@aws-cdk/cloudfront: OriginAccessIdentity mixes up id and name

[dbartholomae]

Describe the bug

OriginAccessIdentity.fromOriginAccessIdentityName asks for the OAI name, but actually needs the OAI id.

Set up the following bucket with a Cloudfront OAI name from a different account:

const bucket = new Bucket(this, "Bucket");
const originAccessIdentity =
  OriginAccessIdentity.fromOriginAccessIdentityName(
    this,
    "OriginAccessIdentity",
    "<add-OAI-name-here>"
  );

bucket.grantRead(originAccessIdentity);

Then deploy.

Expected Behavior

The deployment should work.

Current Behavior

The deployment fails because what is needed is actually the OAI id, not the OAI name. This makes OriginAccessIdentity.fromOriginAccessIdentityName quite a misnomer.

Reproduction Steps

See above.

Possible Solution

Rename the method and internal properties to OriginAccessIdentity.fromOriginAccessIdentityId.

Additional Information/Context

Not sure if this bug is CDK-specific or a general CloudFormation problem.

CDK CLI Version

2.20.0

Framework Version

No response

Node.js Version

16

OS

Windows 11

Language

Typescript

Language Version

No response

Other information

No response

[peterwoodworth]

You're right @dbartholomae, good find. The AWS console ends up showing the comment as the OAI "Name", and the OAI "Id" is the correct value to use according to the console.

This method, and the originAccessIdentityName property both should be named id. CloudFormation ref CloudFront ref

I think the best way to address this would be to add the new method and prop which end in Id, and implement them identically to the current method and prop. Then, deprecate the prop and method which reference the OAI name, and have them reference the new method/prop.

[dbartholomae]

Happy to provide a PR if fthat makes sense - I might need some guidance on all places I need to change for documentating the new function and deprecating the old one.

[peterwoodworth]

We'd love your contribution here!

Our API reference docs are actually autogenerated based on the code files and comments. If you follow exactly how fromOriginAccessIdentityName() is structured, you'' see that the comments above each class, method, and property are the actual descriptions seen on our API ref.

You can deprecate a method by adding the @ deprecated flag - just make sure to leave a comment explaining which method to use instead!

Example here

aws-cdk/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts

Line 135 in 74318c7

* @deprecated use opensearchservice module instead

Appearance in docs

[dbartholomae]

I've created a PR: #20772