(aws-cloudfront): ResponseHeadersPolicy policy name can exceed maximum

[blimmer]

Describe the bug

The auto-generated Name for a CloudFront ResponseHeadersPolicy can be longer than the (unpublished) maximum of 129 characters. These very long stack names are common when using CDK Pipelines.

Expected Behavior

I expected CDK to truncate the auto-generated name to be shorter than the maximum allowed policy name.

Current Behavior

When the name field is too long, it produces this very opaque error message:

1:43:29 PM | CREATE_FAILED        | AWS::CloudFront::ResponseHeadersPolicy | ResponseHeadersPolicy
Resource handler returned message: "Invalid request provided: AWS::CloudFront::ResponseHeadersPolicy"
(RequestToken: d86fa560-67f9-db71-29af-402e0fdee080, HandlerErrorCode: InvalidRequest)
1:43:30 PM | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack             | AVeryLongCdkBugRep...eAct
uallyQuiteLong
The following resource(s) failed to create: [ResponseHeadersPolicy13DBF9E0]. Rollback requested by use
r.
1:43:30 PM | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack             | AVeryLongCdkBugRep...eAct
uallyQuiteLong
The following resource(s) failed to create: [ResponseHeadersPolicy13DBF9E0]. Rollback requested by use
r.

I was able to determine the Name field was too long by trying to create a policy in via the UI with the same name. The UI gave me back a much better error message:

The parameter Name is too big.

Reproduction Steps

blimmer/cdk-bug-reports@2e519b8

This commit shows the problem. This is a fresh repo generated by cdk init with just the changes indicated in the diff.

Possible Solution

There are lots of examples scattered throughout the code where a name is restricted in length, e.g.:

aws-cdk/packages/@aws-cdk/aws-codeguruprofiler/lib/profiling-group.ts

Lines 197 to 203 in 74318c7

	private generateUniqueId(): string {
	const name = Names.uniqueId(this);
	if (name.length > 240) {
	return name.substring(0, 120) + name.substring(name.length - 120);
	}
	return name;
	}

The character limit isn't defined explicitly in the CFN docs or in the API docs:

Name -> (string)
  A name to identify the response headers policy.

  The  name  must  be unique for response headers policies in this
  Amazon Web Services account.

From trial and error in the console, it appears the limit is 129 characters.

Additional Information/Context

No response

CDK CLI Version

2.36.0 (build 7cde279)

Framework Version

No response

Node.js Version

16.14.0

OS

macOS

Language

Typescript

Language Version

No response

Other information

No response

[peterwoodworth]

I'm unable to reproduce this, because I'm failing deployment with a short name and I'm not sure why... I'm receiving the same error message. Have you successfully deployed this resource with a name below 129 characters where just changing the name to be more than 128 characters will fail deployment? Or was all your testing done in the console

[blimmer]

Yep, I can deploy < 129 characters while failing with > 129. I tested with the linked repro from the ticket (as well as the console).

[peterwoodworth]

Thanks, I've reported this internally to CloudFormation to implement better error messages for this resource so that we can get to the bottom of all these errors