Terraform-provider-aws: Feature Request: Cloudfront Origin Failover
Community Note
- Please vote on this issue by adding a ๐ reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Cloudfront now allows origin groups to manage failover if one origin is unavailable. The group contains origin IDs and status codes under which to fail over.
This feature will be very useful for increasing availability of static sites hosted on S3 + Cloudfront without needing lambda@edge hacks.
New or Affected Resource(s)
- aws_cloudfront_distribution
Potential Terraform Configuration
resource "aws_cloudfront_distribution" "s3_distribution" {
origin_group {
origin_id = "groupS3"
failover_criteria {
status_codes = [403, 404, 500, 502, 503, 504]
}
members {
# see note below
ordered_origin_group_member {
origin_id = "primaryS3"
}
ordered_origin_group_member {
origin_id = "failoverS3"
}
}
}
origin {
domain_name = "${aws_s3_bucket.primary.bucket_domain_name}"
origin_id = "primaryS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
origin {
domain_name = "${aws_s3_bucket.failover.bucket_domain_name}"
origin_id = "failoverS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
default_cache_behavior {
target_origin_id = "groupS3"
}
}
It would probably align more to the Cloudfront API data types to do ordered_origin_group_member blocks inside the members block. The XML API uses a list of exactly two items that appear to respect the item order for priority. Aliasing them to primary_origin_id and failover_origin_id would be more friendly, but might require a breaking change later if the allowed number changed.
References
danieladams456
All 7 comments
I'm interested in this functionality as well.
Looks like the DistributionConfig of the AWS GO SDK hasn't been updated to include the new OriginGroups element of the DistributionConfig in the AWS API yet.
jrstarke
on 24 Nov 2018
FYI, it is updated in AWS Go SDK v1.15.80 (and the AWS Go SDK dependency updated in this codebase has been bumped to v1.15.81): https://github.com/terraform-providers/terraform-provider-aws/pull/6572/files#diff-315b52f0aed6c83c83f0642081d29c08R8354
Sometimes the AWS Go SDK API Reference publisher has a delay (I've seen it take up to a day or two, but never this long). It might be related to re:Invent this week. Anyways, I created this upstream issue: https://github.com/aws/aws-sdk-go/issues/2301
bflad
on 25 Nov 2018
@bflad is there any update on this? I saw the docs updated. It would be great to get this behavior introduced to terraform
balassit
on 19 Dec 2018
The only update I can provide as a maintainer is that this is not being actively worked on by any of the HashiCorp maintainers (that I know about) in the near future. From a community perspective, looks like this is working its way up the community issue voting, so at a certain point if its not handled with a community contribution, it might be put on our internal roadmap. Keep those ๐ coming (on the original issue above) if this is something you want.
bflad
on 19 Dec 2018
Support for aws_cloudfront_distribution resource origin_group configuration blocks has been merged with an example in resource documentation, e.g.
resource "aws_cloudfront_distribution" "s3_distribution" {
# ... other configuration ...
origin {
domain_name = "${aws_s3_bucket.primary.bucket_regional_domain_name}"
origin_id = "primaryS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
origin {
domain_name = "${aws_s3_bucket.failover.bucket_regional_domain_name}"
origin_id = "failoverS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
origin_group {
origin_id = "groupS3"
failover_criteria {
status_codes = [403, 404, 500, 502]
}
member {
origin_id = "primaryS3"
}
member {
origin_id = "failoverS3"
}
}
default_cache_behavior {
# ... other configuration ...
target_origin_id = "groupS3"
}
}
This will release with version 2.3.0 of the Terraform AWS Provider, likely middle of this week. ๐ For any future feature requests or bug reports, please open a new GitHub issue.
bflad
on 17 Mar 2019
This has been released in version 2.3.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.
bflad
on 21 Mar 2019
I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 31 Mar 2020
Related issues
hazmeister
ยท
3Comments
andywirv
ยท
3Comments
gothrek22
ยท
3Comments
hashibot
ยท
3Comments
hashibot
ยท
3Comments
Most helpful comment
Support for
aws_cloudfront_distributionresourceorigin_groupconfiguration blocks has been merged with an example in resource documentation, e.g.This will release with version 2.3.0 of the Terraform AWS Provider, likely middle of this week. ๐ For any future feature requests or bug reports, please open a new GitHub issue.