feat(cloudfront): add grantCreateInvalidation to Distribution #22575
Conversation
|
|
github-actions
bot
added
effort/small
github-actions
bot
added
the
beginning-contributor
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dissmissing previous PRLinter review.
TheRealAmazonKendra
changed the title
| /** | ||
| * Format distribution ARN from stack and distribution ID. | ||
| */ | ||
| export function formatDistributionArn(scope: Construct, distributionId: string) { |
There was a problem hiding this comment.
I'm not seeing the benefit of creating this file instead of just putting these in the distribution file.
There was a problem hiding this comment.
These functions are shared by distribution.ts and web-distribution.ts.
| * | ||
| * @attribute | ||
| */ | ||
| readonly distributionArn: string; |
There was a problem hiding this comment.
I'm not sure I get why this is being added in this context. It's not included in Fn::GetAtt in the resource per https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html. How is this being used?
There was a problem hiding this comment.
It's useful when grant other than CreateInvalidation:
declare const role: iam.Role;
// before
role.addToPrincipalPolicy(new iam.PolicyStatement({
actions: ['cloudfront:ListInvalidations'],
// region is needed here
resources: [this.formatArn({ service: 'cloudfront', region: '', resource: 'distribution', resourceName: dist.distributionId })],
}));
// after
role.addToPrincipalPolicy(new iam.PolicyStatement({
actions: ['cloudfront:ListInvalidations'],
resources: [dist.distributionArn],
}));Can be removed if it's excessive.
|
@TheRealAmazonKendra I created an alternative PR #22709. Would you please choose which PR is approvable? |
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
2 similar comments
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
Tietew
force-pushed
the
cf-grant-methods
branch
from
d2674c1
to
a70aa71
Compare
mergify
bot
dismissed
TheRealAmazonKendra’s stale review
Pull request has been modified.
Tietew
force-pushed
the
cf-grant-methods
branch
from
a70aa71
to
ccf0ef7
Compare
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
This PR adds
distributionArnattribute andgrantCreateInvalidation()method toIDistribution.distributionArn- returns the ARN of the distribution.grantCreateInvalidation()- grantscloudfront:CreateInvalidationon the distribution.Fixes #13159
All Submissions:
Adding new Unconventional Dependencies:
New Features
yarn integto deploy the infrastructure and generate the snapshot (i.e.yarn integwithout--dry-run)?By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license