-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support multiple regions - particularly CloudFront certificates (via stacks?) #565
Comments
We (https://stackery.io) use custom resources to provision CloudFront certificates in us-east-1 even if the stack is created elsewhere. It's probably overkill to include into SAM directly, but it's your best bet for doing non-us-east-1 stacks with CloudFront distributions. Feel free to reach me at chase@stackery.io if you want any details about how we do it. Or feel free to try Stackery, see how we do it, and replicate the functionality yourself. |
I was actually thinking that the custom resource route was going to be the way to go given the current state of things, though haven’t invested the time to explore that/contrast against what a stack based deploy might look like. |
@0xdevalias one way to accomplish this is to have a CloudFormation stack in us-east-1 which creates your certificate, and then use |
That was what I was thinking as well.. though hadn't yet explored whether I could deploy an entire 'stack' in a single SAM deploy. |
Since CloudFormation is tied to a single region, if I want to deploy in somewhere like
ap-southeast-2
then I'm unable to do things within the same template for a different region (eg.us-east-1
). This becomes an issue when I want to create a certificate for a non-regional CloudFront distribution (which has to be created inus-east-1
), certificates in non-regional API Gateway, etc.I expect it would be possible to do this using stacks and exports (or manually.. of course), but not sure if/how I would do this in a 'SAM friendly' way.
If this is already possible, perhaps some documentation/an example of how to do this would be useful?
My current workaround is just to use regional certificates for API Gateway.
The text was updated successfully, but these errors were encountered: