[GENERAL GUIDANCE] Setting up cloudfront gives 404 via terraform

[KostLinux]

Description

Setting up cloudfront via terraform makes the domain to response 404. But when i'm using the origin url directly, it gives me static files. The terraform itself doesn't fail.

resource "aws_cloudfront_distribution" "app_runner" {
    provider = aws.cloudfront
    aliases = [
        "${var.app_sub_domain}.${data.aws_route53_zone.zone.name}"
    ]
    web_acl_id = aws_wafv2_web_acl.cloudfront.arn
    comment = "CloudFront for App Runner"
    enabled = true
    is_ipv6_enabled = true
    price_class = "PriceClass_100"
    retain_on_delete = false
    wait_for_deployment = false
    http_version = "http2"

    origin {
        domain_name = replace(module.example_app_runner.service_url, "https://", "")
        origin_id = "app_runner"
        custom_origin_config {
            http_port = 80
            https_port = 443
            origin_protocol_policy = "match-viewer"
            origin_ssl_protocols = [
                "TLSv1",
                "TLSv1.1",
                "TLSv1.2"
            ]
        }
    }

    default_cache_behavior {
        cache_policy_id = aws_cloudfront_cache_policy.example.id
        origin_request_policy_id = aws_cloudfront_origin_request_policy.app_runner.id
        response_headers_policy_id = aws_cloudfront_response_headers_policy.app_runner.id
        target_origin_id = "app_runner"
        viewer_protocol_policy = "allow-all"

        allowed_methods = ["HEAD", "DELETE", "POST", "GET", "OPTIONS", "PUT", "PATCH"]
        cached_methods = ["GET", "HEAD"]
        compress = true
    }

    restrictions {
        geo_restriction {
            restriction_type = "none"
        }
    }

    viewer_certificate {
        acm_certificate_arn = module.acm_cloudfront.acm_certificate_arn
        ssl_support_method = "sni-only"
        minimum_protocol_version = "TLSv1"
    }

    logging_config {
      bucket = "cloudfront-${var.domain_name}.s3.amazonaws.com"
      prefix = "cf-logs"
      include_cookies = false
    }
}

resource "aws_cloudfront_cache_policy" "example" {
  name        = "CloudfrontCachePolicy"
  comment     = "Cloudfront Cache Policy for App Runner"
  default_ttl = 50
  max_ttl     = 100

  parameters_in_cache_key_and_forwarded_to_origin {
    headers_config {
      header_behavior = "none"
    }

    cookies_config {
      cookie_behavior = "all"
    }

    query_strings_config {
      query_string_behavior = "all"
    }
  }
}

resource "aws_cloudfront_origin_request_policy" "app_runner" {
  name    = "CloudfrontOriginRequestPolicy"
  comment = "Cloudfront Origin Request Policy"
  cookies_config {
    cookie_behavior = "all"
  }
  headers_config {
    header_behavior = "allViewer"
  }
  query_strings_config {
    query_string_behavior = "all"
  }
}

resource "aws_cloudfront_response_headers_policy" "app_runner" {
    name    = "app_runner_response_header_policy"
    comment = "Response header policy for App Runner"

    cors_config {
      origin_override = false
      access_control_allow_credentials = false
      access_control_allow_headers {
        items = ["*"]
      }
      access_control_allow_methods {
        items = ["GET", "HEAD", "OPTIONS", "PUT", "PATCH", "POST", "DELETE"]
      }
      access_control_allow_origins {
        items = ["*"]
      }
      access_control_expose_headers {
        items = ["ETag"]
      }
    }

    custom_headers_config {
        items {
            header = "Authorization"
            override = false
            value = "none"
        }

        items {
            header = "Custom-Session-Hash"
            override = false
            value = "none"
        }

        items {
            header = "X-Amzn-Trace-Id"
            override = false
            value = "none"
        }

        items {
            header = "Content-Type"
            override = false
            value = "none"
        }

        items {
            header = "Cache-Control"
            override = false
            value = "none"
        }
    }
}

References

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @KostLinux 👋 Thank you for taking the time to raise this! We use Issues in this repository to track feature enhancements and bugs in the AWS Provider. To maintain that, we ask that broader questions are raised using one of the Community Resources, such as the AWS Provider forum. With that in mind, I'm going to close this issue.

[github-actions[bot]]

[!WARNING] This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.