Closed Silverblix closed 3 years ago
It's correct - it's returned from a custom resource here: https://github.com/awslabs/aws-api-gateway-developer-portal/blob/master/lambdas/cloudfront-security/replicator.js#L92
I didn't use a standard Lambda as this could be deployed to any region (not just us-east-1), CloudFront currently requires Lambda@Edge functions to be deployed to us-east-1, and neither CloudFormation nor SAM currently have any special workarounds in place for this.
I specifically used the Data
property (indirectly) for custom resource responses to do that.
Makes sense! Clever! You give the flexibility to push this CF to any region while programmatically deploying some additional resources (Lambda@Edge functions) in a specific region (us-east-1). I should have looked into what the lambda function CloudFrontSecurityHeadersSetup
was doing...
Thank you for explaining!
Hi,
Not sure if this is preventing a 100% successful deployment of this CF stack (not tested), but while I was reviewing the CF template (template.yaml), I noticed this attribute EdgeArn used to get the Arn of a Lambda function (via a Custom Resource) for 2 resources of type AWS::CloudFront::Distribution as followed:
I have not found any documentation of that to be a valid attribute... or is it (well hidden)?
Should you fetch the attribute MasterArn instead, which is documented here?