cloudfront example fails deployment #20962

ezrover · 2022-07-02T02:01:49Z

Describe the bug

The sample for adding a custom ResponseHeaderPolicy doesnt not work. Apply the example from

https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.ResponseHeadersPolicy.html

results in 6:52:43 PM | CREATE_FAILED | AWS::CloudFront::ResponseHeadersPolicy | dev2Respo...dersPolicy75419A62
Resource handler returned message: "Invalid request provided: AWS::CloudFront::ResponseHeadersPolicy" (RequestToken: ****, HandlerErrorCode: InvalidRequest)

Expected Behavior

Work as described in the document https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.ResponseHeadersPolicy.html

Current Behavior

results in 6:52:43 PM | CREATE_FAILED | AWS::CloudFront::ResponseHeadersPolicy | dev2Respo...dersPolicy75419A62
Resource handler returned message: "Invalid request provided: AWS::CloudFront::ResponseHeadersPolicy" (RequestToken: ****, HandlerErrorCode: InvalidRequest)

Reproduction Steps

build a simple cdk application with the sample from https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.ResponseHeadersPolicy.html

Possible Solution

No response

Additional Information/Context

"dependencies": {
"aws-cdk-lib": "^2.30.0",
"constructs": "^10.1.43",
"cff-tools": "0.6.0"
},
"devDependencies": {
"@types/aws-lambda": "^8.10.101",
"@types/jest": "^28.1.4",
"@types/node": "^17.0.23",
"@typescript-eslint/eslint-plugin": "^5.29.0",
"@typescript-eslint/parser": "^5.29.0",
"aws-cdk": "^2.30.0",
"aws-lambda": "^1.0.7",
"esbuild": "^0.14.48",
"eslint-config-airbnb-base": "^15.0.0",
"eslint-config-prettier": "^8.5.0",
"eslint-import-resolver-typescript": "^3.1.1",
"eslint-plugin-import": "^2.26.0",
"eslint-plugin-jest": "^26.5.3",
"eslint-plugin-prettier": "^4.2.1",
"jest": "^28.1.2",
"prettier": "^2.7.1",
"ts-jest": "^28.0.5",
"ts-node": "^10.8.1",
"typescript": "^4.7.4",

"@aws-cdk/assert": "2.30.1"

}

CDK CLI Version

"aws-cdk": "^2.30.0",

Framework Version

No response

Node.js Version

v17.9.0

OS

Mac

Language

Typescript

Language Version

4.7.4

Other information

import * as iam from 'aws-cdk-lib/aws-iam';
import * as s3 from 'aws-cdk-lib/aws-s3';
import * as cdk from 'aws-cdk-lib';

import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';

import * as origins from 'aws-cdk-lib/aws-cloudfront-origins';
import * as wafv2 from 'aws-cdk-lib/aws-wafv2';

import * as acm from 'aws-cdk-lib/aws-certificatemanager';
import * as route53 from 'aws-cdk-lib/aws-route53';
import * as targets from 'aws-cdk-lib/aws-route53-targets';

The text was updated successfully, but these errors were encountered:

ezrover · 2022-07-03T14:59:59Z

@comcalvi I created a sample project for you to try https://github.com/ezrover/aws-cdk-ResponseHeadersPolicy-sample

peterwoodworth · 2022-07-07T17:50:51Z

The error CloudFormation is throwing here isn't helpful in determining what's actually wrong with the template, so it's hard to say if there's an actual error here.

What I think is happening is that you aren't replacing the dummy values in our example and CloudFormation is detecting this, or CloudFormation doesn't like some combination of values seen in the example. Could you try to deploy this with values that you'd realistically use and see if you're still running into errors?

ezrover · 2022-07-07T22:55:08Z

Hi Peter, thanks for your email, I updated https://github.com/ezrover/aws-cdk-ResponseHeadersPolicy-sample to remove the generic example headers and even tried to comment out corsBehavior and securityHeadersBehavior thus only leaving the shell : const myResponseHeadersPolicy = new cloudfront.ResponseHeadersPolicy(this, ` ${id}-MyPolicy`, { responseHeadersPolicyName: `${id}-MyPolicy`, comment: 'A default policy', }); but it still fails!!! Can you provide an actual working sample or repo on Github to reference?

…

On Thu, Jul 7, 2022 at 10:51 AM Peter Woodworth ***@***.***> wrote: The error CloudFormation is throwing here isn't helpful in determining what's actually wrong with the template, so it's hard to say if there's an actual error here. What I think is happening is that you aren't replacing the dummy values in our example and CloudFormation is detecting this, or CloudFormation doesn't like some combination of values seen in the example. Could you try to deploy this with values that you'd realistically use and see if you're still running into errors? — Reply to this email directly, view it on GitHub <#20962 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AALH3DA6OVFYTFK76VO7O2TVS4KINANCNFSM52OJR72Q> . You are receiving this because you authored the thread.Message ID: ***@***.***>

blimmer · 2022-08-09T19:55:30Z

You might be running into this issue I recently reported: #21524

peterwoodworth · 2022-08-09T22:46:46Z

It's possible these are separate issues. I'm unable to deploy just a minimal responseheaderspolicy with just a name. I'm reporting to cloudformation to implement better error handling

…ection (#31301) ### Issue # (if applicable) Closes #20962 ### Reason for this change Update the documentation to have a deployable example. ### Description of changes Set `modeBlock` to false when `reportUri` is set. You cannot specify a ReportUri when ModeBlock is true. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-xssprotection.html ### Description of how you validated changes Updated the tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

github-actions · 2024-09-04T15:25:38Z

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

…ection (aws#31301) ### Issue # (if applicable) Closes aws#20962 ### Reason for this change Update the documentation to have a deployable example. ### Description of changes Set `modeBlock` to false when `reportUri` is set. You cannot specify a ReportUri when ModeBlock is true. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-xssprotection.html ### Description of how you validated changes Updated the tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ection (#31301) ### Issue # (if applicable) Closes #20962 ### Reason for this change Update the documentation to have a deployable example. ### Description of changes Set `modeBlock` to false when `reportUri` is set. You cannot specify a ReportUri when ModeBlock is true. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-xssprotection.html ### Description of how you validated changes Updated the tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

ezrover added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 2, 2022

github-actions bot added the @aws-cdk/aws-cloudfront Related to Amazon CloudFront label Jul 2, 2022

github-actions bot assigned comcalvi Jul 2, 2022

peterwoodworth added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels Jul 7, 2022

peterwoodworth changed the title ~~(module name): (short issue description)~~ cloudfront example fails deployment Jul 7, 2022

github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Jul 8, 2022

peterwoodworth added the p2 label Aug 9, 2022

peterwoodworth unassigned comcalvi Aug 10, 2022

peterwoodworth added the effort/small Small work item – less than a day of effort label Aug 10, 2022

peterwoodworth self-assigned this Feb 15, 2023

peterwoodworth removed their assignment Oct 16, 2023

awslukeguan mentioned this issue Sep 3, 2024

docs(cloudfront): updates to CloudFront ResponseHeadersPolicy XSSProtection #31301

Merged

1 task

mergify bot closed this as completed in #31301 Sep 4, 2024

github-actions bot locked as resolved and limited conversation to collaborators Sep 4, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

cloudfront example fails deployment #20962

cloudfront example fails deployment #20962

ezrover commented Jul 2, 2022

ezrover commented Jul 3, 2022

peterwoodworth commented Jul 7, 2022

ezrover commented Jul 7, 2022 via email

blimmer commented Aug 9, 2022

peterwoodworth commented Aug 9, 2022

github-actions bot commented Sep 4, 2024