feat(cloudfront): fix validation logic and test

aws · Nov 22, 2024 · 8458596 · 8458596
1 parent 11e77c4
commit 8458596
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/packages/aws-cdk-lib/aws-cloudfront/lib/distribution.ts b/packages/aws-cdk-lib/aws-cloudfront/lib/distribution.ts
@@ -606,16 +606,19 @@ export class Distribution extends Resource implements IDistribution {
   /**
    * Attach WAF WebACL to this CloudFront distribution
    *
-   * WebACL must be in us-east-1 region
+   * WebACL must be in the us-east-1 region.
+   *
    * @param webAclId The WAF WebACL to associate with this distribution
    */
   public attachWebAclId(webAclId: string) {
     if (this.webAclId) {
       throw new Error('A WebACL has already been attached to this distribution');
     }
-    const arnParts = Stack.of(this).splitArn(webAclId, ArnFormat.SLASH_RESOURCE_NAME);
-    if (!Token.isUnresolved(arnParts.region) && arnParts.region !== 'us-east-1') {
-      throw new Error(`WebACL for CloudFront distributions must be created in the us-east-1 region; received ${arnParts.region}`);
+    if (webAclId.startsWith('arn:')) {
+      const arnParts = Stack.of(this).splitArn(webAclId, ArnFormat.SLASH_RESOURCE_NAME);
+      if (!Token.isUnresolved(arnParts.region) && arnParts.region !== 'us-east-1') {
+        throw new Error(`WebACL for CloudFront distributions must be created in the us-east-1 region; received ${arnParts.region}`);
+      }
     }
     this.webAclId = webAclId;
   }

diff --git a/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts b/packages/aws-cdk-lib/aws-cloudfront/test/distribution.test.ts
@@ -1343,11 +1343,11 @@ describe('attachWebAclId', () => {
       defaultBehavior: { origin },
     });
 
-    distribution.attachWebAclId('arn:aws:wafv2:us-east-1:123456789012:global/web-acl/MyWebAcl/473e64fd-f30b-4765-81a0-62ad96dd167a');
+    distribution.attachWebAclId('473e64fd-f30b-4765-81a0-62ad96dd167a');
 
     Template.fromStack(stack).hasResourceProperties('AWS::CloudFront::Distribution', {
       DistributionConfig: {
-        WebACLId: 'arn:aws:wafv2:us-east-1:123456789012:global/web-acl/MyWebAcl/473e64fd-f30b-4765-81a0-62ad96dd167a',
+        WebACLId: '473e64fd-f30b-4765-81a0-62ad96dd167a',
       },
     });
   });
@@ -1357,11 +1357,11 @@ describe('attachWebAclId', () => {
 
     const distribution = new Distribution(stack, 'MyDist', {
       defaultBehavior: { origin },
-      webAclId: 'arn:aws:wafv2:us-east-1:123456789012:global/web-acl/MyWebAcl/473e64fd-f30b-4765-81a0-62ad96dd167a',
+      webAclId: '473e64fd-f30b-4765-81a0-62ad96dd167a',
     });
 
     expect(() => {
-      distribution.attachWebAclId('arn:aws:wafv2:us-east-1:123456789012:global/web-acl/MyWebAcl/473e64fd-f30b-4765-81a0-62ad96dd167b');
+      distribution.attachWebAclId('473e64fd-f30b-4765-81a0-62ad96dd167b');
     }).toThrow(/A WebACL has already been attached to this distribution/);
   });