CloudFront 403 error

[felipecruz91]

Hey @phillhocking, first of all, thank you for such a great repo.

I'm learning about how to create a CDN with CloudFront for my own Ghost site with Terraform, so I was looking into how you made it work. There's a variable named cloudfront_glue which I am not sure what value it should take.

So far I am facing the following error when hitting my site:

403 ERROR

The request could not be satisfied.

Bad request. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.

If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.

[phillhocking]

Oh hi there @felipecruz91 thanks for opening an issue on my project!

Because Lightsail is such a new AWS service offering, you can only instantiate DNS entry values on resources in the us-east-1 region. Because I use us-west-2 for all of my AWS deployments, I had to do something that is kind of hacky and certainly isn't a best practice as a workaround.

https://lightsail.aws.amazon.com/ls/docs/en_us/articles/lightsail-how-to-create-dns-entry

The cloudfront_glue record is an A record hosted in DNS outside of AWS/Route 53 because they require an 'externally hosted zone' as a 'custom origin' for a Cloudfront distribution.

The way I accomplished this was by creating an A record in Google Domains that matched the IP address of the Lightsail instance instantiated by Terraform.

I know this kind of creates a 'chicken and egg' scenario which is unfortunate... I am hoping that they allow Lightsail instances to have DNS attributes in all regions soon!

Let me know if you need any further help or if you want me to set up a call to help you through it, and let me know when you are successfully up and running so I can close the issue. Thanks!