From de0eb47fb5b4f970f88d3a6823b822197ca94f5a Mon Sep 17 00:00:00 2001
From: Jimmy Gaussen <jimmy.gaussen@logicgram.fr>
Date: Tue, 29 Oct 2019 10:56:52 +0100
Subject: [PATCH] fix(cloudfront): revert certificate region verification
 (#4734)

---
 .../aws-cloudfront/lib/web_distribution.ts    |  6 ----
 .../aws-cloudfront/test/test.basic.ts         | 29 ++++++++++++-------
 2 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts b/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts
index 836ff3568636c..c8fe45efbb611 100644
--- a/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts
+++ b/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts
@@ -435,12 +435,6 @@ export class ViewerCertificate {
        aliases,
     } = options;
 
-    const certificateRegion = certificatemanager.getCertificateRegion(certificate);
-
-    if (certificateRegion && !cdk.Token.isUnresolved(certificateRegion) && certificateRegion !== 'us-east-1') {
-      throw new Error(`acmCertificate certficate must be in the us-east-1 region, got ${certificateRegion}`);
-    }
-
     return new ViewerCertificate({
       acmCertificateArn: certificate.certificateArn, sslSupportMethod, minimumProtocolVersion
     }, aliases);
diff --git a/packages/@aws-cdk/aws-cloudfront/test/test.basic.ts b/packages/@aws-cdk/aws-cloudfront/test/test.basic.ts
index d9bbd52a41857..107e954553213 100644
--- a/packages/@aws-cdk/aws-cloudfront/test/test.basic.ts
+++ b/packages/@aws-cdk/aws-cloudfront/test/test.basic.ts
@@ -715,7 +715,8 @@ export = {
 
         test.done();
       },
-      'throws if acmCertificate explicitly not in us-east-1'(test: Test) {
+      // FIXME https://github.com/aws/aws-cdk/issues/4724
+      'does not throw if acmCertificate explicitly not in us-east-1'(test: Test) {
         const stack = new cdk.Stack();
         const sourceBucket = new s3.Bucket(stack, 'Bucket');
 
@@ -723,15 +724,23 @@ export = {
           stack, 'cert', 'arn:aws:acm:eu-west-3:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d'
         );
 
-        test.throws(() => {
-          new CloudFrontWebDistribution(stack, 'AnAmazingWebsiteProbably', {
-            originConfigs: [{
-              s3OriginSource: { s3BucketSource: sourceBucket },
-              behaviors: [{ isDefaultBehavior: true }]
-            }],
-            viewerCertificate: ViewerCertificate.fromAcmCertificate(certificate),
-          });
-        }, /acmCertificate certficate must be in the us-east-1 region, got eu-west-3/);
+        new CloudFrontWebDistribution(stack, 'AnAmazingWebsiteProbably', {
+          originConfigs: [{
+            s3OriginSource: { s3BucketSource: sourceBucket },
+            behaviors: [{ isDefaultBehavior: true }]
+          }],
+          viewerCertificate: ViewerCertificate.fromAcmCertificate(certificate),
+        });
+
+        expect(stack).to(haveResourceLike('AWS::CloudFront::Distribution', {
+          "DistributionConfig": {
+            "Aliases": [],
+            "ViewerCertificate": {
+              "AcmCertificateArn": "arn:aws:acm:eu-west-3:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d",
+              "SslSupportMethod": "sni-only"
+            }
+          }
+        }));
 
         test.done();
       },