Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use Origin Access Control #65

Merged
merged 3 commits into from
Aug 10, 2023
Merged

Conversation

ConnorKirk
Copy link
Contributor

@ConnorKirk ConnorKirk commented Aug 9, 2023

Issue #, if available:
#63

Description of changes:
Update CloudFront from using Origin Access Identity to Origin Access Control.

  • Test normal deployment
  • Test "upgrade deployment" of stack previously using OAI

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Swap from Origin Access Identity to Origin Access Control

Issue #63
@ConnorKirk ConnorKirk requested a review from a team as a code owner August 9, 2023 15:35
CloudFrontOriginAccessIdentityConfig:
Comment: !Sub 'CloudFront OAI for ${SubDomain}.${DomainName}'
OriginAccessControlConfig:
Name: !Sub 'oac-${AWS::StackName}'
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, this name needing to be unique account-wide caught me out before.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may want to include the region as well, since the OAC Name is global but stack names are scoped to a region. You can see an example of where this was a problem in awslabs/amazon-s3-find-and-forget@efc6889

I know this sample is currently authored to only support deploys in us-east-1, so the benefit would mostly be if that support was ever expanded, or for anyone cribbing/copying it as an example to their own templates.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea. I've added that.

The OAC name is unique across all
regions in an account.
A stackname is not unique across all regions in an account.
Combining with the region overcomes this
@ConnorKirk ConnorKirk merged commit 40e0877 into master Aug 10, 2023
1 check passed
@ConnorKirk ConnorKirk deleted the feature/origin-access-control branch August 10, 2023 11:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants