Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cloudfront-origins): S3Origins with cross-stack buckets cause cyclic references #10696

Merged
merged 2 commits into from
Oct 5, 2020
Merged

fix(cloudfront-origins): S3Origins with cross-stack buckets cause cyclic references #10696

merged 2 commits into from
Oct 5, 2020

Conversation

njlynch
Copy link
Contributor

@njlynch njlynch commented Oct 5, 2020

An S3Origin creates an OriginAccessIdentity, and grants that identity read
permissions on the bucket. This creates cyclic references when the bucket is
located in a different stack than the distribution. The bucket has a dependency
on the generated OAI user for the BucketPolicy, and the Distribution has a
dependency on the bucket's domain name for the origin.

The fix detects a cross-stack bucket and re-parents the OAI in the bucket's
stack to prevent cyclic references.

fixes #10399

@njlynch
fix(cloudfront-origins): S3Origins with cross-stack buckets cause cyc…
a5ec770 
…lic references

An S3Origin creates an OriginAccessIdentity, and grants that identity read
permissions on the bucket.  This creates cyclic references when the bucket is
located in a different stack than the distribution. The bucket has a dependency
on the generated OAI user for the BucketPolicy, and the Distribution has a
dependency on the bucket's domain name for the origin.

The fix detects a cross-stack bucket and re-parents the OAI in the bucket's
stack to prevent cyclic references.

fixes #10399
@njlynch njlynch requested a review from a team October 5, 2020 10:02
@njlynch njlynch self-assigned this Oct 5, 2020
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Oct 5, 2020
@mergify
Copy link
Contributor

mergify bot commented Oct 5, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 9bb2b83
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Oct 5, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 0ec4588 into master Oct 5, 2020
@mergify mergify bot deleted the njlynch/cf-bucket-circular branch October 5, 2020 14:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rix0rrr rix0rrr rix0rrr approved these changes

Assignees

@njlynch njlynch

Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[cloudfront] Distribution with S3Origin causes cyclic reference when Bucket is referenced cross-stack
3 participants
@njlynch @aws-cdk-automation @rix0rrr