CloudFront: OriginGroup does not contain fields for OriginGroupId and SelectionCriteria

[emre-gon]

Describe the feature

When creating an Origin group for a CloudFront Distribution, users should provide an Id (Name) and a selection criteria. Attached screenshot from Console.

Currently OriginGroup construct does not contain a fields for it:
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront_origins.OriginGroup.html

Could you please update the constructs?

Use Case

These fields are part of OriginGroup Configuration

Proposed Solution

No response

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.162.1

Environment details (OS name and version, etc.)

Linux

[ashishdhingra]

Per AWS::CloudFront::Distribution OriginGroup, it supports the following properties:

• FailoverCriteria
• Id
• Members

Per AWS::CloudFront::Distribution OriginGroupMembers, the minimum and maximum number of items is 2. Hence, CDK's OriginGroup conforms to this requirement by exposing high level abstraction to define primaryOrigin and fallbackOrigin.

While Id for the OriginGroup is generated automatically by CDK (refer addOrigin(), which is invoked while creating Distribution), the SelectionCriteria is not yet supported in CloudFormation (refer specification, search for AWS::CloudFront::Distribution.OriginGroup and aws-cloudfront-distribution.json).

[emre-gon]

This indirectly causes another issue.

If I add two behaviours, one with a single origin and another one with an origin group that has the same primary origin, CDK raises error. Check below code:

export class MyStack extends Stack {

  constructor(scope: App, id: string, props: MyStackProps) {
    super(scope, id, {
      env: props.env,
      stackName: props.stackName,
    });

  this.createOrigins();
  this.createOriginGroups();

   const distribution = new Distribution(this, 'Distribution', {
      priceClass: PriceClass.PRICE_CLASS_ALL,
      enabled: true,
      defaultBehavior: {
        origin: this.originGroupS3ToHttpBin,
        cachePolicy: CachePolicy.CACHING_DISABLED,
      },
      additionalBehaviors: {
        '/s3Origin': {
          origin: this.s3Origin,
          allowedMethods: AllowedMethods.ALLOW_ALL,
          cachePolicy: CachePolicy.CACHING_DISABLED,
        },
      },
    });
  }

  createOrigins() {
    this.oac = new CfnOriginAccessControl(this, 'OAC', {
      originAccessControlConfig: {
        name: 'MYOAC',
        originAccessControlOriginType: 's3',
        signingBehavior: 'always',
        signingProtocol: 'sigv4',
      },
    });

    this.originBucket = new Bucket(this, 'my-origin-bucket', {
      bucketName: 'my-origin-bucket',
      removalPolicy: RemovalPolicy.DESTROY,
      autoDeleteObjects: true,
      blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
    });

    this.s3Origin = S3BucketOrigin.withOriginAccessControl(this.originBucket, {
      originId: 's3Origin',
      originAccessControlId: this.oac.ref,
    });

    this.httpBinOrigin = new HttpOrigin('httpbin.org', {
      originId: 'httpBinOrigin',
      protocolPolicy: OriginProtocolPolicy.HTTPS_ONLY,
      connectionAttempts: 3,
      connectionTimeout: Duration.seconds(10),
      keepaliveTimeout: Duration.seconds(5),
    });
  }

  createOriginGroups() {
    this.originGroupS3ToHttpBin = new OriginGroup({
      primaryOrigin: this.s3Origin,
      fallbackOrigin: this.httpBinOrigin,
      fallbackStatusCodes: [403, 404, 500, 502],
    });
  }

Above code raises the error: Origin with id s3Origin already exists. OriginIds must be unique within a distribution

This shouldn't have been the case. The origin group Id was supposed to be uniquely auto-generated in its current state. And of course, ideally we should be able to define custom names to the origin groups.