Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use Origin Access Control #65

Merged
merged 3 commits into from
Aug 10, 2023
Merged

Use Origin Access Control #65

merged 3 commits into from
Aug 10, 2023

Conversation

ConnorKirk
Copy link
Contributor

@ConnorKirk ConnorKirk commented Aug 9, 2023
edited
Loading

Issue #, if available:
#63

Description of changes:
Update CloudFront from using Origin Access Identity to Origin Access Control.

  • Test normal deployment
  • Test "upgrade deployment" of stack previously using OAI

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@ConnorKirk
Use Origin Access Control
2cdbbb6 
Swap from Origin Access Identity to Origin Access Control

Issue #63
@ConnorKirk ConnorKirk requested a review from a team as a code owner August 9, 2023 15:35
svozza
svozza reviewed Aug 9, 2023
View reviewed changes
templates/cloudfront-site.yaml Outdated
CloudFrontOriginAccessIdentityConfig:
Comment: !Sub 'CloudFront OAI for ${SubDomain}.${DomainName}'
OriginAccessControlConfig:
Name: !Sub 'oac-${AWS::StackName}'
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, this name needing to be unique account-wide caught me out before.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may want to include the region as well, since the OAC Name is global but stack names are scoped to a region. You can see an example of where this was a problem in awslabs/amazon-s3-find-and-forget@efc6889

I know this sample is currently authored to only support deploys in us-east-1, so the benefit would mostly be if that support was ever expanded, or for anyone cribbing/copying it as an example to their own templates.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea. I've added that.

@ConnorKirk
Bump version
5341430
@ConnorKirk
Add region to OriginAccessControl name
74fe81c 
The OAC name is unique across all
regions in an account.
A stackname is not unique across all regions in an account.
Combining with the region overcomes this
@ConnorKirk ConnorKirk merged commit 40e0877 into master Aug 10, 2023
1 check passed
@ConnorKirk ConnorKirk deleted the feature/origin-access-control branch August 10, 2023 11:43
@thomasleplus thomasleplus mentioned this pull request Aug 23, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ctd ctd ctd left review comments

@svozza svozza svozza approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ConnorKirk @ctd @svozza