Merge pull request caktus#90 from caktus/dont-create-cloudfront-cert-if-arn-provided

Don't create a cloudfront certificate if an ARN is provided of one to…

Author: dpoirier

stack/assets.py

@@ -229,18 +229,36 @@
     assets_custom_domain_condition = "AssetsCloudFrontDomainCondition"
     template.add_condition(assets_custom_domain_condition, Not(Equals(Ref(assets_cloudfront_domain), "")))
 
+    assets_certificate_arn = template.add_parameter(
+        Parameter(
+            "AssetsCloudFrontCertArn",
+            Description="If (1) you specified a custom static media domain, (2) your stack is NOT in the us-east-1 "
+                        "region, and (3) you wish to serve static media over HTTPS, you must manually create an "
+                        "ACM certificate in the us-east-1 region and provide its ARN here.",
+            Type="String",
+        ),
+        group="Static Media",
+        label="CloudFront SSL Certificate ARN",
+    )
+    assets_certificate_arn_condition = "AssetsCloudFrontCertArnCondition"
+    template.add_condition(assets_certificate_arn_condition, Not(Equals(Ref(assets_certificate_arn), "")))
+
     # Currently, you can specify only certificates that are in the US East (N. Virginia) region.
     # http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributionconfig-viewercertificate.html
-    assets_custom_domain_and_us_east_1_condition = "AssetsCloudFrontDomainAndUsEast1Condition"
+    assets_create_certificate_condition = "AssetsCreateCertificateCondition"
     template.add_condition(
-        assets_custom_domain_and_us_east_1_condition,
-        And(Not(Equals(Ref(assets_cloudfront_domain), "")), Equals(Ref(AWS_REGION), "us-east-1"))
+        assets_create_certificate_condition,
+        And(
+            Not(Equals(Ref(assets_cloudfront_domain), "")),
+            Equals(Ref(AWS_REGION), "us-east-1"),
+            Equals(Ref(assets_certificate_arn), "")
+        )
     )
 
     assets_certificate = template.add_resource(
         Certificate(
             'AssetsCertificate',
-            Condition=assets_custom_domain_and_us_east_1_condition,
+            Condition=assets_create_certificate_condition,
             DomainName=Ref(assets_cloudfront_domain),
             DomainValidationOptions=[
                 DomainValidationOption(
@@ -251,20 +269,6 @@
         )
     )
 
-    assets_certificate_arn = template.add_parameter(
-        Parameter(
-            "AssetsCloudFrontCertArn",
-            Description="If (1) you specified a custom static media domain, (2) your stack is NOT in the us-east-1 "
-                        "region, and (3) you wish to serve static media over HTTPS, you must manually create an "
-                        "ACM certificate in the us-east-1 region and provide its ARN here.",
-            Type="String",
-        ),
-        group="Static Media",
-        label="CloudFront SSL Certificate ARN",
-    )
-    assets_certificate_arn_condition = "AssetsCloudFrontCertArnCondition"
-    template.add_condition(assets_certificate_arn_condition, Not(Equals(Ref(assets_certificate_arn), "")))
-
     # Create a CloudFront CDN distribution
     distribution = template.add_resource(
         Distribution(
@@ -275,7 +279,7 @@
                 # use the ACM certificate we created (if any), otherwise fall back to the manually-supplied
                 # ARN (if any)
                 ViewerCertificate=If(
-                    assets_custom_domain_and_us_east_1_condition,
+                    assets_create_certificate_condition,
                     ViewerCertificate(
                         AcmCertificateArn=Ref(assets_certificate),
                         SslSupportMethod='sni-only',