-
Notifications
You must be signed in to change notification settings - Fork 247
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CloudFrontToS3: ssl certificate not added #1147
Comments
I am also getting this when I try to deploy:
But again, I can manually add the domain, and after doing that, the deployment will succeed, but it will remove the certicate from the distribution. Like it s not compatible or something. |
Any news on this?
The domain name I am using is covered in the certificate as an alternate domain with a wildcard, like When I deploy without these settings I can then add them in manually via Cloudfront and route53 and I am getting no errors. My code looks like this:
Can I get some feedback on this? |
Can someone confirm this is an issue or am I doing something wrong? |
Sorry, this slipped by us - we'll take a look. |
@biffgaut Thank you. |
Does the ACM code work when you use an older version of aws-cloudfront-s3 that is still based upon OAI? Is this a change when we rolled out OAC? |
@biffgaut no before I would not use the AWS-cloudfront-s3 function.
|
@biffgaut any update on this? Do you need something from me to expedite this? |
We had some issues with our publication pipeline that sidetracked us for a while, but hope to look at this this week. |
The code below works for me, I need to manually change the Alias record in the Route53 Hosted Zone, but the certificate is registered with the CloudFront distribution: export class Issue1147Stack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// Get the certificate registered with biffstestdomain.net (details changed)
const myCert = acm.Certificate.fromCertificateArn(
this,
"cert1147",
"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
)
const constructProps: CloudFrontToS3Props = {
cloudFrontDistributionProps: {
domainNames: ["biffstestdomain.net"],
certificate: myCert,
}
};
const target = new CloudFrontToS3(this, 'issue1147', constructProps);
// Just loading a Hello, World web page to retrieve
new s3deploy.BucketDeployment(this, 'DeployWebsite', {
sources: [s3deploy.Source.asset('./content')],
destinationBucket: target.s3Bucket!,
});
}
} |
Can you see any differences between this and what you're trying to accomplish? Did I interpret the question correctly? |
FWIW - I'll leave biffstestdomain.net running for a little while. |
@biffgaut
I also had distrubution settings in the BucketDeployment. This is a leftover from the old way I am doing it.
Then creating the ARecord didn't work because the certificate wasn't accepted.
I will try to create a fresh deployment and see if it throws the same error and then maybe remove the |
@biffgaut I also noticed I had a typo in the original code under The permission error I am getting is:
I see no permissions in my s3 bucket's policy. Then when I follow the link to the s3 bucket, I see a new s3 bucket has been created. I see that I can also change the name of the bucket using After using this:
I ended up with 2 buckets, as you can see in screenshot, and they where both empty. |
@biffgaut Good news, it works now. I do have to create my own bucket so I can control the bucketname. My full code is now:
|
Glad you got it working. A couple things to think about:
|
@biffgaut Thanks for the clarification. I understand prefer using my own naming convention which is linked to stack and environment and has some semantic meaning to me. |
I am adding an existing ACM certificate to my deployment and it is not reflected in Cloudfront. Manually adding it to cloudfront works, so I believe the certificate domains are valid.
Reproduction Steps
This code deploys my angular app to an s3 bucket, creates the distribution and adds a record to the hosted zone.
That all works well, but the certificate is not displayed in the distribution when I have a look at it:
The Arn of the certificate is correct and I can manually select it. So for some reason the certificate reference I get with
Certificate.fromCertificateArn
is not accepted.Error Log
Certificate is not added to distribution:
No error is happening during deploy
Environment
Other
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: