Skip to content

Cross-region resource sharing #8232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
IndikaUdagedara opened this issue May 27, 2020 · 5 comments
Closed

Cross-region resource sharing #8232

IndikaUdagedara opened this issue May 27, 2020 · 5 comments
Assignees
@skinny85
Labels
cross-stack Related to cross-stack resource sharing guidance Question that needs advice or information. needs-triage This issue or PR still needs to be triaged.

Comments

@IndikaUdagedara
Copy link

IndikaUdagedara commented May 27, 2020
edited
Loading

❓ General Issue

The Question

Within the same app how can you share resources from different regions?

My specific use case is: A Cloudfront distribution requiring a ACM certificate from us-east-1, which has a origin load-balancer in another region. i.e.

  • StackA (us-east-1) = Cloudfront + ACM
  • StackB (us-west-1) = load-balancer and other resources
  • load balancer DNS name needs to be passed from Stack B to A
    I could move Cloudfront to StackB but then I still have to pass certificate ARN from A to B. In both cases passed values don't have predictable names (DNS name/cert ARN) so can't think of a workaround (other than creating one stack first and copying the values by hand... )

When I try the above, I get the error:

Cross stack references are only supported for stacks deployed to the same environment or between nested stacks and their parent stack

Environment

  • CDK CLI Version: 1.41
  • Module Version: N/A
  • OS: all
  • Language: Typescript

Other information

There are couple of issues already posted (#7484, #7339) regarding cross-region/cross-account resource sharing within an app but couldn't find a solution to my problem. This could be a missing feature or unclear documentation.

The solution could be bit complicated if it's cross-account (due to having to create cross-account roles for example) but I feel there could be a simpler solution if the resources are in the same account. I was thinking about something like

  • a custom resource in stack B which writes values to be exported cross-region to a s3 bucket
  • a custom resource in stack A which reads from the same bucket

Would that work or is there another option? Appreciate guidance.
@IndikaUdagedara IndikaUdagedara added the needs-triage This issue or PR still needs to be triaged. label May 27, 2020
@SomayaB SomayaB added guidance Question that needs advice or information. cross-stack Related to cross-stack resource sharing labels May 27, 2020
@skinny85
Copy link
Contributor

Hey @IndikaUdagedara ,

thanks for opening the issue. In general, we only support cross account/region references when using conventional physical names. Unfortunately, if a resource does not allow you to set a physical name, things get difficult.

In this case, I wonder whether you couldn't use Route53 to give a well-known name to the LoadBalancer DNS, and kind of "simulate" a physical name that way?

@skinny85 skinny85 added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label May 27, 2020
@IndikaUdagedara
Copy link
Author

In this case, I wonder whether you couldn't use Route53 to give a well-known name to the LoadBalancer DNS, and kind of "simulate" a physical name that way?

Thanks @skinny85. That's good idea, I'll try that.

What about in other cases e.g. sharing a certificate ARN? What is the recommended approach?

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label May 28, 2020
@skinny85
Copy link
Contributor

In this case, I wonder whether you couldn't use Route53 to give a well-known name to the LoadBalancer DNS, and kind of "simulate" a physical name that way?

Thanks @skinny85. That's good idea, I'll try that.

What about in other cases e.g. sharing a certificate ARN? What is the recommended approach?

I don't know of a good way to do that unfortunately :/. Yes, you can write a custom resource that will read the output of the other stack in a cross region/account fashion, but then you're effectively hard-coding the name of the output, which is not great :/.

I wish I had better news in this case, but this is a problem that I've yet to see a great solution for.

@IndikaUdagedara
Copy link
Author

Thanks @skinny85 - I got it working with your suggestion. Hope CDK will provide this natively soon!

@dbartholomae dbartholomae mentioned this issue Jul 27, 2020
Open
@seanWLawrence
Copy link

I found this error when codeSigningConfiguration was setup on the edge function. Removing it worked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skinny85 skinny85

Labels
cross-stack Related to cross-stack resource sharing guidance Question that needs advice or information. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@skinny85 @IndikaUdagedara @SomayaB @seanWLawrence