fix(cloudfront): revert certificate region verification (aws#4734)

parroty · Oct 29, 2019 · de0eb47 · de0eb47
1 parent ea4a8aa
commit de0eb47
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 16 deletions.
diff --git a/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts b/packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts
@@ -435,12 +435,6 @@ export class ViewerCertificate {
        aliases,
     } = options;
 
-    const certificateRegion = certificatemanager.getCertificateRegion(certificate);
-
-    if (certificateRegion && !cdk.Token.isUnresolved(certificateRegion) && certificateRegion !== 'us-east-1') {
-      throw new Error(`acmCertificate certficate must be in the us-east-1 region, got ${certificateRegion}`);
-    }
-
     return new ViewerCertificate({
       acmCertificateArn: certificate.certificateArn, sslSupportMethod, minimumProtocolVersion
     }, aliases);

diff --git a/packages/@aws-cdk/aws-cloudfront/test/test.basic.ts b/packages/@aws-cdk/aws-cloudfront/test/test.basic.ts
@@ -715,23 +715,32 @@ export = {
 
         test.done();
       },
-      'throws if acmCertificate explicitly not in us-east-1'(test: Test) {
+      // FIXME https://github.com/aws/aws-cdk/issues/4724
+      'does not throw if acmCertificate explicitly not in us-east-1'(test: Test) {
         const stack = new cdk.Stack();
         const sourceBucket = new s3.Bucket(stack, 'Bucket');
 
         const certificate = certificatemanager.Certificate.fromCertificateArn(
           stack, 'cert', 'arn:aws:acm:eu-west-3:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d'
         );
 
-        test.throws(() => {
-          new CloudFrontWebDistribution(stack, 'AnAmazingWebsiteProbably', {
-            originConfigs: [{
-              s3OriginSource: { s3BucketSource: sourceBucket },
-              behaviors: [{ isDefaultBehavior: true }]
-            }],
-            viewerCertificate: ViewerCertificate.fromAcmCertificate(certificate),
-          });
-        }, /acmCertificate certficate must be in the us-east-1 region, got eu-west-3/);
+        new CloudFrontWebDistribution(stack, 'AnAmazingWebsiteProbably', {
+          originConfigs: [{
+            s3OriginSource: { s3BucketSource: sourceBucket },
+            behaviors: [{ isDefaultBehavior: true }]
+          }],
+          viewerCertificate: ViewerCertificate.fromAcmCertificate(certificate),
+        });
+
+        expect(stack).to(haveResourceLike('AWS::CloudFront::Distribution', {
+          "DistributionConfig": {
+            "Aliases": [],
+            "ViewerCertificate": {
+              "AcmCertificateArn": "arn:aws:acm:eu-west-3:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d",
+              "SslSupportMethod": "sni-only"
+            }
+          }
+        }));
 
         test.done();
       },