Comments (5)
antonbabenko
commented on May 30, 2024
terraform plan is telling just a plan but I recommend running terraform apply and see the produced results.
There is a special key name default in cache_behavior, and all other keys should go to ordered_cache_behavior.
If the problem exists please provide the result of the terraform plan command.
from terraform-aws-cloudfront.
lejeunen
commented on May 30, 2024
Hello Anton, thanks for the quick reply!
terraform plan is telling just a plan but I recommend running terraform apply and see the produced results.
Yes indeed I spotted the problem by looking at the CF distribution generated by Terraform in the AWS console
There is a special key name default in cache_behavior, and all other keys should go to ordered_cache_behavior.
Yes, that's what I'm doing
If the problem exists please provide the result of the terraform plan command.
I assume it's easier for you if we stay on the complete example
main.tf
cache_behavior = {
default = {
target_origin_id = "appsync"
viewer_protocol_policy = "allow-all"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD"]
compress = true
query_string = true
lambda_function_association = {
# Valid keys: viewer-request, origin-request, viewer-response, origin-response
viewer-request = {
lambda_arn = module.lambda_function.this_lambda_function_qualified_arn
include_body = true
}
origin-request = {
lambda_arn = module.lambda_function.this_lambda_function_qualified_arn
}
}
}
s3 = {
path_pattern = "/static/*"
target_origin_id = "s3_one"
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD"]
compress = true
query_string = true
}
another_s3 = {
path_pattern = "/another/*"
target_origin_id = "s3_one"
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD"]
compress = true
query_string = true
}
}
terraform apply output
# module.cloudfront.aws_cloudfront_distribution.this[0] will be created
+ resource "aws_cloudfront_distribution" "this" {
+ aliases = [
+ "cdn.terraform-aws-modules.modules.tf",
]
+ arn = (known after apply)
+ caller_reference = (known after apply)
+ comment = "My awesome CloudFront"
+ domain_name = (known after apply)
+ enabled = true
+ etag = (known after apply)
+ hosted_zone_id = (known after apply)
+ http_version = "http2"
+ id = (known after apply)
+ in_progress_validation_batches = (known after apply)
+ is_ipv6_enabled = true
+ last_modified_time = (known after apply)
+ price_class = "PriceClass_All"
+ retain_on_delete = false
+ status = (known after apply)
+ trusted_signers = (known after apply)
+ wait_for_deployment = false
+ default_cache_behavior {
+ allowed_methods = (known after apply)
+ cached_methods = (known after apply)
+ compress = (known after apply)
+ default_ttl = (known after apply)
+ field_level_encryption_id = (known after apply)
+ max_ttl = (known after apply)
+ min_ttl = (known after apply)
+ smooth_streaming = (known after apply)
+ target_origin_id = "appsync"
+ trusted_signers = (known after apply)
+ viewer_protocol_policy = "allow-all"
+ forwarded_values {
+ headers = (known after apply)
+ query_string = (known after apply)
+ query_string_cache_keys = (known after apply)
+ cookies {
+ forward = (known after apply)
+ whitelisted_names = (known after apply)
}
}
+ lambda_function_association {
+ event_type = (known after apply)
+ include_body = (known after apply)
+ lambda_arn = (known after apply)
}
}
+ logging_config {
+ bucket = (known after apply)
+ include_cookies = (known after apply)
+ prefix = (known after apply)
}
+ ordered_cache_behavior {
+ allowed_methods = [
+ "GET",
+ "HEAD",
+ "OPTIONS",
]
+ cached_methods = [
+ "GET",
+ "HEAD",
]
+ compress = true
+ default_ttl = 86400
+ max_ttl = 31536000
+ min_ttl = 0
+ path_pattern = "/another/*"
+ target_origin_id = "s3_one"
+ viewer_protocol_policy = "redirect-to-https"
+ forwarded_values {
+ query_string = true
+ query_string_cache_keys = []
+ cookies {
+ forward = "none"
}
}
}
+ ordered_cache_behavior {
+ allowed_methods = [
+ "GET",
+ "HEAD",
+ "OPTIONS",
]
+ cached_methods = [
+ "GET",
+ "HEAD",
]
+ compress = true
+ default_ttl = 86400
+ max_ttl = 31536000
+ min_ttl = 0
+ path_pattern = "/static/*"
+ target_origin_id = "s3_one"
+ viewer_protocol_policy = "redirect-to-https"
