CloudFormation resources trying to get a resource attribute called EdgeArn?

[Silverblix]

Hi,

Not sure if this is preventing a 100% successful deployment of this CF stack (not tested), but while I was reviewing the CF template (template.yaml), I noticed this attribute EdgeArn used to get the Arn of a Lambda function (via a Custom Resource) for 2 resources of type AWS::CloudFront::Distribution as followed:

   LambdaFunctionARN: !GetAtt CloudFrontSecurityHeadersSetup.EdgeArn

I have not found any documentation of that to be a valid attribute... or is it (well hidden)?

Should you fetch the attribute MasterArn instead, which is documented here?

[ghost]

It's correct - it's returned from a custom resource here: https://github.com/awslabs/aws-api-gateway-developer-portal/blob/master/lambdas/cloudfront-security/replicator.js#L92

I didn't use a standard Lambda as this could be deployed to any region (not just us-east-1), CloudFront currently requires Lambda@Edge functions to be deployed to us-east-1, and neither CloudFormation nor SAM currently have any special workarounds in place for this.

I specifically used the Data property (indirectly) for custom resource responses to do that.

[Silverblix]

Makes sense! Clever! You give the flexibility to push this CF to any region while programmatically deploying some additional resources (Lambda@Edge functions) in a specific region (us-east-1). I should have looked into what the lambda function CloudFrontSecurityHeadersSetup was doing... Thank you for explaining!