Home Page: https://learn.hashicorp.com/tutorials/terraform/cloudflare-static-website
License: Mozilla Public License 2.0
Learn how to use Terraform to set up a static website using AWS bucket for object storage and Cloudflare for DNS, SSL and CDN. Follow along with this Hashicorp tutorial.
The acm-cloudfront branch uses ACM for SSL certificate and Cloudfront for CDN. This configuration is more complex and works even if your S3 bucket name is already taken.
![hashicorp-copywrite[bot] avatar](https://avatars.githubusercontent.com/u/761456?v=4 "hashicorp-copywrite[bot]")
│ Error: error listing Zone: HTTP status 400: Invalid request headers (6003)
│
│ with data.cloudflare_zones.domain,
│ on main.tf line 67, in data "cloudflare_zones" "domain":
│ 67: data "cloudflare_zones" "domain" {
│
hi, I'm following this tutorial: https://learn.hashicorp.com/tutorials/terraform/cloudflare-static-website?in=terraform/aws
with the Cloudflare approach, but when I try terraform apply, I'm getting this error:
│ Error: Error creating S3 bucket: Error creating S3 bucket mydomainexample.io, retrying: OperationAborted: A conflicting conditional operation is currently in progress
against this resource. Please try again.
│ status code: 409, request id: AK7XAJQP15Z5N33T, host id: fNT/GTtL3i3DoMa8UxO+dd0Z0cBm7xbqyntk2MQwjgZyzFFNaXiq5BNE2HvFtjhGZ4mgEJ6PdrY=
│
│ with aws_s3_bucket.site,
│ on main.tf line 7, in resource "aws_s3_bucket" "site":
│ 7: resource "aws_s3_bucket" "site" {
│
╵
╷
│ Error: Error creating S3 bucket: Error creating S3 bucket www.mydomainexample.io, retrying: OperationAborted: A conflicting conditional operation is currently in progress against this resource. Please try again.
│ status code: 409, request id: AK7PB2E5CQHKA1G1, host id: 4d3pfx/ecquDyNmY76XK5J+aW6zZjcUDNkCRiWJUymJLHrsYW5TWIl+PpuP6AdKruHFyrudjc0M=
│
│ with aws_s3_bucket.www,
│ on main.tf line 17, in resource "aws_s3_bucket" "www":
│ 17: resource "aws_s3_bucket" "www" {
│
╵
╷
│ Error: expected DNS record to not already be present but already exists
│
│ with cloudflare_record.www,
│ on main.tf line 62, in resource "cloudflare_record" "www":
│ 62: resource "cloudflare_record" "www" {
│
any advice?
Thanks,
https://github.com/hashicorp/learn-terraform-cloudflare-static-website/blob/acm-cloudfront/main.tf
The acm-cloudfront branch uses ACM for SSL certificate and Cloudfront for CDN. This configuration is more complex and works even if your S3 bucket name is already taken.
If this branch is supposed to be a setup for CloudFront, curious why this still contains CloudFlare code in it? Is that still needed?
provider "cloudflare" {}
...
data "cloudflare_zones" "domain" {
filter {
name = var.site_domain
}
}
resource "cloudflare_record" "acm" {
zone_id = data.cloudflare_zones.domain.zones[0].id
// Cloudflare doesn't support `allow_overwrite` field like the route53_record
// resource; as a result, this configuration hardcodes the first record to
// verify the ACM certificate.
// for_each = {
// for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
// name = dvo.resource_record_name
// record = dvo.resource_record_value
// type = dvo.resource_record_type
// }
// }
name = aws_acm_certificate.cert.domain_validation_options.*.resource_record_name[0]
type = aws_acm_certificate.cert.domain_validation_options.*.resource_record_type[0]
value = trimsuffix(aws_acm_certificate.cert.domain_validation_options.*.resource_record_value[0], ".")
// Must be set to false. ACM validation false otherwise
proxied = false
}
...
resource "cloudflare_record" "site_cname" {
zone_id = data.cloudflare_zones.domain.zones[0].id
name = var.site_domain
value = aws_cloudfront_distribution.dist.domain_name
type = "CNAME"
ttl = 1
proxied = true
}
resource "cloudflare_record" "www" {
zone_id = data.cloudflare_zones.domain.zones[0].id
name = "www"
value = aws_cloudfront_distribution.dist.domain_name
type = "CNAME"
ttl = 1
proxied = true
}│ caused by: Put "https://s3.ap-southeast-1.amazonaws.com/aws.wffger.fun": dial tcp 0.0.0.0:443: connect: connection refused
│
│ with module.website_bucket.aws_s3_bucket.site,
│ on ../modules/aws-s3-static-web/main.tf line 3, in resource "aws_s3_bucket" "site":
│ 3: resource "aws_s3_bucket" "site" {
It cannot create the S3 bucket. I tried with provider version 4.0.0. and version 5.18.1, both failed.
After checkout of acm-cloudfront branch the terraform plan gives the below output -
random_pet.bucket: Creating...
random_pet.bucket: Creation complete after 0s [id=emu]
aws_acm_certificate.cert: Creating...
aws_s3_bucket.site: Creating...
aws_acm_certificate.cert: Creation complete after 9s [id=arn:aws:acm:us-east-1:123456789012:certificate/6af0684c-a0dd-4e09-83fc-05229989d9f0]
aws_acm_certificate_validation.cert: Creating...
cloudflare_record.acm: Creating...
cloudflare_record.acm: Creation complete after 1s [id=0ad81e6d9e92d0a6bbc7e9e4199a2fc1]
aws_s3_bucket.site: Still creating... [10s elapsed]
aws_s3_bucket.site: Creation complete after 19s [id=emu-backup.com]
aws_s3_bucket_acl.site: Creating...
aws_s3_bucket_policy.site: Creating...
aws_s3_bucket_website_configuration.site: Creating...
aws_acm_certificate_validation.cert: Still creating... [10s elapsed]
aws_s3_bucket_website_configuration.site: Creation complete after 3s [id=emu-backup.com]
aws_acm_certificate_validation.cert: Creation complete after 14s [id=2022-02-12 22:43:00.233 +0000 UTC]
╷
│ Warning: Value for undeclared variable
│
│ The root module does not declare a variable named "site_subdomain" but a value was found in file "terraform.tfvars". If you meant to use this value, add a "variable" block to the
│ configuration.
│
│ To silence these warnings, use TF_VAR_... environment variables to provide certain "global" settings to all configurations in your organization. To reduce the verbosity of these
│ warnings, use the -compact-warnings option.
╵
╷
│ Error: error creating S3 bucket ACL for emu-sujayopillai.com: AccessDenied: Access Denied
│ status code: 403, request id: 0VY0MWMKRS4AE40W, host id: irTDZd2Z+xMoX/Ewz/5KwEOrZ7VIxL5v4YL/69PCFpW6EAe12bpoOd3aY7eDvOsuiAelA57oDdA=
│
│ with aws_s3_bucket_acl.site,
│ on main.tf line 31, in resource "aws_s3_bucket_acl" "site":
│ 31: resource "aws_s3_bucket_acl" "site" {
│
╵
╷
│ Error: Error putting S3 policy: AccessDenied: Access Denied
│ status code: 403, request id: 0VYDFXK8SNA5WJKD, host id: 3QLL8j2aJ03AbiYKPZW8BCT1BJocm/ztjRDC9yx6JoQCg2CktsHg05CoglL/ZqgWu4RjhIdmXf4=
│
│ with aws_s3_bucket_policy.site,
│ on main.tf line 37, in resource "aws_s3_bucket_policy" "site":
│ 37: resource "aws_s3_bucket_policy" "site" {
│
╵
╷
│ Error: Missing required argument
│
│ with aws_cloudfront_distribution.dist,
│ on main.tf line 102, in resource "aws_cloudfront_distribution" "dist":
│ 102: resource "aws_cloudfront_distribution" "dist" {
│
│ The argument "origin.0.domain_name" is required, but no definition was found.
╵
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.