Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cdk v2 cdk-cloudfront-authorization missing httpHeaders #171

Open
caevv opened this issue Apr 25, 2022 · 3 comments
Open

cdk v2 cdk-cloudfront-authorization missing httpHeaders #171

caevv opened this issue Apr 25, 2022 · 3 comments

Comments

@caevv
Copy link

caevv commented Apr 25, 2022

cdk-cloudfront-authorization is throwing the following error:

{
    "errorType": "TypeError",
    "errorMessage": "Cannot convert undefined or null to object",
    "stack": [
        "TypeError: Cannot convert undefined or null to object",
        "    at Function.entries (<anonymous>)",
        "    at asCloudFrontHeaders (/var/task/index.js:8518:19)",
        "    at getConfig (/var/task/index.js:8512:28)",
        "    at Runtime.handler (/var/task/index.js:14932:41)",
        "    at Runtime.handleOnce (/var/runtime/Runtime.js:66:25)"
    ]
}

Seems like due to config.httpHeaders being undefined.

configuration.json 
{
  "logLevel": "warn",
  "redirectPathSignIn": "/parseauth",
  "redirectPathAuthRefresh": "/refreshauth",
  "redirectPathSignOut": "/",
  "userPoolId": "###",
  "clientId": "###",
  "oauthScopes": [
    "phone",
    "email",
    "profile",
    "openid",
    "aws.cognito.signin.user.admin"
  ],
  "cognitoAuthDomain": "###",
  "cookieSettings": {
    "idToken": "Path=/; Secure; SameSite=Lax",
    "accessToken": "Path=/; Secure; SameSite=Lax",
    "refreshToken": "Path=/; Secure; SameSite=Lax",
    "nonce": "Path=/; Secure; HttpOnly; SameSite=Lax"
  },
  "nonceSigningSecret": "N"
}
CDK 
    // BUCKET
    const bucket = new s3.Bucket(this, "SiteBucket", {
      bucketName: siteDomain,
      blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
      encryption: s3.BucketEncryption.S3_MANAGED,
      enforceSSL: true,
      removalPolicy: RemovalPolicy.RETAIN,
    });

    const userPool = aws_cognito.UserPool.fromUserPoolId(
      this,
      `${id}-userpool`,
      aws_ssm.StringParameter.valueForStringParameter(this, "###")
    );

    const client = userPool.addClient(id + "-web-client", {
      preventUserExistenceErrors: true,
      enableTokenRevocation: true,
    });

    const authorization = new SpaAuthorization(this, "Authorization", {
      userPool,
    });

    const originAccessIdentity = new cloudfront.OriginAccessIdentity(this, "OAI", {
      comment: `OAI for ${siteDomain} website.`,
    });
    bucket.grantRead(originAccessIdentity);

    const zone = aws_route53.HostedZone.fromHostedZoneAttributes(this, "Zone", {
      hostedZoneId: hostedZoneId,
      zoneName: route53ZoneName,
    });

    const distribution = new cloudfront.Distribution(this, `${id}-distribution`, {
      domainNames: [siteDomain],
      certificate: new acm.DnsValidatedCertificate(this, "SiteCertificate", {
        domainName: siteDomain,
        hostedZone: zone,
        region: "us-east-1", // requirement for CloudFront
      }),
      defaultRootObject: "index.html",
      defaultBehavior: authorization.createDefaultBehavior(
        new aws_cloudfront_origins.S3Origin(bucket, { originAccessIdentity })
      ),
    });

    new aws_s3_deployment.BucketDeployment(this, `deploy-with-invalidation`, {
      sources: [aws_s3_deployment.Source.asset("../ui/build")],
      destinationBucket: bucket,
      distribution: distribution,
      distributionPaths: ["/*"],
      serverSideEncryption: ServerSideEncryption.AES_256,
    });

    // Route53 alias record for the CloudFront distribution
    new aws_route53.ARecord(this, "SiteAliasRecord", {
      recordName: siteDomain,
      target: aws_route53.RecordTarget.fromAlias(new aws_route53_targets.CloudFrontTarget(distribution)),
      zone,
    });
@danielesalvatore
Copy link

I confirm the issue is still present in v2.1.0.
I just upgraded from cloudcomponents.cdk-cloudfront-authorization==1.50.0 to cloudcomponents.cdk-cloudfront-authorization==2.1.0, and the python StaticSiteAuthorization construct does not accept the http_headers argument.

  authorization = StaticSiteAuthorization(self, "Authorization",
      user_pool=user_pool,
      identity_providers=[_cognito.UserPoolClientIdentityProvider.custom("SSO")],
      http_headers= cdn_http_headers if cdn_http_headers else None
  )

and this is the error I get:
Screenshot 2022-05-24 at 15 26 31

Many thanks for any help you may provide.

@danielesalvatore
Copy link

Hello! Is any news about this issue? Thanks!

@danielesalvatore
Copy link

Hi @caevv did you find a way to overtake this? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@caevv @danielesalvatore