Just applying small resource for cloudfront distribution with aws provider version 4.67.0
After performing terraform apply command, it shows cloudfront is creating the distribution.
But never shows up in aws console the status as deployed.
I waited for 52 minutes still cannot see any signs for status as deployed.
Any help will be appreciated.
Even i tried deploying after certain interval to see if it deploys but still time out with the below error when applied applied terraform in debug mode.
│ Error: creating CloudFront Distribution: ServiceUnavailable: CloudFront encountered an internal error. Please try again.
│ status code: 503, request id: aac5e250-6d00-4956-a995-9a84fd1385g5
│
│ with aws_cloudfront_distribution.test_distribution,
│ on main.tf line 8, in resource “aws_cloudfront_distribution” “test_distribution”:
│ 8: resource “aws_cloudfront_distribution” “test_distribution” {
Not necessarily relevant, just show case of a “works on my machine example”
This is my usage of the Cloudfront module. Which I have had multiple successes with.
import { Cloudfront } from “…/.gen/modules/cloudfront”;
“terraformModules”: [
{
“name” : “cloudfront”,
“source” : “terraform-aws-modules/cloudfront/aws”,
“version” : “3.4.0”
}
],
import { Construct } from "constructs";
import { S3Bucket } from "@cdktf/provider-aws/lib/s3-bucket";
import { S3BucketPolicy } from "@cdktf/provider-aws/lib/s3-bucket-policy";
import { S3BucketCorsConfiguration } from "@cdktf/provider-aws/lib/s3-bucket-cors-configuration";
import { TerraformOutput } from "cdktf";
import { DataAwsAcmCertificate } from "@cdktf/provider-aws/lib/data-aws-acm-certificate";
import { createProvider } from "@di/di-cdktf-lib";
import * as DI from "@di/di-cdktf-lib";
import {CloudfrontS3Props} from "./main";
export class CloudfrontS3Construct extends Construct {
public distribution: Cloudfront;
public certificateData: DataAwsAcmCertificate;
constructor(scope: Construct, name: string, props: CloudfrontS3Props) {
super(scope, name);
const cloudfrontS3Bucket = new S3Bucket(this, "cloudfrontS3Bucket", {
bucket: `di-${props.tags.Application}-${props.env}-${props.accountNumber}`,
});
new S3BucketCorsConfiguration(this, "corsConfiguration", {
bucket: cloudfrontS3Bucket.bucket,
corsRule: [
{
allowedMethods: ["GET", "PUT", "POST", "DELETE", "HEAD"],
allowedOrigins: ["http://localhost:*", "https://*.something.no"],
exposeHeaders: ["ETag"],
maxAgeSeconds: 3000,
}
]
});
let domainName = props.domain;
if (props.recordName !== props.domain) {
domainName = `${props.recordName}.${props.domain}`;
}
const certProvider = createProvider(this, "certAWS", { ...props, region: 'us-east-1' }, { ...props.tags })
this.certificateData = new DataAwsAcmCertificate(this, "coreDnsCertifacte", {
domain: "*." + props.domain,
provider: certProvider,
});
this.distribution = new Cloudfront(this, `${name}_cf`, {
comment: "Cloudfront distribution for the " + props.tags.Application + " bucket.",
enabled: true,
isIpv6Enabled: true,
defaultRootObject: "index.html",
aliases: [domainName],
priceClass: "PriceClass_100",
retainOnDelete: false,
createOriginAccessControl: false,
origin: {
s3Assets: {
domain_name: cloudfrontS3Bucket.bucketRegionalDomainName,
origin_id: cloudfrontS3Bucket.id,
origin_access_control_id: props.defaultAccessControlID
}
},
defaultCacheBehavior: {
target_origin_id: cloudfrontS3Bucket.id,
viewer_protocol_policy: "redirect-to-https",
allowed_methods: ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"],
cached_methods: ["GET", "HEAD"],
compress: true,
query_string: true
},
customErrorResponse: [
{
error_caching_min_ttl: 0,
error_code: 404,
response_code: 200,
response_page_path: "/index.html",
},
{
error_caching_min_ttl: 0,
error_code: 403,
response_code: 200,
response_page_path: "/index.html",
}
],
viewerCertificate: {
acm_certificate_arn: this.certificateData.arn,
minimum_protocol_version: "TLSv1.2_2021",
ssl_support_method: "sni-only"
},
tags: props.tags,
});
new S3BucketPolicy(this, "bucketPolicy", {
bucket: cloudfrontS3Bucket.bucket,
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Sid: "AllowCloudFrontServicePrincipal",
Effect: "Allow",
Principal: {
Service: "cloudfront.amazonaws.com"
},
Action: "s3:GetObject",
Resource: `${cloudfrontS3Bucket.arn}/*`,
Condition: {
StringEquals: {
"AWS:SourceArn": this.distribution.cloudfrontDistributionArnOutput,
},
},
},
],
}),
});
new DI.Route53(this, `${props.tags.Application}_records`, {
terraformConfig: props,
tags: props.tags,
createHostedZone: props.env === DI.CONSTANTS.ENV_PROD,
domain: props.domain,
recordName: props.recordName,
recordAlias: {
name: this.distribution.cloudfrontDistributionDomainNameOutput,
zoneId: this.distribution.cloudfrontDistributionHostedZoneIdOutput,
}
});
new TerraformOutput(this, "origin_s3_name", {
value: cloudfrontS3Bucket.bucket,
description: `${props.tags.Application}_website`,
});
}
}