Use Stack ID for OriginAccessControl.Name property (#69)

ConnorKirk · web-flow · commit 0982d8f323a5 · 2023-09-21T14:53:23.000+01:00
* Add link to repo in template description
* Derive OACConfig name from StackId
* Bump version

Use the Stack ID for the `OriginAccessControlConfig.Name` property.

The template fails to deploy when the stack name is longer than 64 characters. The `OriginAccessControlConfig` resource fails to create, with a generic `InvalidRequest` error. The `Name` property has. a max length of 64 characters.

The OriginAccessControlConfig.Name property was set to `!Sub 'oac-${AWS::StackName}-${AWS::Region}'`. For sufficiently long stack names (including the default stack name), this triggered the bug described above.

`OriginAccessControlConfig` resources must have a unique `Name` across all regions for an account. To ensure this, the `Name` property was derived from both the StackName and Region. The max length of a stack name is 128 characters. This is longer than the 64 characters allowed by the OACConfig Name property.
diff --git a/templates/cloudfront-site.yaml b/templates/cloudfront-site.yaml
@@ -103,7 +103,11 @@ Resources:
     Type: AWS::CloudFront::OriginAccessControl
     Properties:
       OriginAccessControlConfig:
-        Name: !Sub 'oac-${AWS::StackName}-${AWS::Region}'
+        # Get a unique ID for the OAC Config name.
+        # Name must be unique within account
+        Name: !Sub
+          - amzn-secure-static-site-${guid}
+          - guid: !Select [2, !Split ['/', !Ref 'AWS::StackId']]
         OriginAccessControlOriginType: s3
         SigningBehavior: always
         SigningProtocol: sigv4
diff --git a/templates/main.yaml b/templates/main.yaml
@@ -1,5 +1,8 @@
 AWSTemplateFormatVersion: 2010-09-09
-Description: ACFS3 - S3 Static site with CF and ACM (uksb-1qnk6ni7b) (version:v0.5)
+Description: |
+  ACFS3 - S3 Static site with CF and ACM
+  https://github.com/aws-samples/amazon-cloudfront-secure-static-site
+  (uksb-1qnk6ni7b) (version:v0.5)
 
 Metadata:
   AWS::CloudFormation::Interface:
@@ -13,7 +16,7 @@ Metadata:
 Mappings:
   Solution:
     Constants:
-      Version: 'v0.10'
+      Version: 'v0.11'
 
 Rules:
   OnlyUsEast1:
