-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CloudFront distribution and origin access identity support #5221
Conversation
PS: This is failing right now because CloudFront is not yet vendored - if this is necessary, let me know. |
89643ad
to
8afddbf
Compare
+1 |
8afddbf
to
1a45497
Compare
Small update to
|
1a45497
to
29c32a1
Compare
Update! I've added the |
Thanks for this, wondering whether it is possible to add back the zone_id on the output? To make it easier to use CloudFront w/ Route 53 ALIAS records in the DSL: |
@shanhchen sorry, but I don't think that's a good idea. I was kind of curious as to why it was absent when I was doing my refactor, incidentally, and it turns out that it is a hardcoded value (if you look in the original commit history you can see the static I would say that if you want to reference the CloudFront zone ID, just reference the static value as instructed in the docs. |
Thanks a lot @vancluever I will try that way. |
Apologies for the silence here. Should I be looking here, or #3330 ? I think this is a replacement for that one, right? |
Also, as mentioned above, this needs the CloudFront dependency vendored.. See here for details Thanks! |
Hey @catsby, great to hear this is getting attention now. This is indeed the replacement, so this is the one that should be reviewed. I encountered a bug that needs fixing the last couple of days, I'll add that, in addition to the vendoring of the CloudFront SDK bits today. |
29c32a1
to
1428430
Compare
OK, bug fixes are in and CloudFront deps vendored. Not too sure what happened to the travis job, was hoping to see if it passed tests. But this should be good to go regardless. |
Impressive work! |
Looking forward to it |
Anything I can do to help? Super keen to get this over the line! |
Custom build of the CloudFront support pull request (hashicorp/terraform#5221) rebased onto v0.6.14 release.
The following example below creates a CloudFront origin access identity. | ||
|
||
``` | ||
resource "aws_origin_access_identity" "origin_access_identity" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be aws_cloudfront_origin_access_identity
. Same in the second example.
I rebased this PR on top of the recent 0.6.14 release and put the OS X package available here if someone wants to test it. There is also a fancy Terraform version switcher: Yleisradio/homebrew-terraforms |
1428430
to
cc43b4a
Compare
@vancluever Was able to use your latest branch to setup a S3 static site fronted with CloudFront. Everything worked perfectly. Thanks for the patches! |
If anyone else is interested in trying out this PR, I wrote up a blog post on using this to setup an S3 static site fronted with CloudFront: http://blakesmith.me/2016/04/02/terraform-aws-static-site-with-cloudfront.html |
I've tested this out and so far it works great. One question I have - how do I setup the default cache behavior to forward all headers? In the UI there's a dropdown to select 'All' but I can't figure out how to get the same effect in my |
Hey @gpetras you are welcome! Also, I got this from the SDK docs:
So you want to specify PS: I've updated the docs to be specific on this. |
58d75b9
to
a16c528
Compare
* Includes a complete re-write of the old aws_cloudfront_web_distribution resource to bring it to feature parity with API and CloudFormation. * Also includes the aws_cloudfront_origin_access_identity resource to generate origin access identities for use with S3.
a16c528
to
68b45f5
Compare
Thanks @vancluever - I did that and it worked great - much appreciated! |
Hi, When I'm trying to specify an ACM ARN I get the following error:
Here's the relevant part from my configuration:
However, there are no errors if I set
Also, when trying to apply the configuration:
I guess this isn't the intended behavior and I should specify a valid ACM ARN as the value for |
@liviudm I think you have an old version of the pull request. That should be fixed. |
@liviudm as @tmatilai mentioned, this was caused by a bug in the first push for the ACM feature (if you see the outdated commit comments you can see Teemu's comments in there). Updating your tree as per his instructions should work and I verified the present commit to make sure there wasn't a regression. |
prefix = "myprefix" | ||
} | ||
aliases = [ "mysite.example.com", "yoursite.example.com" ] | ||
default_cache_behavior { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the documentation below it says that Edit: Oops nevermind, I missed the path_pattern
is required, yet in this example it is absent. One or the other should be updated.default_cache_behavior
section that clearly states path_pattern
isn't required.
@vancluever I'm having an issue with migrating from
to
When I run |
// | ||
// Used by the aws_cloudfront_distribution Read function. | ||
func flattenDistributionConfig(d *schema.ResourceData, distributionConfig *cloudfront.DistributionConfig) { | ||
d.Set("origins", flattenOrigins(distributionConfig.Origins)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for anything that is not a simple value like int
or string
, we need to check the error from d.Set
to ensure it was set correctly. This applies to all the d.Set
's here where a complex structure is being saved
Going to go ahead and merge this as is. My feedback was pretty minimal and can be picked up as we go. Thanks so much for the work here @vancluever and @AlexanderEkdahl ! |
@catsby how long before this is available in a new version of terraform? |
Amazing! Thanks @catsby! @bradleyayers - will look into your and @catsby's feedback soon, including attempting to reproduce the diff issue (gotta set up a few things so I can do ACM easily enough). |
@bradleyayers just a note - I'm working on the issue you reported and it looks like it mainly comes up if you only specify |
…#5221) * CloudFront implementation v3 * Update tests * Refactor - new resource: aws_cloudfront_distribution * Includes a complete re-write of the old aws_cloudfront_web_distribution resource to bring it to feature parity with API and CloudFormation. * Also includes the aws_cloudfront_origin_access_identity resource to generate origin access identities for use with S3.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Reference: #3330
I'm opening this new PR just to try and move this along. This branch is pretty much good to merge.
As mentioned in #3330, this is feature-complete CloudFront distribution resource, actually slightly more feature complete than the equivalent in CloudFormation (it doesn't seem like GZIP compression is supported yet, for example). Supports multiple origins, cache behaviours, and has a config layout like you would expect to have when sending the distribution configuration to API or CloudFormation.
I have also added
aws_cloudfront_origin_access_identity
, which allows origin access identities to be generated from Terraform rather than the console, definitely pushing this feature set past what CloudFormation has.One other thing I'm waiting on is #5218, which will allow me to enforce a max instance of 1 on some of the complex types that need it (example:
default_cache_behavior
,viewer_certificate
, etc). But if this is merged before that is I will just add these at a later time.Again, if anyone wants to give it ago in a custom build, if you find anything that's an issue, let me know, otherwise the acceptance tests give a good spread of use cases.