aws-cloudfront: default origin request policy name should include region

[rclark]

Describe the bug

The CDK automatically appends the stack region to the name of a cache policy

aws-cdk/packages/aws-cdk-lib/aws-cloudfront/lib/cache-policy.ts

Line 148 in a81326e

const cachePolicyName = props.cachePolicyName ?? `${Names.uniqueId(this).slice(0, 110)}-${Stack.of(this).region}`;

But it does not add the region to the name of origin request policies.

aws-cdk/packages/aws-cdk-lib/aws-cloudfront/lib/origin-request-policy.ts

Line 97 in a81326e

const originRequestPolicyName = props.originRequestPolicyName ?? Names.uniqueId(this);

This means that an attempt to deploy the same CDK stack that includes an origin request policy into two regions can fail -- it will attempt to create a policy with the same name in both regions, which is not allowed.

Regression Issue

• Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

A behavior defined like this should be able to be deployed into more than one region in the same account without naming conflicts on either the cache policy or origin request policy.

        aws_cloudfront.BehaviorOptions(
            cache_policy=aws_cloudfront.CachePolicy(
                self,
                "cache-policy",
                ...
            ),
            origin_request_policy=aws_cloudfront.OriginRequestPolicy(
                self,
                "origin-request-policy",
                ...
            ),
            ...
    )

Current Behavior

I attempted such a deploy across 5 regions. The expectation being that the deploy in each region would set up a regional origin and a CloudFront distribution specifically for that regional origin. One of the deployments succeeded -- the first one that created the origin request policy. The other 4 failed because they tried to create one with the same name.

Reproduction Steps

see above

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.1010.0 (build 6b421db)

Framework Version

No response

Node.js Version

OS

Language

Python

Language Version

Python 3.12.0

Other information

No response

[rclark]

related: #13629

[pahud]

Hi @rclark,

Thanks for reporting this issue!

You've correctly identified an inconsistency in how default names are generated for CloudFront policies in the CDK. As you pointed out:

• The CachePolicy construct appends the stack's region to the generated name:
  CachePolicy Source
• The OriginRequestPolicy construct does not append the region:
  OriginRequestPolicy Source

This leads to the naming conflicts you experienced when deploying stacks with default-named OriginRequestPolicy resources across multiple regions.

The likely solution is to update the OriginRequestPolicy construct to include the region in its default name generation logic, making it consistent with CachePolicy and suitable for multi-region deployments out-of-the-box.

We encourage contributions! If you'd be interested in submitting a Pull Request to address this, the relevant file to modify would be packages/aws-cdk-lib/aws-cloudfront/lib/origin-request-policy.ts. Please let us know if you plan to work on this or have further questions.