
this,
`${id}-userpool`,
aws_ssm.StringParameter.valueForStringParameter(this, "###")
);
const client = userPool.addClient(id + "-web-client", {
preventUserExistenceErrors: true,
enableTokenRevocation: true,
});
const authorization = new SpaAuthorization(this, "Authorization", {
userPool,
});
const originAccessIdentity = new cloudfront.OriginAccessIdentity(this, "OAI", {
comment: `OAI for ${siteDomain} website.`,
});
bucket.grantRead(originAccessIdentity);
const zone = aws_route53.HostedZone.fromHostedZoneAttributes(this, "Zone", {
hostedZoneId: hostedZoneId,
zoneName: route53ZoneName,
});
const distribution = new cloudfront.Distribution(this, `${id}-distribution`, {
domainNames: [siteDomain],
certificate: new acm.DnsValidatedCertificate(this, "SiteCertificate", {
domainName: siteDomain,
hostedZone: zone,
region: "us-east-1", // requirement for CloudFront
}),
defaultRootObject: "index.html",
defaultBehavior: authorization.createDefaultBehavior(
new aws_cloudfront_origins.S3Origin(bucket, { originAccessIdentity })
),
});
new aws_s3_deployment.BucketDeployment(this, `deploy-with-invalidation`, {
sources: [aws_s3_deployment.Source.asset("../ui/build")],
destinationBucket: bucket,
distribution: distribution,
distributionPaths: ["/*"],
serverSideEncryption: ServerSideEncryption.AES_256,
});
// Route53 alias record for the CloudFront distribution
new aws_route53.ARecord(this, "SiteAliasRecord", {
recordName: siteDomain,
target: aws_route53.RecordTarget.fromAlias(new aws_route53_targets.CloudFrontTarget(distribution)),
zone,
});
I confirm the issue is still present in v2.1.0.
I just upgraded from cloudcomponents.cdk-cloudfront-authorization==1.50.0 to cloudcomponents.cdk-cloudfront-authorization==2.1.0, and the python StaticSiteAuthorization construct does not accept the http_headers argument.
authorization = StaticSiteAuthorization(self, "Authorization",
user_pool=user_pool,
identity_providers=[_cognito.UserPoolClientIdentityProvider.custom("SSO")],
http_headers= cdn_http_headers if cdn_http_headers else None
)
and this is the error I get:
Many thanks for any help you may provide.
