crossRegionReference: Cannot update Lambdas@Edge after first deployment

[SonicV2]

Describe the bug

I am using the crossRegionReference to reference Lambdas created in the US-East-1 region in my EU-Central-1 stack. This is because Cloudfront only allows Lambdas@Edge only allows US-East-1 Lambdas and Cloudfront is deployed in my EU-Central-1 stack. It works the when deployed the first time but I can't update the Lambdas after.

I have worked around it by deploying the cloudfront in my US-East-1 stack and not using crossRegionReference

Expected Behavior

Updates for lambda should be possible

Current Behavior

Works the first time i deploy but got an error message when I try to update

UPDATE_FAILED | Custom::CrossRegionExportWriter | ExportsWritereucentral1E172851B74269898
Received response status [FAILED] from custom resource. Message returned: Error: Exports cannot be updated:

from aws_cdk import (
    aws_lambda as _lambda,
    aws_s3 as s3,
    aws_cloudfront as cloudfront,
    aws_cloudfront_origins as origins,
    RemovalPolicy,
    Stack,
    App,
)
from constructs import Construct


# Define parent stack to deploy child stacks in different region
class ParentStack(Stack):
    def __init__(self, scope: Construct, id: str, **kwargs):
        super().__init__(scope, id, **kwargs)
        us_east_1_stack = USEast1Stack(
            self, "USEast1", env={"region": "us-east-1"}, cross_region_references=True
        )
        eu_central_1_stack = MyStack(
            self,
            "EUCentral",
            us_lambda=us_east_1_stack.lambda_function,
            env={"region": "eu-central-1"},
            cross_region_references=True,
        )


class USEast1Stack(Stack):
    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        # Define the Lambda function
        us_lambda_function = _lambda.Function(
            self,
            "LambdaFunction",
            code=_lambda.Code.from_asset("lambda"),
            handler="index.handler",
            runtime=_lambda.Runtime.PYTHON_3_11,
            current_version_options=_lambda.VersionOptions(
                removal_policy=RemovalPolicy.DESTROY,  # retain old versions
                retry_attempts=1,
            ),
        )

        # Assign function to local variable of object
        self.lambda_function = us_lambda_function


class MyStack(Stack):
    def __init__(self, scope: Construct, id: str, us_lambda: _lambda, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        # Create an S3 bucket
        mybucket = s3.Bucket(
            self,
            "YQBucket",
            bucket_name="yq-cdk-bucket2",  # specify a unique bucket name
        )

        # Create edge lambda object and cross region reference lambda in US-East stack
        edge_lambda1 = cloudfront.EdgeLambda(
            event_type=cloudfront.LambdaEdgeEventType.ORIGIN_REQUEST,
            function_version=us_lambda.current_version,
            # the properties below are optional
            include_body=False,
        )

        # Create cloudfront distribution
        cloudfront.Distribution(
            self,
            "distro",
            default_behavior=cloudfront.BehaviorOptions(
                origin=origins.S3Origin(mybucket),
                edge_lambdas=[edge_lambda1],
            ),
        )


app = App()
ParentStack(app, "ParentStack")
app.synth()

Reproduction Steps

Take the code above, deploy it for the first time. Then try updating the lambda source code.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.111.0

Framework Version

No response

Node.js Version

20.5.1

OS

MacOS 13.5.1

Language

Python

Language Version

No response

Other information

No response

[pahud]

I'll look into this.

[pahud]

Hi

I would suggest to create both the cloudfront distribution and edge function in us-east-1. Is there any reason your cloudfront has to be deployed in eu-central-1?

The reason you can't update the lambda function is due to the strong reference from the crossRegionReferences design

https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/core/adr/cross-region-stack-references.md

One option is to use aws-cloudfront.experimental EdgeFunction construct without using crossRegionReferences if you really need to deploy the cloudfront stack in eu-central-1.
https://github.com/aws/aws-cdk/tree/main/packages/aws-cdk-lib/aws-cloudfront#lambdaedge
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.experimental.EdgeFunction.html

Let me know if it works for you.

[SonicV2]

There's no particular reason, I have worked around it by deploying cloudfront in US-East-1 and avoiding crossRegionReference totally. Hence, there is no blocker at the moment just that the feature is not working as it is supposed to as it doesn't allow Lambda code changes updates.

[pahud]

Hi @SonicV2

Please check out my edited comment above. Let me know if it works for you.