Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature request] Validate Cloudfront::Distribution.DistributionConfig.DefaultCacheBehavior.TargetOriginId exists #2296

Closed
alex-a-pereira opened this issue Jul 5, 2022 · 0 comments · Fixed by #3561
Closed

[feature request] Validate Cloudfront::Distribution.DistributionConfig.DefaultCacheBehavior.TargetOriginId exists #2296

alex-a-pereira opened this issue Jul 5, 2022 · 0 comments · Fixed by #3561
Assignees
@kddejong
Labels
new rule New rule

Comments

@alex-a-pereira
Copy link

cfn-lint version: v0.60.1

Description of issue.

The linter seems like it should validate that TargetOriginId must be set to an origin that exists in DistributionConfig.Origins array (please let me know and close if I'm incorrect). We're using AWS SAM to deploy the cloudformation template.

Currently this error is only caught (with a generic error message) at the time that cloudformation is deployed via sam deploy.
It would be great if this could be caught in static analysis - especially considering how updating cloudfront distributions via cloudformation is slow.

Example:

Resources:
  ReverseProxyCloudfrontDistribution:
    Type: 'AWS::CloudFront::Distribution'
    DependsOn:
      - ReactProjectCloudfrontDistribution
    Properties:
      DistributionConfig:
        Enabled: true
        Comment: 'My Website Reverse Proxy'
        HttpVersion: http2
        Origins:
          - Id: proxy-to-react-project
            DomainName: !GetAtt ReactProjectCloudfrontDistribution.DomainName
            CustomOriginConfig:
              OriginProtocolPolicy: "https-only"
          - Id: proxy-to-backend-orm
            DomainName: 'staging.mywebsite.com'
            CustomOriginConfig:
              OriginProtocolPolicy: "https-only"
        DefaultCacheBehavior:
          Compress: 'true'
          AllowedMethods:
            - GET
            - HEAD
            - OPTIONS
          ForwardedValues:
            QueryString: true
          # 
          # !!!!!!!!!! SEE HERE !!!!!!!!!!
          # I made a (rather obvious) typo to show that the linter does not catch this
          # it should be set to `proxy-to-react-project`
          #
          TargetOriginId: proxy-to-REACTTTTTTT-project
          ViewerProtocolPolicy : allow-all

  ReactProjectCloudfrontDistribution:
    Type: 'AWS::CloudFront::Distribution'
    Properties:
      # omitted for this example 
      # not relevent to the issue being discussed

Error message when deploying:

"Invalid request
provided: One or more of
your origins or origin
groups do not exist.
(Service: CloudFront, Status
Code: 404, Request ID: 47dd8
910-c4e0-4c2c-9b55-6df586af6
56e)" (RequestToken: 57323dc
4-fb71-c4be-c472-e738ec6d3de
4, HandlerErrorCode:
InvalidRequest)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kddejong kddejong

Labels
new rule New rule
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add rule to E3057 to validate TargetOriginId in a DefaultCacheBehavior kddejong/cfn-python-lint
2 participants
@alex-a-pereira @kddejong