alternate domain name
johndpope opened this issue · 3 comments
johndpope commented
What is your question?
I put an alternate domain name into the cloud front distribution - but it doesn't work.
the output cloudfront url does work fine. I can access images etc.
how to troubleshoot ?
the cname in route 53 is there - should it be pointing to exactly the https distrubition url?
dougtoppin commented
@johndpope We will review and get back to you
johndpope commented
I'll close this. Found solution. The root of my specific problem was using terraform in conjunction with cloudformation - and the origin id was being eroneously set/updated.
I had to do a terrafrom state export / then reimport (minus some unsettable values).
all good now.
johndpope commented
@dougtoppin - I reopen this. is this supported? I have a solution for one environment - it involved introspecting the successfully deployed cloudfront in terraform and then kinda reimporting the deployed config -
but wanting to simplify this - can we just extend the cloudformation to have a cname alias (using a wildcard cert)?
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.19.0" // Ensure you use the correct version or higher
}
}
backend "s3" {
# These are default values or placeholders.
# They can be overridden by the -backend-config flag during terraform init.
# see terraform init -backend-config="bucket=wweevv-server-provisioning-terraform-state-nonprod" -backend-config="key=blabla" -backend-config="blabla"
bucket = "placeholder"
key = "placeholder/terraform.tfstate"
region = "ap-southeast-2"
}
}
provider "aws" {
region = "ap-southeast-2"
default_tags {
tags = {
Project = basename(abspath(path.root))
aws_stackname = var.stack_name
}
}
}
data "aws_region" "current" {} # export AWS_REGION=ap-southeast-2
data "aws_caller_identity" "current" {} # to get account_id
variable "stack_name" {
type = string
}
# locals {
# json_data = jsondecode(file("${path.module}/cloudformation.json"))
# }
variable "state_bucket" {
description = "The name of the S3 bucket where the file is stored"
type = string
}
variable "json_file_key" {
description = "The S3 key of the JSON file"
type = string
default = "cloudformation.json" # Replace with your actual file path in S3 if different
}
data "aws_s3_object" "json_file" {
bucket = var.state_bucket
key = var.json_file_key
}
locals {
json_data = jsondecode(data.aws_s3_object.json_file.body)
}
variable root_domain_name {
type = string
default = "nonprod.aws.wweevv.app"
}
locals {
image_domain_name = "*.${var.root_domain_name}"
}
variable root_domain_zone_id {
type = string
default = "12341234"
}
// JP. DOES THIS CAUSE A PROBLEM????
resource "aws_route53_record" "api_gateway_cname" {
zone_id = var.root_domain_zone_id
name = local.image_domain_name
type = "CNAME"
ttl = "300"
records = [replace(local.json_data.ApiEndpoint, "https://", "")]
}
resource "aws_cloudfront_distribution" "existing_distribution" {
aliases = [local.image_domain_name]
comment = "Image Handler Distribution for Serverless Image Handler"
enabled = true
# etag = "E1ULV65PTLOPYE"
http_version = "http2"
# in_progress_validation_batches = 0
is_ipv6_enabled = true
# last_modified_time = "2023-12-11 02:58:44.558 +0000 UTC"
price_class = "PriceClass_All"
retain_on_delete = false
staging = false
# status = "Deployed"
tags = {
"Project" = "image-handler-terraform"
"SolutionId" = "SO0023"
}
tags_all = {
"Project" = "image-handler-terraform"
"SolutionId" = "SO0023"
"aws_stackname" = "dev"
}
# trusted_key_groups = [
# {
# enabled = false
# items = []
# },
# ]
# trusted_signers = [
# {
# enabled = false
# items = []
# },
# ]
wait_for_deployment = true
custom_error_response {
error_caching_min_ttl = 600
error_code = 500
response_code = 0
}
custom_error_response {
error_caching_min_ttl = 600
error_code = 501
response_code = 0
}
custom_error_response {
error_caching_min_ttl = 600
error_code = 502
response_code = 0
}
custom_error_response {
error_caching_min_ttl = 600
error_code = 503
response_code = 0
}
custom_error_response {
error_caching_min_ttl = 600
error_code = 504
response_code = 0
}
default_cache_behavior {
allowed_methods = [
"GET",
"HEAD",
]
cache_policy_id = "e5e987e8-4b01-492b-b91f-1b2c6b747161"
cached_methods = [
"GET",
"HEAD",
]
compress = true
default_ttl = 0
max_ttl = 0
min_ttl = 0
origin_request_policy_id = "effdbdc6-39e8-413d-ab3d-85532ca041cb"
smooth_streaming = false
target_origin_id = "verlessImageHandlerStackBackEndImageHandlerCloudFrontApiGatewayLambdaCloudFrontToApiGatewayCloudFrontDistributionOrigin1BEFA9FF3"
trusted_key_groups = []
trusted_signers = []
viewer_protocol_policy = "https-only"
}
logging_config {
bucket = "serverless-image-handler-logs-ae4de39f.s3.ap-southeast-2.amazonaws.com"
include_cookies = false
prefix = "api-cloudfront/"
}
origin {
connection_attempts = 3
connection_timeout = 10
domain_name = "BLABLA-api.ap-southeast-2.amazonaws.com"
origin_id = "verlessImageHandlerStackBackEndImageHandlerCloudFrontApiGatewayLambdaCloudFrontToApiGatewayCloudFrontDistributionOrigin1BEFA9FF3"
origin_path = "/image"
custom_origin_config {
http_port = 80
https_port = 443
origin_keepalive_timeout = 5
origin_protocol_policy = "https-only"
origin_read_timeout = 30
origin_ssl_protocols = [
"TLSv1.1",
"TLSv1.2",
]
}
}
restrictions {
geo_restriction {
locations = []
restriction_type = "none"
}
}
viewer_certificate {
acm_certificate_arn = local.json_data.WildcardCertArn
ssl_support_method = "sni-only"
minimum_protocol_version = "TLSv1.2_2019"
}
}