+ forwarded_values {
+ query_string = true
+ query_string_cache_keys = []
+ cookies {
+ forward = "none"
}
}
}
+ origin {
+ domain_name = "appsync.terraform-aws-modules.modules.tf"
+ origin_id = "appsync"
+ custom_header {
+ name = "X-Forwarded-Scheme"
+ value = "https"
}
+ custom_header {
+ name = "X-Frame-Options"
+ value = "SAMEORIGIN"
}
+ custom_origin_config {
+ http_port = 80
+ https_port = 443
+ origin_keepalive_timeout = 5
+ origin_protocol_policy = "match-viewer"
+ origin_read_timeout = 30
+ origin_ssl_protocols = [
+ "TLSv1",
]
}
}
+ origin {
+ domain_name = (known after apply)
+ origin_id = (known after apply)
+ origin_path = (known after apply)
+ custom_header {
+ name = (known after apply)
+ value = (known after apply)
}
+ custom_origin_config {
+ http_port = (known after apply)
+ https_port = (known after apply)
+ origin_keepalive_timeout = (known after apply)
+ origin_protocol_policy = (known after apply)
+ origin_read_timeout = (known after apply)
+ origin_ssl_protocols = (known after apply)
}
+ s3_origin_config {
+ origin_access_identity = (known after apply)
}
}
+ origin_group {
+ origin_id = "group_one"
+ failover_criteria {
+ status_codes = [
+ 403,
+ 404,
+ 500,
+ 502,
]
}
+ member {
+ origin_id = "appsync"
}
+ member {
+ origin_id = "s3_one"
}
}
+ restrictions {
+ geo_restriction {
+ locations = [
+ "GB",
+ "NO",
+ "UA",
+ "US",
]
+ restriction_type = "whitelist"
}
}
+ viewer_certificate {
+ cloudfront_default_certificate = true
+ minimum_protocol_version = "TLSv1"
}
}
As you can see, the 2 ordered_cache_behavior are not in the same order as in main.tf. The static one should come first.
from terraform-aws-cloudfront.
lejeunen
commented on May 30, 2024
I thought more about this and the concept of extracting an ordered list from a map seems weird to me. I'm really no expert in terraform, but in other languages I know maps usually do not support ordering.
Anyway, I have separated variables for default and ordered cache behaviors in a fork. The ordered cache is now a list so that order is preserved. We are now using this fork and everything is fine in the generated CF distribution.
If you are interested I can open a pull request.
from terraform-aws-cloudfront.
antonbabenko
commented on May 30, 2024
I agree that it does not feel natural to use maps instead of lists as we normally do in other programming languages (I have not been thinking about this before in regards to this module).
The plan output is very similar to the example in the documentation for aws_cloudfront_distribution.
If you want, please open a PR and I will take a look when I have time for this.
from terraform-aws-cloudfront.
github-actions
commented on May 30, 2024
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
from terraform-aws-cloudfront.
Related Issues (20)
- i.value is object with 1 attribute "default" HOT 1
- the ability to create access controls with the module HOT 4
- Problem in create/update/delete of oac HOT 5
- Cannot set 'origin_id = my.domian.net' for the CF distribution. HOT 4
- Complete example is not working? HOT 5
- Add support for decoupling FMS-managed web ACLs HOT 6
- Setting create_origin_access_control to true does not work to successfully create an OAC based Cloudfront HOT 2
- Documentation request for update https://github.com/terraform-aws-modules/terraform-aws-cloudfront/pull/21 HOT 4
- Error: expected default_cache_behavior.0.function_association.0.event_type to be one of [viewer-request viewer-response origin-request origin-response], got 0 HOT 2
- The argument "origin_access_identity" is required, but no definition was found HOT 9
- feat: Make it easier to select well-known AWS-managed policies HOT 6
- Document `use_fowarded_values` HOT 6
- custom_error_response when empty list HOT 6
- docs: Variable default_cache_behavior is required if distribution is enabled HOT 5
- Unable to Delete Lambda@Edge Functions and Replicas HOT 3
- update S3 policy when create `origin_access_control` HOT 1
- Support for Staging Distributon HOT 3
- fail of destroy HOT 2
- Error about origin blocks HOT 2
- when cloudfront continuous deployment feature will be added HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-cloudfront.