Open sashee opened 2 years ago
Voting for Prioritization
Volunteering to Work on This Issue
Thanks dear i am finding the solution from last week, finally today you solve my problem
how can i make a public and private key for cloud front to restrict viewer policy
I just ran into this issue... somewhat. I have the configuration you give in your example. I'm greeted with this error upon terraform apply
:
Error: updating CloudFront Distribution (XXXXXXX): IllegalOriginAccessConfiguration: Illegal configuration: The origin type and OAC origin type differ.
I think this bug is fixed.
Error: updating CloudFront Distribution (XXXXXXXXXX): IllegalOriginAccessConfiguration: Illegal configuration: The origin type and OAC origin type differ. β status code: 400, request id: xxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx β β with aws_cloudfront_distribution.s3_distribution, β on cloudfront.tf line 9, in resource "aws_cloudfront_distribution" "s3_distribution": β 9: resource "aws_cloudfront_distribution" "s3_distribution"
Can someone please help for above error am getting while using custom_origin_config
You can't use custom_origin_config
with an S3 bucket with OAC. You need to use:
origin {
domain_name = aws_s3_bucket.main.bucket_domain_name
origin_id = aws_s3_bucket.main.id
origin_access_control_id = aws_cloudfront_origin_access_control.s3.id
}
See this for more info: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
After removing custom_origin_config block it's giving me below error :
Error: updating CloudFront Distribution (XXXXXXX): InvalidArgument: The parameter Origin DomainName does not refer to a valid S3 bucket.
β status code: 400, request id: xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
β
β with aws_cloudfront_distribution.s3_distribution,
β on cloudfront.tf line 9, in resource "aws_cloudfront_distribution" "s3_distribution":
β 9: resource "aws_cloudfront_distribution" "s3_distribution"
I want to set below origin block for my cloudfront distribution as I want to use website_endpoint as a domain name for cloudfront distribution.
origin {
domain_name = aws_s3_bucket_website_configuration.xxxxxx_xxxxx_bucket_website_configuration.website_endpoint
origin_access_control_id = aws_cloudfront_origin_access_control.xxxxx_xxxx_cloudfront_origin_access_control.id
origin_id = local.s3_origin_id
}
This thread is not the right place to debug this. Let's please keep the discussion on topic.
For your issue, see the link I gave you. You don't use the S3 website links in CloudFront when using OAC.
If S3 website link is not allowed in OAC then what needs to be done to use S3 website link in cloudfront distribution ?
π for anyone seeing this... here's an mvp cloudfront/s3 OAC working example π https://gist.github.com/chrispsheehan/ed9de23b4b36ca890082ae56e6ab7455
I found some conflation between the (legacy) OAI and (currently recommended) OAC approaches gave me errors
so there's no way to deploy an S3 static website behind Cloudfront with terraform?
Terraform Core Version
1.1.8
AWS Provider Version
4.31.0
Affected Resource(s)
Expected Behavior
When the
origin_access_control_origin_type
does not match the origin type, Terraform should report an error.Actual Behavior
terraform apply
saysStill creating...
but the Console shows no Distribution is being deployed.Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
Steps to Reproduce
terraform init
terraform apply
Debug Output
debug.log
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
No response