Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CloudFront Origin Access Identity ARN wrapped in AWS Principal part of the template #2703

Closed
ScOut3R opened this issue May 31, 2019 · 0 comments · Fixed by #2964 or MechanicalRock/tech-radar#14 · May be fixed by MechanicalRock/cdk-constructs#5, MechanicalRock/cdk-constructs#6 or MechanicalRock/cdk-constructs#7
Closed

CloudFront Origin Access Identity ARN wrapped in AWS Principal part of the template #2703

ScOut3R opened this issue May 31, 2019 · 0 comments · Fixed by #2964 or MechanicalRock/tech-radar#14 · May be fixed by MechanicalRock/cdk-constructs#5, MechanicalRock/cdk-constructs#6 or MechanicalRock/cdk-constructs#7
Labels
bug This issue is a bug.

Comments

@ScOut3R
Copy link
Contributor

ScOut3R commented May 31, 2019

Describe the bug
Using .addAwsPrincipal and supplying arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${originAccessIdentity.cloudFrontOriginAccessIdentityId} as the argument causes a line wrap in the generated template. This issue does not happen when using the JSON format.

              AWS:
                Fn::Join:
                  - ""
                  - - "arn:aws:iam::cloudfront:user/CloudFront Origin Access
                      Identity "
                    - Ref: OriginAccessIdentity

To Reproduce

 const originAccessIdentity = new CfnCloudFrontOriginAccessIdentity(this, 'OriginAccessIdentity', {
      cloudFrontOriginAccessIdentityConfig: {
        comment: 'Access Identity'
      }
    });

    const bucket = new Bucket(this, 'SiteBucket', {
      encryption: BucketEncryption.S3Managed
    });

    bucket.addToResourcePolicy(new PolicyStatement()
      .addActions('s3:GetObject')
      .addResource(`${bucket.bucketArn}/*`)
      .addAwsPrincipal(`arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${originAccessIdentity.cloudFrontOriginAccessIdentityId}`)
    );

Expected behavior
I expect no line wrap to happen.

Version:

  • Linux
  • TypeScript
  • CDK Version 0.33
@ScOut3R ScOut3R added the bug This issue is a bug. label May 31, 2019
RomainMuller added a commit that referenced this issue Jun 20, 2019
@RomainMuller
fix(cli): Disable line folding in YAML
f3d6af6 
Certain versions of YAML support long line folding, however the
CloudFormation YAML parser does not handle those. Disabling folding
when generating YAML so that we keep generating correct templates.

Fixes #2703
@RomainMuller RomainMuller mentioned this issue Jun 20, 2019
Merged
4 tasks
RomainMuller added a commit that referenced this issue Jun 20, 2019
@RomainMuller
fix(cli): Disable line folding in YAML (#2964)
0dabb02 
Certain versions of YAML support long line folding, however the
CloudFormation YAML parser does not handle those. Disabling folding
when generating YAML so that we keep generating correct templates.

Fixes #2703
This was referenced Aug 22, 2019
Open
Open
Open
Open
Open
This was referenced Dec 12, 2019
Closed
Closed
Closed
Merged
Closed
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Jan 20, 2020
Closed
Closed
This was referenced Sep 24, 2024
Open
Open
Open
Open
Open
This was referenced Sep 27, 2024
Open
Open
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(cli): Disable line folding in YAML aws/aws-cdk
[Snyk] Upgrade @aws-cdk/aws-iam from 0.22.0 to 0.39.0 MechanicalRock/tech-radar
[Snyk] Upgrade @aws-cdk/aws-codebuild from 0.24.1 to 0.39.0 MechanicalRock/cdk-constructs
[Snyk] Upgrade @aws-cdk/aws-codepipeline from 0.24.1 to 0.39.0 MechanicalRock/cdk-constructs
[Snyk] Upgrade @aws-cdk/aws-s3 from 0.24.1 to 0.39.0 MechanicalRock/cdk-constructs
[Snyk] Upgrade @aws-cdk/aws-cloudfront from 0.15.2 to 0.39.0 MechanicalRock/cdk-products
[Snyk] Upgrade @aws-cdk/aws-codebuild from 0.15.2 to 0.39.0 MechanicalRock/cdk-products
[Snyk] Upgrade @aws-cdk/aws-codecommit from 0.15.2 to 0.39.0 MechanicalRock/cdk-products
[Snyk] Upgrade @aws-cdk/aws-codepipeline from 0.15.2 to 0.39.0 MechanicalRock/cdk-products
[Snyk] Upgrade @aws-cdk/aws-cloudformation from 0.0.0 to 0.39.0 NOUIY/aws-solutions-constructs
1 participant
@ScOut3R