Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

E3057 does not check if a TargetGroupID value is a valid OriginGroup. #3606

Closed
jmh2012 opened this issue Aug 16, 2024 · 1 comment · Fixed by #3607
Closed

E3057 does not check if a TargetGroupID value is a valid OriginGroup. #3606

jmh2012 opened this issue Aug 16, 2024 · 1 comment · Fixed by #3607
Assignees
@kddejong
Labels
bug Something isn't working

Comments

@jmh2012
Copy link

jmh2012 commented Aug 16, 2024

CloudFormation Lint Version

1.10.2

What operating system are you using?

Mac

Describe the bug

E3057 is a false positive if a valid OriginGroup is specified as the TargetOriginID. The new rule only checks if the TargetOriginID is a valid TargetOrigin, but doesn't also check if the value is a valid OriginGroup.
#3561

Expected behavior

The lint rule should also check if a TargetOriginID value is a valid OriginGroup.

Reproduction template

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  MyS3BucketPrimary:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: my-primary-bucket

  MyS3BucketSecondary:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: my-secondary-bucket

  MyCloudFrontDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Origins:
          - Id: PrimaryS3Origin
            DomainName: !GetAtt MyS3BucketPrimary.DomainName
            S3OriginConfig:
              OriginAccessIdentity: ""
          - Id: SecondaryS3Origin
            DomainName: !GetAtt MyS3BucketSecondary.DomainName
            S3OriginConfig:
              OriginAccessIdentity: ""
        OriginGroups:
          Quantity: 1
          Items:
            - Id: MyOriginGroup
              FailoverCriteria:
                StatusCodes:
                  Quantity: 1
                  Items:
                    - 403
              Members:
                Quantity: 2
                Items:
                  - OriginId: PrimaryS3Origin
                  - OriginId: SecondaryS3Origin
        DefaultCacheBehavior:
          TargetOriginId: MyOriginGroup
          ViewerProtocolPolicy: redirect-to-https
          AllowedMethods: ['GET', 'HEAD', 'OPTIONS']
          CachedMethods: ['GET', 'HEAD', 'OPTIONS']
          ForwardedValues:
            QueryString: false
            Cookies:
              Forward: none
        Enabled: true

Outputs:
  CloudFrontDistributionId:
    Description: "CloudFront Distribution ID"
    Value: !Ref MyCloudFrontDistribution
  CloudFrontDomainName:
    Description: "CloudFront Domain Name"
    Value: !GetAtt MyCloudFrontDistribution.DomainName
@kddejong
Copy link
Contributor

Thanks @jmh2012 Working on a fix.

@kddejong kddejong added the bug Something isn't working label Aug 16, 2024
@kddejong kddejong self-assigned this Aug 16, 2024
@kddejong kddejong mentioned this issue Aug 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kddejong kddejong

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Look at OriginGroups too for rule E3057 kddejong/cfn-python-lint
2 participants
@jmh2012 @kddejong