Cloudfront distribution ID not known when creating secret

[jvarghese01]

One of the initials steps is to create a secret with a placeholder value. However, the secret name is:
"cloudfront/DISTRIBUTION_ID"
with DISTRIBUTION_ID to be substituted with the actual cloudfront distribution ID
doc: https://github.com/aws-samples/lambdaedge-openidconnect-samples/blob/master/docs/baseconfiguration.md

Previously the secret name was to be placed in a sm-key.txt file. Looks like this has changed and the secret is simply
"cloudfront/DISTRIBUTION_ID"

The code has been updated to look for this value. https://github.com/aws-samples/lambdaedge-openidconnect-samples/blob/master/src/js/auth.js#L241

However, the distribution_ID is not know when the secret is created. And, the secret ARN must be provided to deploy the stack (circular dependency).

Am I missing something?

[Gribbs]

I'm using CDK and creating the secret and distribution in the same stack, so you can do something like this:

 this.websiteCFDistribution = new cloudfront.Distribution(
      this,
      "WebsiteCFDistribution",
      {
        defaultBehavior: {
          origin: new s3Origins.S3Origin(websiteBucket),
          viewerProtocolPolicy:
            cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
          cachePolicy: cloudfront.CachePolicy.CACHING_DISABLED,
          allowedMethods: cloudfront.AllowedMethods.ALLOW_GET_HEAD_OPTIONS,
          edgeLambdas: [
            {
              functionVersion: this.authFunction.currentVersion,
              eventType: cloudfront.LambdaEdgeEventType.VIEWER_REQUEST,
            },
          ],
        },
        certificate: props.certificate,
        defaultRootObject: "index.html",
        domainNames: [domains.webDomain, domains.wwwDomain],
      },
    );

    this.oidcSecret = new secretsmanager.Secret(this, "OidcSecret", {
      secretName: `cloudfront/${this.websiteCFDistribution.distributionId}`,
      secretStringValue: cdk.SecretValue.unsafePlainText(
        JSON.stringify({ config: "placeholder" }),
      ),
      description:
        "A secret containing the OIDC configuration. Please see https://github.com/aws-samples/lambdaedge-openidconnect-samples/blob/master/docs/baseconfiguration.md for further details",
    });

[janklan]

Am I missing something?

No. This sample is broken in multiple spots and is not deployable as-is.