Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-cloudfront-apigateway-lambda can't be deployed elsewhere than in us-east-1 #93

Closed
fbouteruche opened this issue Oct 22, 2020 · 5 comments · Fixed by #313
Closed

aws-cloudfront-apigateway-lambda can't be deployed elsewhere than in us-east-1 #93

fbouteruche opened this issue Oct 22, 2020 · 5 comments · Fixed by #313
Assignees
@hnishar
Labels
bug Something isn't working

Comments

@fbouteruche
Copy link

configure your profile to deploy in eu-west-1
run cdk deploy
it fails with the following error

The function must be in region 'us-east-1'. ARN: arn:aws:lambda:eu-west-1:204847680503:function:LandingPageStack-testcloudfrontapigatewaylambdaClo-1F9QY441H38IK:1 (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidLambdaFunctionAssociation; Request ID: 42fefc2e-52b1-4db1-90ae-b3d26b2cadaa)

Reproduction Steps

try to deploy this

new CloudFrontToApiGatewayToLambda(this, 'test-cloudfront-apigateway-lambda', {
  lambdaFunctionProps: {
      code: lambda.Code.fromAsset(`${__dirname}/lambda`),
      runtime: lambda.Runtime.NODEJS_12_X,
      handler: 'index.handler'
  }
});

Error Log

4:56:08 PM | CREATE_FAILED | AWS::CloudFront::Distribution | testcloudfrontapig...stribution4AF2BFE4
The function must be in region 'us-east-1'. ARN: arn:aws:lambda:eu-west-1:204847680503:function:LandingPageStack-testcloudfrontapigatewaylambdaClo-1F9QY441H38IK:1 (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidLambdaFunctionAssociation; Request ID: 42fefc2e-52b1-4db1-90ae-b3d26b2cadaa)

    new CloudFrontWebDistribution (/home/bouteru/repos/landing-page/node_modules/@aws-cdk/aws-cloudfront/lib/web_distribution.ts:871:26)
    \_ Object.CloudFrontDistributionForApiGateway (/home/bouteru/repos/landing-page/node_modules/@aws-solutions-constructs/core/lib/cloudfront-distribution-helper.ts:146:66)
    \_ new CloudFrontToApiGateway (/home/bouteru/repos/landing-page/node_modules/@aws-solutions-constructs/aws-cloudfront-apigateway/lib/index.ts:66:16)
    \_ new CloudFrontToApiGatewayToLambda (/home/bouteru/repos/landing-page/node_modules/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/lib/index.ts:106:51)
    \_ new LandingPageStack (/home/bouteru/repos/landing-page/lib/landing-page-stack.ts:9:5)
    \_ Object.<anonymous> (/home/bouteru/repos/landing-page/bin/landing-page.ts:7:1)
    \_ Module._compile (internal/modules/cjs/loader.js:1137:30)
    \_ Module.m._compile (/home/bouteru/repos/landing-page/node_modules/ts-node/src/index.ts:858:23)
    \_ Module._extensions..js (internal/modules/cjs/loader.js:1157:10)
    \_ Object.require.extensions.<computed> [as .ts] (/home/bouteru/repos/landing-page/node_modules/ts-node/src/index.ts:861:12)
    \_ Module.load (internal/modules/cjs/loader.js:985:32)
    \_ Function.Module._load (internal/modules/cjs/loader.js:878:14)
    \_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:71:12)

Environment

  • **CDK CLI Version : 1.60.0 **
  • CDK Framework Version: 1.60.0
  • **AWS Solutions Constructs Version : 1.60.0 **
  • OS : Ubuntu LTS 18.04
  • Language : Typescript

Other

This is 🐛 Bug Report
@fbouteruche fbouteruche added bug Something isn't working needs-triage The issue or PR still needs to be triaged labels Oct 22, 2020
@flochaz
Copy link

flochaz commented Oct 22, 2020

And if it's a known limitation, it is not documented in https://docs.aws.amazon.com/solutions/latest/constructs/aws-cloudfront-apigateway-lambda.html?did=cs_card&trk=cs_card

@hnishar
Copy link
Contributor

hnishar commented Nov 7, 2020
edited
Loading

Thanks for opening the issue. This pattern, by default, deploys a Lambda@Edge function for injection of best practice HTTP security headers in all responses from CloudFront WebDistribution, which fails to deploy in any region other than us-east-1. There is a limitation on Lambda@Edge function to exist in us-east-1 region for it to be triggered from Cloudfront, as documented here

While we come up with a fix for it, the workaround would be to disable the Lambda@Edge function deployment, we will update the documentation accordingly

new CloudFrontToApiGatewayToLambda(this, 'test-cloudfront-apigateway-lambda', {
  lambdaFunctionProps: {
      code: lambda.Code.fromAsset(`${__dirname}/lambda`),
      runtime: lambda.Runtime.NODEJS_12_X,
      handler: 'index.handler'
  },
  insertHttpSecurityHeaders: false
});

@hnishar hnishar removed the needs-triage The issue or PR still needs to be triaged label Nov 10, 2020
@hnishar
Copy link
Contributor

hnishar commented May 26, 2021

We will look into the recently released Cloudfront Functions (replacing Lambda@Edge function) to insert the best practices HTTP security headers

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example-function-add-security-headers.html

@biffgaut
Copy link
Contributor

Implementing the CloudFront constructs with CloudFront Functions can be followed in this issue.

@biffgaut biffgaut linked a pull request Aug 25, 2021 that will close this issue
fix (CloudFrontToApiGateway - use cloudfront function instead of lambda@edge) #313
Merged
@biffgaut
Copy link
Contributor

PR 313 changed this construct from using Lambda@Edge functions to CloudFront Functions, so this issue has been addressed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hnishar hnishar

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
4 participants
@flochaz @fbouteruche @hnishar @biffgaut