cloudfront: Maximum number of allowlisted headers in Cache Policy is incorrectly set to 10 #13903
Comments
encron
added
bug
github-actions
bot
added
the
@aws-cdk/aws-cloudfront
njlynch
added
effort/small
|
Thanks for the report; when the validation was created, we missed the fact it was a soft (increasable) limit. We unfortunately can't dynamically validate the limit client-side based on each account's limits, but we can remove the validation entirely and leave it to CloudFormation to enforce. |
|
Tagging @robertd as an FYI. |
|
Hey @njlynch, thanks for the fast follow-up! I figured verifying the account's limits itself might not be possible but just removing the validation in cdk itself is totally fine for me 👍 If anyone else is running into this, I downgraded our library to v1.92.0 to circumvent the validation. |
…10 (#13907) Validation was added in #13410 to enforce a limit of the number of headers allowed in the allow list for a Origin Request Policy; that limit is a soft limit and should not be hard-enforced in code. Relates to #13903 This commit partially reverts changes introduced in 42f3740. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…10 (aws#13907) Validation was added in aws#13410 to enforce a limit of the number of headers allowed in the allow list for a Origin Request Policy; that limit is a soft limit and should not be hard-enforced in code. Relates to aws#13903 This commit partially reverts changes introduced in 42f3740. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Validation was added in #13425 to enforce a limit of the number of headers allowed in the allow list for a Cache Policy; that limit is a soft limit and should not be hard-enforced in code. fixes #13903 This reverts commit e08213f. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
…10 (aws#13907) Validation was added in aws#13410 to enforce a limit of the number of headers allowed in the allow list for a Origin Request Policy; that limit is a soft limit and should not be hard-enforced in code. Relates to aws#13903 This commit partially reverts changes introduced in 42f3740. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…3904) Validation was added in aws#13425 to enforce a limit of the number of headers allowed in the allow list for a Cache Policy; that limit is a soft limit and should not be hard-enforced in code. fixes aws#13903 This reverts commit e08213f. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
After upgrading our CDK CLI version and library for cloudfront we ran into the following error:
This seems to be enforced via https://github.com/aws/aws-cdk/blob/master/packages/@aws-cdk/aws-cloudfront/lib/cache-policy.ts#L234.
The maximum amount of 10 headers is in fact a soft limit that can be increased through AWS support (which we did) and should therefore not be treated as a hard limit here. See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html#limits-policies.
It seems this
ifcheck is not in place for cookies or querystrings though, so there are no issues there.Reproduction Steps
Create a cache policy with more than 10 whitelisted headers in the
headerBehavior.What did you expect to happen?
The cache policy's creation/update should be based on the account's proper quotas instead of failing on the hardcoded check within the cdk lib. F.e. if the account had its quota increased to 20, it should only fail if there are >20 headers in the
allowList.What actually happened?
The
cdk difffails withError: Maximum allowed headers in Cache Policy is 10; got 11.Environment
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: