[Feature request] support CloudFront Alternate Domain Name
tvaughan73 opened this issue · 2 comments
I have an issue where the alternate domain name set in cloudfront is not being set and is being removed when the stack is updated.
Steps to reproduce:
- Deploy solution from this link and set an alternate domain name. No other option changed from default except alternate domain name. Not sure it matters but I am setting domain like portal.dev.example.com.
- After deploy is complete the alternate domain name is not set on cloudfront distribution. The domain name is set manually along with the ssl cert and everything works OK at this point.
- When the stack is updated, the alternate domain name and ssl cert previously set is removed from the cloudfront distribution. It did this when I changed the setting for HttpHeaders.
QQ, just to make sure, you don't actually use example.com right? There's special behavior for that domain name (it gets removed from the list of callbacks).
Just checking :)
Had another look to remind me how this works. The AlternateDomainNames parameter is not passed through to the CloudFront Distribution. It is only used when setting redirect URIs in the User Pool Client.
You need to add it yourself (manually) to the CloudFront distribution. Which also requires you to provide a TLS cert.
Unfortunately if you update the Auth@Edge deployment after that, then that CloudFront config may end being being reverted, as you noticed.
So currently, if you want to use an Alias for your CloudFront distribution, it is best to create the distribution yourself, as explained here.
I'll treat it as a feature request to make Alias work with the included CloudFront distribution. It would require this field to be passed through to the CloudFront Distribution, as well as require a pointer to the TLS cert to be passed via parameters. If you're interested, you could take on a PR for this?