cloudcomponents/cdk-constructs

StaticSiteAuthorization cannot exist in multiple stacks within same aws account

crawfobw opened this issue · 2 comments

crawfobw commented

I have a situation where I'd like to have multiple stacks in the same account & region so multiple developers can have their own independent stack, however StaticSiteAuthorization appears to create a resource that does not generate a different id based on the id of the StaticSiteAuthorization which causes ownership conflicts.

Error:

File "/home/.venv/lib/python3.8/site-packages/jsii/_runtime.py", line 83, in __call__
    inst = super().__call__(*args, **kwargs)
  File "/home/static_website/authenticated_site_stack.py", line 26, in __init__
    authorization = StaticSiteAuthorization(
  File "/home/.venv/lib/python3.8/site-packages/jsii/_runtime.py", line 83, in __call__
    inst = super().__call__(*args, **kwargs)
  File "/home/.venv/lib/python3.8/site-packages/cloudcomponents/cdk_cloudfront_authorization/__init__.py", line 2290, in __init__
    jsii.create(StaticSiteAuthorization, self, [scope, id, props])
  File "/home/.venv/lib/python3.8/site-packages/jsii/_kernel/__init__.py", line 275, in create
    response = self.provider.create(
  File "/home/.venv/lib/python3.8/site-packages/jsii/_kernel/providers/process.py", line 344, in create
    return self._process.send(request, CreateResponse)
  File "/home/.venv/lib/python3.8/site-packages/jsii/_kernel/providers/process.py", line 326, in send
    raise JSIIError(resp.error) from JavaScriptError(resp.stack)
jsii.errors.JSIIError: There is already a Construct with name 'EdgeRole' in Stack [lambda-at-edge-support-stack]

Declaration of StaticSiteAuthorization where suffix and app_domain vary by stack

StaticSiteAuthorization(
            self,
            id="{}-static-auth".format(suffix),
            user_pool=user_pool,
            identity_providers=identity_providers,
            oauth_scopes=[aws_cognito.OAuthScope.EMAIL,
                          aws_cognito.OAuthScope.PROFILE,
                          aws_cognito.OAuthScope.OPENID],
            sign_out_url="https://{}/logout".format(app_domain),
        )
hupe1980 commented

@crawfobw I suspect it has something to do with the cdk-lambda-at-edge-pattern construct. A stack for the EdgeLambdas is created there in the background. How is your app structured exactly?

app:

  • stack1 - staticsite1
  • stack2 - staticsite2
  • ...
crawfobw commented

We have one static site stack for each team member within the app