Bug with aws_cloudfront_distribution

[gsaslis]

Hi there,

Opening this cause terraform itself told me to.
(see, humans are already following machine instructions... )

Terraform Version

Terraform Version: 0.7.13

Affected Resource(s)

Please list the resources as a list, for example:

• aws_cloudfront_distribution

Debug Output

https://gist.github.com/gsaslis/dbf4a5f908eaf312bf041d85731e7974

[gsaslis]

tried downgrading to 0.7.5, error still persists

[james-gonzalez]

Probably a good idea to include your config/code as well ;)

[gsaslis]

resource "aws_cloudfront_origin_access_identity" "image_origin_access_identity" {
  comment = "An origin access identity that allows the created cloudfront distribution access to the S3 bucket"
}

data "aws_iam_policy_document" "image_policy" {
  statement {
    principals = {
      type = "AWS",
      identifiers = ["${aws_cloudfront_origin_access_identity.image_origin_access_identity.iam_arn}"]
    },
    actions = [
      "s3:GetObject",
    ]
    resources = [
      "arn:aws:s3:::${aws_s3_bucket.image.bucket}/*"
    ]
  }
}
resource "aws_s3_bucket" "image" {
  bucket = "${var.bucket_prefix}-image-${var.environment}"
  acl = "private"

  cors_rule {
    allowed_headers = ["Authorization"]
    allowed_methods = ["GET"]
    allowed_origins = ["*"]
    expose_headers = ["ETag"]
    max_age_seconds = 3000
  }

  versioning {
    enabled = false
  }

  tags {
    Name = "${var.bucket_prefix}-image-${var.environment}"
    Environment = "${var.environment}"
  }
}


resource "aws_s3_bucket_policy" "image_bucket_policy" {
  bucket = "${aws_s3_bucket.image.bucket}"
  policy = "${data.aws_iam_policy_document.image_policy.json}"
}


resource "aws_cloudfront_distribution" "s3_distribution" {
  origin {
    domain_name = "${var.environment}-xxxxxxxx.s3.amazonaws.com"
    origin_id   = "S3-${var.environment}-xxxxxxxx"

    s3_origin_config {
      origin_access_identity = "${aws_cloudfront_origin_access_identity.image_origin_access_identity.cloudfront_access_identity_path}"
    }
  }

  enabled             = true
  comment             = "The cloudfront distribution for S3 images in ${var.environment} env"
//  default_root_object = "index.html"

/*
  logging_config {
    include_cookies = false
    bucket          = "mylogs.s3.amazonaws.com"
    prefix          = "myprefix"
  }
*/

  aliases = [ "cdn-${var.environment}." ]

  default_cache_behavior {
    allowed_methods  = ["GET", "HEAD"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "S3-${var.environment}-xxxxxxxx"

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "allow-all"
    min_ttl                = 3600
    default_ttl            = 3600
    max_ttl                = 86400
  }

  price_class = "PriceClass_100"

  restrictions {
    geo_restriction {
      restriction_type = "none"
      locations        = []
    }
  }

  tags {
    Environment = "${var.environment}"
  }

  viewer_certificate {
    acm_certificate_arn = "${var.ssl_certificate_arn_sub_account}"
    ssl_support_method = "sni-only"
  }
}

[gsaslis]

fwiw - a temporary workaround is to run terraform apply once more (after this bug shows).

I was able to get the cloudfront_distribution going with this

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.