(cloudfront): failed to deploy Distribution to AWS China caused by unsupported 'CachePolicyId'

[zxkane]

The deployment failed with error message,

2021-03-14 15:31:07 UTC+0800 | Distribution830FAC52 | CREATE_FAILED | The parameter CachePolicyId can't be set for this region. (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidArgument; Request ID: 682d46e9-2ccc-49ea-aeb9-57d0c508a814; Proxy: null)

Reproduction Steps

Create a distribution like below, then deploy it AWS China,

    const websiteBucket = new Bucket(this, 'DashboardUI', {
      removalPolicy: RemovalPolicy.DESTROY,
      autoDeleteObjects: true,
      encryption: BucketEncryption.S3_MANAGED,
      blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
    });

    const distribution = new Distribution(this, 'Distribution', {
      defaultBehavior: {
        origin: new S3Origin(websiteBucket),
        viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
        allowedMethods: AllowedMethods.ALLOW_GET_HEAD,
      },
      defaultRootObject: 'index.html',
      enableIpv6: false,
      priceClass: PriceClass.PRICE_CLASS_ALL,
      enableLogging: true,
    });

What did you expect to happen?

The new CloudFront distribution can be deployed to AWS China regions.

What actually happened?

Environment

• CDK CLI Version : 1.91.0
• Framework Version:
• Node.js Version:
• OS :
• Language (Version):

Other

---

This is 🐛 Bug Report

[njlynch]

Thanks for the bug report, @zxkane.

This is because we always default to using a Cache Policy, even if one is not specified.

aws-cdk/packages/@aws-cdk/aws-cloudfront/lib/private/cache-behavior.ts

Line 48 in ab2c48e

cachePolicyId: (this.props.cachePolicy ?? CachePolicy.CACHING_OPTIMIZED).cachePolicyId,

I can't find any documentation stating that cache policies aren't supported in CN, but from the console experience and the above report, it appears they are not (yet) supported. As a temporary work-around, you might be able to use escape hatches to remove the cache policy id. Can you try this as a work-around and see if it works?

    const distribution = new Distribution(this, 'Distribution', {
      defaultBehavior: {
        origin: new S3Origin(websiteBucket),
        viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
        allowedMethods: AllowedMethods.ALLOW_GET_HEAD,
      },
      defaultRootObject: 'index.html',
      enableIpv6: false,
      priceClass: PriceClass.PRICE_CLASS_ALL,
      enableLogging: true,
    });
    const cfnDist = (dist.node.defaultChild as CfnDistribution);
    cfnDist.addPropertyDeletionOverride('DistributionConfig.DefaultCacheBehavior.CachePolicyId');

[zxkane]

Hi Nick,

Thanks for your workaround.

Per the doc, one of CachePolicyId and ForwardedValues is mandatory.

I have to add below overriding for a working workaround,

    cfnDist.addPropertyOverride('DistributionConfig.DefaultCacheBehavior.ForwardedValues', {
      "QueryString": false
    });

Also CachePolicy can not be used when creating CloudFront distribution in China regions. Defining cache behavior must hack the CacheBehaviors prop of distribution created by Distribution.

The old CloudFrontWebDistribution is still maintained, is it recommended for creating distribution in China regions?

[github-actions]

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

[pahud]

still relevant

[pahud]

closing as the workaround #31033 (comment) is relevant.

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.