CloudFormation Lint Version
0.79.9
What operating system are you using?
Ubuntu
Describe the bug
I have CloudFront distribution origin configured to use an S3 bucket with an Origin Access Identity. The origin configuration looks like this.
- Id: S3Origin
DomainName: !GetAtt SiteBucket.DomainName
S3OriginConfig:
OriginAccessIdentity: !Sub "origin-access-identity/cloudfront/${OriginAccessIdentity}"Updating the origin configuration to use an Origin Access Control instead should allow the following config:
- Id: S3Origin
DomainName: !GetAtt SiteBucket.DomainName
OriginAccessControlId: !GetAtt OriginAccessControl.Id
However, cfn-lint complains with an error like the following:
E2523:Only one of [CustomOriginConfig, S3OriginConfig] should be specified for Resources/CloudFrontDistribution/Properties/DistributionConfig/Origins/0
Since the CustomOriginConfig contains required attributes, the workaround involves adding an empty S3OriginConfig to the origin (S3OriginConfig: {}).
Expected behavior
Ideally the empty S3OriginConfig would not be necessary and cfn-lint would pass without it. The CloudFront documentation makes it seem like S3OriginConfig and CustomOriginConfig are the only options, so this may just be a matter of CloudFormation and documentation running behind. I figured it was worth mentioning nonetheless.
Reproduction template
AWSTemplateFormatVersion: 2010-09-09
Resources:
CloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
ViewerCertificate:
AcmCertificateArn: !Ref CCOECertificate
SslSupportMethod: "sni-only"
MinimumProtocolVersion: "TLSv1.2_2019"
Origins:
- Id: S3Origin
DomainName: !GetAtt SiteBucket.DomainName
OriginAccessControlId: !GetAtt OriginAccessControl.Id
# S3OriginConfig: {} # Uncomment this line to pass cfn-lint
Enabled: true
DefaultCacheBehavior:
AllowedMethods:
- GET
- HEAD
TargetOriginId: S3Origin
ForwardedValues:
QueryString: false
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
CloudFormation Lint Version
0.79.9
What operating system are you using?
Ubuntu
Describe the bug
I have CloudFront distribution origin configured to use an S3 bucket with an Origin Access Identity. The origin configuration looks like this.
Updating the origin configuration to use an Origin Access Control instead should allow the following config:
However, cfn-lint complains with an error like the following:
E2523:Only one of [CustomOriginConfig, S3OriginConfig] should be specified for Resources/CloudFrontDistribution/Properties/DistributionConfig/Origins/0Since the CustomOriginConfig contains required attributes, the workaround involves adding an empty
S3OriginConfigto the origin (S3OriginConfig: {}).Expected behavior
Ideally the empty
S3OriginConfigwould not be necessary and cfn-lint would pass without it. The CloudFront documentation makes it seem likeS3OriginConfigandCustomOriginConfigare the only options, so this may just be a matter of CloudFormation and documentation running behind. I figured it was worth mentioning nonetheless.Reproduction template