将 S3 网站重定向与 CloudFront 集成时出现 terraform 错误

问题描述 投票:0回答:1

我正在使用

aws_s3_bucket_website_configuration

资源来配置 S3 网站重定向,当我在 

origin
资源的 
aws_cloudfront_distribution
块中引用该资源时,出现以下错误:

Error: creating CloudFront Distribution: operation error CloudFront: CreateDistributionWithTags, https response error StatusCode: 400, RequestID: 123456789, InvalidArgument: The parameter Origin DomainName does not refer to a valid S3 bucket.

完整代码如下:

resource "aws_s3_bucket" "cf_s3_bucket" {
  bucket = var.cf_s3_bucket
}

resource "aws_s3_bucket_website_configuration" "cf_s3_bucket" {
  bucket = aws_s3_bucket.cf_s3_bucket.id

 redirect_all_requests_to {
  host_name = var.s3_redirect_destination
  protocol = "https"
  }
}

resource "aws_cloudfront_origin_access_control" "cf_oac" {
  name                              = "travel"
  description                       = "travel policy"
  origin_access_control_origin_type = "s3"
  signing_behavior                  = "always"
  signing_protocol                  = "sigv4"
}

resource "aws_cloudfront_distribution" "s3_distribution" {
  comment = var.cf_dist_comment
  aliases = var.alt_domain_names

  default_cache_behavior {
    allowed_methods  = ["GET", "HEAD"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = local.s3_origin_id

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "redirect-to-https"
  }

  default_root_object = "index.html"
  enabled             = true
  http_version        = "http2"
  is_ipv6_enabled     = false

   origin {
    connection_attempts      = 3
    connection_timeout       = 10
    domain_name              = aws_s3_bucket_website_configuration.cf_s3_bucket.website_endpoint
    origin_access_control_id = aws_cloudfront_origin_access_control.cf_oac.id
    origin_id                = local.s3_origin_id
  }

  price_class = "PriceClass_100"

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  viewer_certificate {
    acm_certificate_arn = var.acm_cert_arn
    minimum_protocol_version = "TLSv1.2_2021"
    ssl_support_method = "sni-only"
  }
}

如果我改变

domain_name

domain_name=aws_s3_bucket.cf_s3_bucket.bucket_regional_domain_name

然后我就没有收到错误。但是,当我在 CloudFront 控制台中查看 Origin 时,我看到了这条消息

This S3 bucket has static web hosting enabled. If you plan to use this distribution as a website, we recommend using the S3 website endpoint rather than the bucket endpoint.

因此,我在 CloudFront 中的原始域值错误,导致浏览器中出现 

Access Denied
,我必须在 CloudFront 控制台中手动更改它才能使重定向正常工作。

我的问题是我可以使用

domain_name = aws_s3_bucket_website_configuration.cf_s3_bucket.website_endpoint

如果没有,我如何获得正确的值

domain_name

origin
区块中?

terraform amazon-cloudfront
1个回答
0
投票

是的,你可以而且应该。但你必须将其配置为 

custom_origin_config
并且它需要是 
http-only

  origin {
    domain_name = aws_s3_bucket_website_configuration.cf_s3_bucket.website_endpoint
    origin_id   = local.s3_origin_id
    custom_origin_config {
      http_port              = "80"
      https_port             = "443"
      origin_protocol_policy = "http-only"
      origin_ssl_protocols   = ["TLSv1.2"]
    }
  }
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.