AWS CloudFront Origin OriginName Bug

Error

There is an error when creating AWS CloudFront distribution linked to AWS S3 bucket which is configured to redirect all requests.

The error origin is marked on line 98 in frontend/cloudfront.tf.

A Github Repo to re-create the issue is here:

https://github.com/subaquatic-pierre/s3-webapp-infrastructure

Note: You will need AWS Hosted zone for testing

Expected

Use

aws_s3_bucket_website_configuration.redirect.website_endpoint

as cloudfront Origin DomainName

instead of

aws_s3_bucket.redirect.bucket_domain_name

Error message

Error: error updating CloudFront Distribution (***): InvalidArgument: The parameter Origin DomainName does not refer to a valid S3 bucket.

Steps to reproduce error

1. Clone repo

git clone git@github.com:subaquatic-pierre/s3-webapp-infrastructure.git

2. Edit and rename terraform.tfvars.bak

3. Run

terraform init

4. Run

terraform apply

4. Run

aws s3 cp index.html s3://$(terraform output main_bucket_name | tr -d \")/

5. Go to domain_name in browser

terraform output domain_name

5. Go to www_domain_name in browser

terraform output www_domain_name

Resources

• https://aws.amazon.com/premiumsupport/knowledge-center/s3-website-cloudfront-error-403/

I’ve been trying to figure this out for the past two days. There definitely is a bug because the output of “aws_s3_bucket.redirect-bucket.website_endpoint” is correct, but Terraform origin → domain_name results in InvalidArgument: The parameter Origin DomainName does not refer to a valid S3 bucket.

hello,

I am facing the same error… did you manage to get a solution? thank you!

did you managed to find a solution? I am thinking to “downgrade” the aws provider version to version 3.0 where aws_s3_bucket.redirect.website_endpoint is not deprecated…

ideas?

For anyone else that winds up here, I got it to work by using a custom_origin_config and a default_root_object:

resource "aws_cloudfront_distribution" "s3_distribution" {

  origin {
    domain_name = aws_s3_bucket_website_configuration.redirect.website_endpoint
    origin_id   = aws_s3_bucket_website_configuration.redirect.id

    custom_origin_config {
      http_port                = 80
      https_port               = 443
      origin_keepalive_timeout = 5
      origin_protocol_policy   = "http-only"
      origin_read_timeout      = 30
      origin_ssl_protocols = [
        "TLSv1.2",
      ]
    }
  }
  default_root_object = "index.html"
  enabled         = true
  is_ipv6_enabled = true
  comment         = "Terraform CDN"

  default_cache_behavior {
    allowed_methods  = ["GET", "HEAD"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = aws_s3_bucket_website_configuration.redirect.id

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "redirect-to-https"
    min_ttl                = 0
    default_ttl            = 3600
    max_ttl                = 86400
  }

  price_class = "PriceClass_All"

  viewer_certificate {
    cloudfront_default_certificate = true
  }

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }
}

Thank you for sharing the issue here, I was running into the same problem, that my bucket was not redirecting because the “domain_name = aws_s3_bucket.www_bucket.bucket_regional_domain_name”, instead of using the website endpoint.

1. I changed it manually in the management console, which is quite clumsy
2. I ignored the warning messages, and used the website endpoint in the script. When receiving the following error message, I just ‘terraform apply’ again, and then it worked:

Error: creating CloudFront Distribution: InvalidArgument: The parameter Origin DomainName does not refer to a valid S3 bucket.

3. found this thread and 'dsosborn’s anwer - thank’s for sharing! And what actually mattered to me, was using the endpoint of the website configuration. I hadn’t seen or tried that before. And this is actually accepted by my terraform version v1.4.0 without warning or error messages.
   You find my repo (in progress) here: GitHub - d-wrede/AWS_capstone_project
   I recommend you looking at it, if you need an updated version (May 2023).

@subaquatic-pierre , thank you for raising this; it was rather hard to find. The problem described in this thread exactly describes the problem I was having.

Here is the solution that worked for me:

• Set the distribution’s origin domain name equal to the website bucket’s regional domain name, as most online resources suggest.
• Set the distribution’s default root object equal to the website bucket’s index file name (excluding a preceding forward slash - this is something I had tried before, but I included a forward slash).

I hope it helps someone.