New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support multiple regions - particularly CloudFront certificates (via stacks?) #565

Open
0xdevalias opened this Issue Sep 6, 2018 · 4 comments

Comments

Projects
None yet
3 participants
@0xdevalias
Copy link

0xdevalias commented Sep 6, 2018

Since CloudFormation is tied to a single region, if I want to deploy in somewhere like ap-southeast-2 then I'm unable to do things within the same template for a different region (eg. us-east-1). This becomes an issue when I want to create a certificate for a non-regional CloudFront distribution (which has to be created in us-east-1), certificates in non-regional API Gateway, etc.

I expect it would be possible to do this using stacks and exports (or manually.. of course), but not sure if/how I would do this in a 'SAM friendly' way.

If this is already possible, perhaps some documentation/an example of how to do this would be useful?

My current workaround is just to use regional certificates for API Gateway.

@txase

This comment has been minimized.

Copy link
Contributor

txase commented Sep 6, 2018

We (https://stackery.io) use custom resources to provision CloudFront certificates in us-east-1 even if the stack is created elsewhere. It's probably overkill to include into SAM directly, but it's your best bet for doing non-us-east-1 stacks with CloudFront distributions.

Feel free to reach me at chase@stackery.io if you want any details about how we do it. Or feel free to try Stackery, see how we do it, and replicate the functionality yourself.

@0xdevalias

This comment has been minimized.

Copy link

0xdevalias commented Sep 6, 2018

I was actually thinking that the custom resource route was going to be the way to go given the current state of things, though haven’t invested the time to explore that/contrast against what a stack based deploy might look like.

@brettstack

This comment has been minimized.

Copy link
Contributor

brettstack commented Sep 8, 2018

@0xdevalias one way to accomplish this is to have a CloudFormation stack in us-east-1 which creates your certificate, and then use Fn::ImportValue https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html to reference it in your stack in ap-southeast-2.

@0xdevalias

This comment has been minimized.

Copy link

0xdevalias commented Sep 8, 2018

That was what I was thinking as well.. though hadn't yet explored whether I could deploy an entire 'stack' in a single SAM deploy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment