Terraform: AWS Cloudfront doesn't support ALB site as an Origin

Created on 7 Dec 2016  ยท  3Comments  ยท  Source: hashicorp/terraform

Hello everyone

On document said terraform support S3 or Website be a Origin, but I try many time get same error is: The parameter Origin DomainName does not refer to a valid S3 bucket

Here's my cloudfront.tf

resource "aws_cloudfront_distribution" "my_web_site" {
  origin {
    domain_name = "#{aws_alb.website.dns_name}"
    origin_id = "website_access_id"

  }
  enabled = true

  logging_config {
    include_cookies = false
    bucket          = "mywebsiteaccesslogcf.s3.amazonaws.com"
  }

  default_cache_behavior {
    allowed_methods = [HEAD, DELETE, POST, GET, OPTIONS, PUT, PATCH]
    cached_methods = ["HEAD", "GET"]
    compress = true
    target_origin_id = "website_access_id"

    forwarded_values {
      query_string = false
      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "allow-all"
    min_ttl     = 0
    default_ttl = 3600
    max_ttl     = 86400
  }

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  tags {
    Environment = "${var.environment_name}"
  }

  viewer_certificate {
    iam_certificate_id = "${var.elb_cert}"
    ssl_support_method = "sni-only"
  }
}

and I got this error below:

`Error applying plan:

1 error(s) occurred:

  • aws_cloudfront_distribution.my_web_site: InvalidArgument: The parameter Origin DomainName does not refer to a valid S3 bucket.
    status code: 400, request id: 242113c0-bc4d-11e6-afa0-5da45ee7023c
    `
bug provideaws
Source
picture a9cQ0Q

Most helpful comment

If anyone else got this error: when trying to use S3 website as origin (if index document functions of S3 are required) the custom_origin_config is needed:

  origin {
    origin_id = "my_origin"
    domain_name = "${aws_s3_bucket.website.website_endpoint}"
    custom_origin_config {
      origin_protocol_policy = "http-only"
      http_port = "80"
      https_port = "443"
      origin_ssl_protocols = ["TLSv1"]
    }
  }

... not sure if this is a bug.

picture Stephan1984 on 31 Jan 2017
👍4 🎉2

All 3 comments

If anyone else got this error: when trying to use S3 website as origin (if index document functions of S3 are required) the custom_origin_config is needed:

  origin {
    origin_id = "my_origin"
    domain_name = "${aws_s3_bucket.website.website_endpoint}"
    custom_origin_config {
      origin_protocol_policy = "http-only"
      http_port = "80"
      https_port = "443"
      origin_ssl_protocols = ["TLSv1"]
    }
  }

... not sure if this is a bug.

Stephan1984 picture Stephan1984 on 31 Jan 2017
👍4 🎉2

I'm experiencing the same issue.

@Stephan1984 suggests to use custom_origin_config but doing so you can't grant CloudFront permissions to read a private bucket via origin_access_identity.

pracucci picture pracucci on 7 Feb 2017
👍4

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 10 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

franklinwise picture franklinwise  ยท  3Comments
shanmugakarna picture shanmugakarna  ยท  3Comments
zeninfinity picture zeninfinity  ยท  3Comments
jrnt30 picture jrnt30  ยท  3Comments
carl-youngblood picture carl-youngblood  ยท  3Comments