我正在应对众所周知的 Cloud Resume Challenge,并且现在已经使用 Terraform 自动化了我的许多 AWS 设置,但我陷入了 CloudFront 分发设置的 OAC 部分,并且没有找到太多在线/文档。这是我当前的 Terraform 脚本:
locals {
s3_origin_id = aws_s3_bucket.gjd_crc_prod_bucket.bucket_regional_domain_name
}
resource "aws_cloudfront_origin_access_control" "crc_cf_oac" {
name = local.s3_origin_id
origin_access_control_origin_type = "s3"
signing_behavior = "always"
signing_protocol = "sigv4"
}
resource "aws_cloudfront_distribution" "crc_prod_cfdist" {
origin {
s3_origin_config {
origin_access_identity = aws_cloudfront_origin_access_control.crc_cf_oac.id
}
domain_name = local.s3_origin_id
origin_id = local.s3_origin_id
}
enabled = true
is_ipv6_enabled = true
default_root_object = "index.html"
default_cache_behavior {
cache_policy_id = "658327ea-f89d-4fab-a63d-7e88639e58f6"
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
target_origin_id = local.s3_origin_id
viewer_protocol_policy = "https-only"
compress = true
}
viewer_certificate {
cloudfront_default_certificate = true
}
restrictions {
geo_restriction {
restriction_type = "none"
locations = []
}
}
}
我通过 Terraform 申请时遇到的错误:
aws_cloudfront_distribution.crc_prod_cfdist: Modifying... [id=E2F87SH1SP8PTO]
╷
│ Error: updating CloudFront Distribution (E2F87SH1SP8PTO): InvalidOriginAccessIdentity: The specified origin access identity does not exist or is not valid.
│ status code: 400, request id: 927f5e89-4ee0-4fa0-99c6-776547f41e03
│
│ with aws_cloudfront_distribution.crc_prod_cfdist,
│ on cloudfront.tf line 12, in resource "aws_cloudfront_distribution" "crc_prod_cfdist":
│ 12: resource "aws_cloudfront_distribution" "crc_prod_cfdist" {
│
╵
我能找到的所有文档(其实不多)是 OAC 应该像建立 OAC 资源一样简单,然后在发行版中引用所述资源的 ID,但它的表现就像它不存在/不存在一样尚未创建。
有什么想法吗?我讨厌不得不求助于遗留/已弃用的选项。
您应该使用
aws_cloudfront_origin_access_controlaws_cloudfront_origin_access_identity