Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[aws-cloudfront] Distribution Does Not Set ViewerCertificate SslSupportMethod When Using Certificate #9193

Closed
tneely opened this issue Jul 21, 2020 · 1 comment · Fixed by #9200
Closed

[aws-cloudfront] Distribution Does Not Set ViewerCertificate SslSupportMethod When Using Certificate #9193

tneely opened this issue Jul 21, 2020 · 1 comment · Fixed by #9200
Assignees
@njlynch @iliapolo
Labels
@aws-cdk/aws-cloudfront Related to Amazon CloudFront bug This issue is a bug. in-progress This issue is being actively worked on.

Comments

@tneely
Copy link
Contributor

tneely commented Jul 21, 2020

Per the CloudFormation documentation, if you specify an ACM certificate ARN, you must also specify values for MinimumProtocolVersion and SslSupportMethod. From testing, it appears like MinimumProtocolVersion is not actually required, but a stack using a Distribution with certificate will fail due to SslSupportMethod not being set.

aws-cdk/packages/@aws-cdk/aws-cloudfront/lib/distribution.ts

Line 160 in 63a00d3

viewerCertificate: this.certificate ? { acmCertificateArn: this.certificate.certificateArn } : undefined,

@tneely tneely changed the title Distribution Does Not Set ViewerCertificate SslSupportMethod When Using Certificate [aws-cloudfront] Distribution Does Not Set ViewerCertificate SslSupportMethod When Using Certificate Jul 21, 2020
@github-actions github-actions bot added the @aws-cdk/aws-cloudfront Related to Amazon CloudFront label Jul 21, 2020
@tneely tneely mentioned this issue Jul 21, 2020
Merged
@SomayaB SomayaB added in-progress This issue is being actively worked on. bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 22, 2020
@njlynch
Copy link
Contributor

njlynch commented Jul 22, 2020

Thanks for the bug report (and PR), @tneely!

I can confirm that MinimumProtocolVersion is not actually required, but agree it's reasonable to set a default as part of this change.

@njlynch njlynch self-assigned this Jul 22, 2020
@mergify mergify bot closed this as completed in #9200 Jul 22, 2020
mergify bot pushed a commit that referenced this issue Jul 22, 2020
@tneely
fix(cloudfront): Set MinimumProtocolVersion and SslSupportMethod when…
f99c327 
… specifying distribution certificate (#9200)

Per the CloudFormation documentation, if you specify an ACM certificate ARN, you must also specify values for
MinimumProtocolVersion and SslSupportMethod in AWS::CloudFront::Distribution ViewerCertificate. We are using
the recommended SslSupportMethod of "sni-only" and MinimumProtocolVersion of "TLSv1.2_2018."

Fixes: #9193

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label Jul 22, 2020
Chriscbr pushed a commit to Chriscbr/aws-cdk that referenced this issue Jul 23, 2020
@tneely @Chriscbr
fix(cloudfront): Set MinimumProtocolVersion and SslSupportMethod when…
70d25a5 
… specifying distribution certificate (aws#9200)

Per the CloudFormation documentation, if you specify an ACM certificate ARN, you must also specify values for
MinimumProtocolVersion and SslSupportMethod in AWS::CloudFront::Distribution ViewerCertificate. We are using
the recommended SslSupportMethod of "sni-only" and MinimumProtocolVersion of "TLSv1.2_2018."

Fixes: aws#9193

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
curtiseppel pushed a commit to curtiseppel/aws-cdk that referenced this issue Aug 11, 2020
@tneely
fix(cloudfront): Set MinimumProtocolVersion and SslSupportMethod when…
c26a040 
… specifying distribution certificate (aws#9200)

Per the CloudFormation documentation, if you specify an ACM certificate ARN, you must also specify values for
MinimumProtocolVersion and SslSupportMethod in AWS::CloudFront::Distribution ViewerCertificate. We are using
the recommended SslSupportMethod of "sni-only" and MinimumProtocolVersion of "TLSv1.2_2018."

Fixes: aws#9193

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@njlynch njlynch

@iliapolo iliapolo

Labels
@aws-cdk/aws-cloudfront Related to Amazon CloudFront bug This issue is a bug. in-progress This issue is being actively worked on.
Projects
None yet
Milestone
No milestone
4 participants
@njlynch @iliapolo @tneely @SomayaB