search

awslabs / aws-solutions-constructs

The AWS Solutions Constructs Library is an open-source extension of the AWS Cloud Development Kit (AWS CDK) that provides multi-service, well-architected patterns for quickly defining solutions
https://docs.aws.amazon.com/solutions/latest/constructs/
Apache License 2.0
1.23k stars 246 forks source link

CloudFrontToS3 : Customize Domain Name with Certificate #1139

Open gmarchand opened 3 months ago

gmarchand commented 3 months ago

Use Case

I would want to customize the domain name of my Cloudfront Distribution

But I can't do it as you can see in this code:


        cfn_s3 = CloudFrontToS3(self, "lawsy-newsletter-cloudfront-s3",
            cloud_front_distribution_props=cloudfront.DistributionProps(
                domain_names=[domain_name],
                certificate=certificate_cf,
                comment="CloudFront distribution for lAWSy Newsletter",
                default_behavior=cloudfront.BehaviorOptions(
                    origin=cloudfront_origins.S3Origin(??)
                    ),

                )

            )
        )

How could it possible to customize the domain name with a TLS Certificate ?

gmarchand commented 3 months ago

I tried this one 

        certificate_cf = acm.DnsValidatedCertificate(
            self,
            "certificate-cf",
            domain_name=domain_name,
            hosted_zone=hosted_zone,
            region="us-east-1",
        )

        bucket = s3.Bucket(self, "s3-bucket",
            enforce_ssl=True,
        )

        cfn_s3 = CloudFrontToS3(self, "cloudfront-s3",
            existing_bucket_obj=bucket, # s3.Bucket
            cloud_front_distribution_props=cloudfront.DistributionProps(
                domain_names=[domain_name],
                certificate=certificate_cf,
                comment="CloudFront distribution for lAWSy Newsletter",
                default_behavior=cloudfront.BehaviorOptions(
                    origin=cloudfront_origins.S3Origin(bucket)
                    ),

                )

            )

But I have this error

Invalid request provided: AWS::CloudFront::Distribution: Cannot use both Origin Access Control and Origin Access Identity on an origin
biffgaut commented 3 months ago

Thanks, we'll take a look

biffgaut commented 2 days ago

Sorry it took so long for us to get back to this.

Reading this, it sounds like you want to replace the service generated domain name for your CloudFront distribution with your own custom domain name. If this is the case, that is not possible. To assign a custom domain name to your CloudFront to S3 architecture you will need to register your Domain Name with a DNS service such as Route53 and direct it to your CloudFront distribution url. There's lots of discussion around doing that here.

WRT to your last error around OAC and OAI, the cloudfront-s3 construct automatically creates an OAC (the recommended technology to use at this point), so if you supply your own S3Origin then you are adding an extra OAI and will see that error. You don't need to supply that, the construct will set all that up for you. This issue is also discussed here.