Então, eu tenho 90 por cento, mas parece que o cloudfront está recebendo 500 erros do s3? Tenho certeza de que estou apenas fazendo algo errado. Eu li a documentação de vários amazon, mas para mim parece tão vago quanto a ser inútil.
resource "aws_s3_bucket" "Artifacts" {
bucket = "my.domain.tld"
acl = "private"
versioning {
enabled = true
}
}
module "BucketPolicy" {
source = "../modules/S3CloudFrontBucketPolicy"
bucket_id = "${aws_s3_bucket.Artifacts.id}"
arn = "${aws_s3_bucket.Artifacts.arn}"
principal = "${module.ArtifactsCloudfront.oai_principal}"
}
module "ArtifactsCloudfront" {
source = "../modules/CloudFrontS3"
zone_id = "${aws_route53_zone.Primary.id}"
root = "/"
origin_fqdn = "${aws_s3_bucket.Artifacts.bucket_domain_name}"
user_fqdn = "${aws_s3_bucket.Artifacts.bucket}"
}
CloudFrontS3
variable "user_fqdn" {}
variable "origin_fqdn" {}
variable "zone_id" {}
variable "root" {}
output "oai_principal" {
value = "${aws_cloudfront_origin_access_identity.OAI.iam_arn}"
}
resource "aws_acm_certificate" "Cert" {
domain_name = "${var.user_fqdn}"
validation_method = "DNS"
tags {
env = "${terraform.env}"
}
}
resource "aws_route53_record" "ValidationDNS" {
name = "${aws_acm_certificate.Cert.domain_validation_options.0.resource_record_name}"
type = "${aws_acm_certificate.Cert.domain_validation_options.0.resource_record_type}"
zone_id = "${var.zone_id}"
records = ["${aws_acm_certificate.Cert.domain_validation_options.0.resource_record_value}"]
ttl = 60
}
resource "aws_acm_certificate_validation" "CertValidation" {
certificate_arn = "${aws_acm_certificate.Cert.arn}"
validation_record_fqdns = ["${aws_route53_record.ValidationDNS.fqdn}"]
}
resource "aws_route53_record" "DomainName" {
zone_id = "${var.zone_id}"
name = "${var.user_fqdn}"
type = "CNAME"
ttl = "300"
records = [
"${aws_cloudfront_distribution.Distribution.domain_name}"]
}
resource "aws_cloudfront_origin_access_identity" "OAI" {
}
resource "aws_cloudfront_distribution" "Distribution" {
aliases = ["${var.user_fqdn}"]
origin {
domain_name = "${var.origin_fqdn}"
origin_id = "${var.origin_fqdn}"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.OAI.cloudfront_access_identity_path}"
}
}
enabled = true
is_ipv6_enabled = true
default_root_object = "${var.root}"
default_cache_behavior {
allowed_methods = [
"GET",
"HEAD",
"OPTIONS"]
cached_methods = [
"GET",
"HEAD",
"OPTIONS"]
forwarded_values {
cookies {
forward = "none"
}
query_string = true
}
default_ttl = 3600
max_ttl = 86400
min_ttl = 60
target_origin_id = "${var.origin_fqdn}"
viewer_protocol_policy = "https-only"
compress = true
}
price_class = "PriceClass_100"
restrictions {
geo_restriction {
restriction_type = "whitelist"
locations = ["US"]
}
}
viewer_certificate {
acm_certificate_arn = "${aws_acm_certificate_validation.CertValidation.certificate_arn}"
ssl_support_method = "sni-only"
minimum_protocol_version = "TLSv1.1_2016"
}
tags {
env = "${terraform.env}"
}
}
S3CloudFrontBucketPolicy
variable "principal" {}
variable "arn" {}
variable "bucket_id" {}
resource "aws_s3_bucket_policy" "Policy" {
bucket = "${var.bucket_id}"
policy = "${data.template_file.Policy.rendered}"
}
data "template_file" "Policy" {
vars {
arn = "${var.arn}"
oai = "${var.principal}"
}
template = <<POLICY
{
"Id": "Policy1520441044381",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1520439447147",
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": "$${arn}/*",
"Principal": {
"AWS": [
"$${oai}"
]
}
}
]
}
POLICY
}
no entanto, quando tento baixar algo, obtenho
The request could not be satisfied.
CloudFront is currently experiencing problems with requesting objects from Amazon S3.
o que estou fazendo errado? o que eu preciso consertar?