Support multiple regions - particularly CloudFront certificates (via stacks?)

[0xdevalias]

Since CloudFormation is tied to a single region, if I want to deploy in somewhere like ap-southeast-2 then I'm unable to do things within the same template for a different region (eg. us-east-1). This becomes an issue when I want to create a certificate for a non-regional CloudFront distribution (which has to be created in us-east-1), certificates in non-regional API Gateway, etc.

I expect it would be possible to do this using stacks and exports (or manually.. of course), but not sure if/how I would do this in a 'SAM friendly' way.

If this is already possible, perhaps some documentation/an example of how to do this would be useful?

My current workaround is just to use regional certificates for API Gateway.

[txase]

We (https://stackery.io) use custom resources to provision CloudFront certificates in us-east-1 even if the stack is created elsewhere. It's probably overkill to include into SAM directly, but it's your best bet for doing non-us-east-1 stacks with CloudFront distributions.

Feel free to reach me at chase@stackery.io if you want any details about how we do it. Or feel free to try Stackery, see how we do it, and replicate the functionality yourself.

[0xdevalias]

I was actually thinking that the custom resource route was going to be the way to go given the current state of things, though haven’t invested the time to explore that/contrast against what a stack based deploy might look like.

[brettstack]

@0xdevalias one way to accomplish this is to have a CloudFormation stack in us-east-1 which creates your certificate, and then use Fn::ImportValue https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html to reference it in your stack in ap-southeast-2.

[0xdevalias]

That was what I was thinking as well.. though hadn't yet explored whether I could deploy an entire 'stack' in a single SAM deploy.