-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: AwsSolutions-CFR6 conflicts with AWS recommendation #1582
Comments
@EysaN I'll take a look into what needs to be done for this one. Thanks for bringing it up! |
I think we can check if |
I think there will need to be a few changes here Streaming DistributionCloudFront Streaming distributions don't seem to support Distribution@clueleaf I think you're correct that we need to check the |
Hi. Commenting from AWS ProServe Engagement Security: |
Since currently we have to use |
…#1794) Fixes #1582 CDK now supports [S3 Origin Access Control L2 construct](aws/aws-cdk#31254). Added a new rule to check if OAC is configured for CloudFront distributions using S3 as an origin. * Bumped cdk version used in development * Added missing parameters in QuickSight tests accordingly * Applied the existing OAI rule only to CloudFront Streaming distributions (CloudFront distributions will not be non-compliant if OAI is not configured any more) * Added a new rule checking OAC usage. Included the rule to AWS Solutions packs as `AwsSolutions-CFR7`
Under RULES.md, the rule AwsSolutions-CFR6 results in the following error when synthesizing CDK app:
AwsSolutions-CFR6: The CloudFront distribution does not use an origin access identity with an S3 origin.
However, AWS Documentation clearly says:
We recommend using OAC
and it marks OAI aslegacy, not recommended
.Currently, we have to manually suppress it to avoid synthesizing failure.
Could you please support OAC instead?
The text was updated successfully, but these errors were encountered: