Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(cloudfront-origins): originAccessIdentity not applied for existing bucket #24763

Closed
iRoachie opened this issue Mar 23, 2023 · 3 comments
Closed
Labels
@aws-cdk/aws-cloudfront-origins Related to CloudFront Origins for the CDK CloudFront Library bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.

Comments

@iRoachie
Copy link
Contributor

iRoachie commented Mar 23, 2023

Describe the bug

I have a stack where it's using an S3 bucket from another stack via Bucket.fromBucketName.

I created my own origin access identity and added the bucket policy via:

new BucketPolicy(this, 'bucket-policy', {
  bucket: myBucket,
}).document.addStatements(
  new PolicyStatement({
    actions: ['s3:GetObject'],
    resources: [myBucket.arnForObjects('*')],
    principals: [oai.grantPrincipal],
  })
);

When creating the distribution, the stack deploys, but the oai is not associated with my origin.

new Distribution(this, 'my-cdn', {
  defaultBehavior: {
    origin: new S3Origin(myBucket, {
      originAccessIdentity: oai,
    }),
  },
});

Expected Behavior

The oai should be associated with the origin.

Current Behavior

A new oai instead is being created by S3Origin even though I've provided one https://github.com/aws/aws-cdk/blob/main/packages/%40aws-cdk/aws-cloudfront-origins/lib/s3-origin.ts#L60

Reproduction Steps

  • Create a bucket through console or another cdk stack
  • Create oai and distribution in the above steps

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.70.0

Framework Version

2.70.0

Node.js Version

v18.12.1

OS

Mac

Language

Typescript

Language Version

4.9.5

Other information

I've already checked issues like #22451 but my bucket is not configured as a website

@iRoachie iRoachie added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Mar 23, 2023
@github-actions github-actions bot added the @aws-cdk/aws-cloudfront-origins Related to CloudFront Origins for the CDK CloudFront Library label Mar 23, 2023
@outcast292
Copy link

I've same issue with IBucket.grantRead , the OAI does not get added to the bucket policies .

How to reproduce

  • I get a bucket from Bucket.fromBucketArn , it returns an IBucket interface
  • IBucket.grantRead(OAI)

Expected Behavior

Bucket Should be accessible via the OAI in the cloudfront distribution

Current Behavior

Bucket policies do not get updated at all .

CDK version

2.68.0 - 2.70.0

@iRoachie
Copy link
Contributor Author

Closing this, issue came from external source (trustedKeyGroups)

@iRoachie iRoachie closed this as not planned Won't fix, can't repro, duplicate, stale Mar 23, 2023
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
@aws-cdk/aws-cloudfront-origins Related to CloudFront Origins for the CDK CloudFront Library bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Development

No branches or pull requests

2 participants