s3.Bucket.fromBucketArn does not set the right region for bucketRegionalDomainName

Hi @thibaut-singlefile

Thanks for identifying and reporting this! Looks like we are using the deployment region as the bucket region.

Until we release a fix, I can offer the following workaround:

const sourceBucket = s3.Bucket.fromBucketAttributes(this, 'Bucket', {
  bucketArn: "arn:aws:s3:::test",
  bucketRegionalDomainName: `test.s3.us-west-2.${Stack.of(this).urlSuffix}`
});

This basically sets the bucketRegionalDomainName property to the expected value, it is what eventually used as the origin domain name for the distribution.

@mathieujonson - This is general behavior for imported resources; we don’t alter them, both because it’s non-trivial to do so (e.g., requiring custom resources) and because the “right” thing to do is sometimes undefined. For example here, whether we should create a bucket policy for the imported bucket depends on if the imported bucket already has a policy or not; with an imported bucket, we simply don’t know. See https://github.com/aws/aws-cdk/issues/9811#issuecomment-676130240 for a more detailed rationale. Effectively, you can create the OAI in the other stack where your bucket is created, not create/use an OAI if your permissions model doesn’t need it, or create a custom resource to set the correct policy.

Regarding this issue in general, I believe #9936 closes it. Once released, you will be able to set the region on the bucket and have it automatically set the bucketRegionalDomainName:

const sourceBucket = s3.Bucket.fromBucketAttributes(this, 'Bucket', {
  bucketArn: "arn:aws:s3:::test",
  region: 'us-west-2', // New functionality from #9936
  // The below will now be automatically set
  // bucketRegionalDomainName: `test.s3.us-west-2.${Stack.of(this).urlSuffix}`
});