AWS CloudFront Origin domain_name possible Bug

david.guardiola · October 7, 2022, 8:26am

Hi!

Sorry in advance if this problem is already reported.

From the AWS console I can put in Cloudfront Origin, a domain name like: “test-staging.eu-west-1.elasticbeanstalk.com” and it works!

But if I try to do the same from Terraform and put this value as domain_name, Terraform responds with the following error:

“InvalidArgument: The parameter Origin DomainName does not refer to a valid S3 bucket”.

Am I doing something wrong? is it a bug?

Thanks!

apparentlymart · October 10, 2022, 11:40pm

Hi @david.guardiola,

I see a similar question asked against the AWS JavaScript SDK:

github.com/aws/aws-sdk-js

Origin DomainName does not refer to a valid S3 bucket

opened 03:56PM - 21 Nov 18 UTC

closed 07:03PM - 30 Nov 18 UTC

marshalld139

service-api closing-soon guidance

When updating a **CloudFront Distribution** via the SDK that serves an **S3 buck…et** you cannot configure the **Origin Domain Name** to be an **S3 Website Endpoint**, it only accepts an **S3 Bucket Endpoint**. (i.e. CloudFront will only accept `<bucket_name>.s3.<region>.amazonaws.com` as an Origin Domain Name, which points at the bucket itself, whereas it should except `<bucket_name>.s3-website.<region>.amazonaws.com` which is the website endpoint for the bucket). The resulting error is this: ``` An error occurred (InvalidArgument) when calling the UpdateDistribution operation: The parameter Origin DomainName does not refer to a valid S3 bucket. ``` The only solution I have found is that once the distribution is deployed (via Terraform), I need to manually change the Origin Domain Name in the AWS console myself. I can confirm that this is also the case with the CLI. Node Version: `v8.12.0` SDK Version: `2.354.0`

I’m not personally familiar with these resource types but what I understand from that discussion is that CloudFront makes a distinction between an “S3 origin” vs. a “Custom Origin”.

It seems that the CloudFront admin console includes some extra logic (not present in the underlying API) to automatically choose between these two origin types based on what you enter, and so I think the admin console is probably noticing that what you entered is not an S3 URL and so quietly selecting a “custom origin” for you instead. But Terraform works with the API directly and so that logic doesn’t run there; instead, you need to specify the correct origin type yourself.

Based on the documentation for aws_cloudfront_distribution I believe that the Terraform AWS provider requires you to choose between the s3_origin_config and custom_origin_config block types inside each of your origin blocks. It sounds like right now you are using s3_origin_config, but since you are providing an Elastic Beanstalk hostname instead of an S3 hostname I expect you will need to use custom_origin_config instead.

My answer here is based on some guesswork from reading the GitHub issue and documentation I linked, so I may not have got this quite right but hopefully you can use your own knowledge of CloudFront to fill in any missing pieces I don’t know about.

I’ve also moved this topic to the AWS provider category because that’s where folks with AWS-specific knowledge tend to be, and so maybe someone else will be able to suggest something more definitive.

david.guardiola · October 11, 2022, 3:09pm

Hi! @apparentlymart

Thanks for your answer!!!

I will check it!