CloudFront defaultRootObject should not quietly default to index.html

[kennu]

• I'm submitting a ...

  • [x] :beetle: bug report

• What is the current behavior?

This really caught me by surprise. If you leave out the defaultRootObject property from CloudFront Distribution properties, AWS CDK quietly defaults it to 'index.html', which causes all kinds of weird problems.

For instance, when using a S3 bucket origin to redirect "www.example.org" to "example.org", this default causes the redirect Location header actually point to "example.org/index.html" which is not useful.

• What is the expected behavior (or behavior of feature suggested)?

I would suggest to remove the logic from https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-cloudfront/lib/web_distribution.ts#L559 which quietly defaults defaultRootObject to 'index.html'. This would allow the CDK Construct to work in the same way as CloudFormation, and by default just pass requests through CloudFront as they are.

This quiet default is also not documented in the CloudFrontWebDistribution Constructor Props section. You have to scroll down and read the entry about defaultRootObject to notice it at all. It's very easy to miss. If the default stays as it is, I would suggest to at least mention it clearly in the Constructor Props section.

• What is the motivation / use case for changing the behavior or adding this feature?

IMHO it's really best to let the Origin handle default documents according to its own logic and just let CloudFront pass requests through as they are. For instance, S3 website endpoints will handle default documents correctly for any subfolders, while the CloudFront defaultRootObject setting only affects the root folder and is not very useful in general.

• Please tell us about your environment:

  • CDK CLI Version: 1.2.0
  • Module Version: 1.2.0
  • OS: Ubuntu
  • Language: TypeScript

[NGL321]

Hi @kennu,

Thank you for reporting this. I did a quick investigation, and I agree this functionality is confusing, and doesnt align with the Cloudformation default. I have marked the issue as a "feature-request" because the code operates as intended, but its absolutely worth looking into if that functionality should change.

Someone will update this issue when there is movement! 😸

[garster]

This bug just caused hours of troubleshooting for me. I have CloudFront in front of API Gateway. I did not set the defaultRootObject since I did not want one and I kept receiving "Missing Authentication Token". I finally poked thru the CloudFront settings and saw it had set the defaultRootObject Once I cleared it, it started working.

I looked to the docs and see that index.html is the default, so it all makes sense now. Works great if you front a website, but when fronting API Gateway.... no good.

[jwoytek]

+1 on this being a time-sink when debugging seemingly odd CloudFront behavior. It is also unclear how to unset it from the documentation for the Python bindings. The default parameter is "None", so do I pass an empty string instead? Going to look at the back-end code to see what the right incantation is, but it would be awesome if this were fixed or if the Python docs could at least get updated to provide some guidance there.

[iDVB]

+1 on this being a time-sink when debugging seemingly odd CloudFront behavior. It is also unclear how to unset it from the documentation for the Python bindings. The default parameter is "None", so do I pass an empty string instead? Going to look at the back-end code to see what the right incantation is, but it would be awesome if this were fixed or if the Python docs could at least get updated to provide some guidance there.

How to disable this in Typescript is also confusing. Still not sure what to pass to disable this. Googling continues..... defaultRootObject: "" - makes the yaml the same defaultRootObject: undefined - makes it revert to the default of index.html defaultRootObject: false - fails eslint ...Still nothing.

How do you disable this in Typescript?

[iDVB]

Using defaultRootObject: Aws.NO_VALUE, is the only thing that actually passes ESLint and "may" work. Not sure yet.

[scottgifford]

Using defaultRootObject: Aws.NO_VALUE, is the only thing that actually passes ESLint and "may" work. Not sure yet.

Yes that worked for me too, thanks for the tip!

Agree it would be great to fix this, it was an unpleasant surprise that CDK defaults did not match AWS Console defaults, and hard to troubleshoot.

[justin-masse]

Ran into this today as well, was using the origin as an S3 redirect website bucket and the redirect was messed up because this setting was set to index.html so it was appending that to the end of the redirect.

[sxlijin]

This is absolutely the wrong behavior for CDK cloudfront. Spent two hours chasing this down.

I recognize this would be a backwards-breaking change, to fix, but... very unpleasant.