Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use Stack ID for OriginAccessControl.Name property #69

Merged
merged 4 commits into from
Sep 21, 2023
Merged

Use Stack ID for OriginAccessControl.Name property #69

merged 4 commits into from
Sep 21, 2023

Conversation

ConnorKirk
Copy link
Contributor

@ConnorKirk ConnorKirk commented Sep 19, 2023
edited
Loading

Issue #, if available:
Fixes #67 and #66

Description of changes:

  • Add link to github repo in template description.
  • Use the Stack ID for the OriginAccessControl.Name property

The template fails to deploy when the stack name is longer than 64 characters. The OriginAccessControlConfig resource fails to create, with a generic InvalidRequest error. The Name property has. a max length of 64 characters.

The OriginAccessControlConfig.Name property was set to !Sub oac-${AWS::StackName}-${AWS::Region}'. For sufficiently long stack names (including the default stack name), this triggered the bug described above.

OriginAccessControlConfigresources must have a unique name across all regions for an account. To ensure this, theName` property was derived from both the StackName and Region. The max length of a stack name is 128 characters. This is longer than the 64 characters allowed by the OACConfig Name property.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@ConnorKirk ConnorKirk requested a review from a team as a code owner September 19, 2023 14:37
svozza
svozza reviewed Sep 21, 2023
View reviewed changes
templates/cloudfront-site.yaml Outdated
Name: !Sub 'oac-${AWS::StackName}'
# Get a unique ID for the OAC Config name.
# Name must be unique within account
Name: !Select [2, !Split ['/', !Ref 'AWS::StackId']]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You might want to put some indication of what application owns the OAC so customers can tell at a glance in the console.

Name: !Sub 
  - amzn-secure-static-site-${guid}
  - guid: !Select [2, !Split ['/', !Ref 'AWS::StackId']]

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great idea!

@ConnorKirk ConnorKirk changed the title Fix origin access config name length issue Use Stack ID for OriginAccessControl.Name property Sep 21, 2023
@ConnorKirk ConnorKirk force-pushed the fix-origin-access-config-name-length-issue branch from 1a76f1d to d861ec0 Compare September 21, 2023 13:45
@ConnorKirk ConnorKirk merged commit 0982d8f into master Sep 21, 2023
1 check passed
@ConnorKirk ConnorKirk deleted the fix-origin-access-config-name-length-issue branch September 21, 2023 13:53
@ConnorKirk ConnorKirk mentioned this pull request Sep 21, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@svozza svozza svozza approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

The following resource(s) failed to create: [OriginAccessControl]
2 participants
@ConnorKirk @svozza