我正在使用
aws_s3_bucket_website_configuration
资源来配置 S3 网站重定向,当我在
origin
资源的 aws_cloudfront_distribution
块中引用该资源时,出现以下错误:
Error: creating CloudFront Distribution: operation error CloudFront: CreateDistributionWithTags, https response error StatusCode: 400, RequestID: 123456789, InvalidArgument: The parameter Origin DomainName does not refer to a valid S3 bucket.
完整代码如下:
resource "aws_s3_bucket" "cf_s3_bucket" {
bucket = var.cf_s3_bucket
}
resource "aws_s3_bucket_website_configuration" "cf_s3_bucket" {
bucket = aws_s3_bucket.cf_s3_bucket.id
redirect_all_requests_to {
host_name = var.s3_redirect_destination
protocol = "https"
}
}
resource "aws_cloudfront_origin_access_control" "cf_oac" {
name = "travel"
description = "travel policy"
origin_access_control_origin_type = "s3"
signing_behavior = "always"
signing_protocol = "sigv4"
}
resource "aws_cloudfront_distribution" "s3_distribution" {
comment = var.cf_dist_comment
aliases = var.alt_domain_names
default_cache_behavior {
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
target_origin_id = local.s3_origin_id
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
viewer_protocol_policy = "redirect-to-https"
}
default_root_object = "index.html"
enabled = true
http_version = "http2"
is_ipv6_enabled = false
origin {
connection_attempts = 3
connection_timeout = 10
domain_name = aws_s3_bucket_website_configuration.cf_s3_bucket.website_endpoint
origin_access_control_id = aws_cloudfront_origin_access_control.cf_oac.id
origin_id = local.s3_origin_id
}
price_class = "PriceClass_100"
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
acm_certificate_arn = var.acm_cert_arn
minimum_protocol_version = "TLSv1.2_2021"
ssl_support_method = "sni-only"
}
}
如果我改变
domain_name
到
domain_name=aws_s3_bucket.cf_s3_bucket.bucket_regional_domain_name
然后我就没有收到错误。但是,当我在 CloudFront 控制台中查看 Origin 时,我看到了这条消息
This S3 bucket has static web hosting enabled. If you plan to use this distribution as a website, we recommend using the S3 website endpoint rather than the bucket endpoint.
因此,我在 CloudFront 中的原始域值错误,导致浏览器中出现
Access Denied
,我必须在 CloudFront 控制台中手动更改它才能使重定向正常工作。
我的问题是我可以使用
domain_name = aws_s3_bucket_website_configuration.cf_s3_bucket.website_endpoint
如果没有,我如何获得正确的值
domain_name
在
origin
区块中?
是的,你可以而且应该。但你必须将其配置为
custom_origin_config
并且它需要是 http-only
。
origin {
domain_name = aws_s3_bucket_website_configuration.cf_s3_bucket.website_endpoint
origin_id = local.s3_origin_id
custom_origin_config {
http_port = "80"
https_port = "443"
origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1.2"]
}
}