主页 / coding / 问题 / 79010185
Accepted
Brian G
Asked: 2024-09-22 02:02:03 +0800 CST

将 S3 网站重定向与 CloudFront 集成时出现 terraform 错误

  • 772

我正在使用

aws_s3_bucket_website_configuration

资源来配置 S3 网站重定向,当我在origin资源块中引用该资源时aws_cloudfront_distribution,出现以下错误:

Error: creating CloudFront Distribution: operation error CloudFront: CreateDistributionWithTags, https response error StatusCode: 400, RequestID: 123456789, InvalidArgument: The parameter Origin DomainName does not refer to a valid S3 bucket.

完整代码如下:

resource "aws_s3_bucket" "cf_s3_bucket" {
  bucket = var.cf_s3_bucket
}

resource "aws_s3_bucket_website_configuration" "cf_s3_bucket" {
  bucket = aws_s3_bucket.cf_s3_bucket.id

 redirect_all_requests_to {
  host_name = var.s3_redirect_destination
  protocol = "https"
  }
}

resource "aws_cloudfront_origin_access_control" "cf_oac" {
  name                              = "travel"
  description                       = "travel policy"
  origin_access_control_origin_type = "s3"
  signing_behavior                  = "always"
  signing_protocol                  = "sigv4"
}

resource "aws_cloudfront_distribution" "s3_distribution" {
  comment = var.cf_dist_comment
  aliases = var.alt_domain_names

  default_cache_behavior {
    allowed_methods  = ["GET", "HEAD"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = local.s3_origin_id

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "redirect-to-https"
  }

  default_root_object = "index.html"
  enabled             = true
  http_version        = "http2"
  is_ipv6_enabled     = false

   origin {
    connection_attempts      = 3
    connection_timeout       = 10
    domain_name              = aws_s3_bucket_website_configuration.cf_s3_bucket.website_endpoint
    origin_access_control_id = aws_cloudfront_origin_access_control.cf_oac.id
    origin_id                = local.s3_origin_id
  }

  price_class = "PriceClass_100"

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  viewer_certificate {
    acm_certificate_arn = var.acm_cert_arn
    minimum_protocol_version = "TLSv1.2_2021"
    ssl_support_method = "sni-only"
  }
}

如果我改变

domain_name

domain_name=aws_s3_bucket.cf_s3_bucket.bucket_regional_domain_name

那么我就不会收到错误。但是,当我在 CloudFront 控制台中查看 Origin 时,我看到了此消息

This S3 bucket has static web hosting enabled. If you plan to use this distribution as a website, we recommend using the S3 website endpoint rather than the bucket endpoint.

因此,我在 CloudFront 中输入了错误的 Origin 域值,导致Access Denied我的浏览器出现问题,我必须在 CloudFront 控制台中手动更改它才能使重定向正常工作。

我的问题是,我可以使用

domain_name = aws_s3_bucket_website_configuration.cf_s3_bucket.website_endpoint

如果不是,我如何获得正确的值

domain_name

在街区里origin

1 个回答

  1. Best Answer

    是的,你可以并且应该这样做。但你必须用 来配置它,custom_origin_config并且它必须是http-only

      origin {
    domain_name = aws_s3_bucket_website_configuration.cf_s3_bucket.website_endpoint
    origin_id   = local.s3_origin_id
    custom_origin_config {
      http_port              = "80"
      https_port             = "443"
      origin_protocol_policy = "http-only"
      origin_ssl_protocols   = ["TLSv1.2"]
    }
  }
    • 1

相关问题