Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement]: aws_cloudfront_distribution custom_error_response should require both ResponsePagePath and ResponseCode together or none of them #32431

Open
djcolon opened this issue Jul 9, 2023 · 1 comment
Open

[Enhancement]: aws_cloudfront_distribution custom_error_response should require both ResponsePagePath and ResponseCode together or none of them #32431

djcolon opened this issue Jul 9, 2023 · 1 comment
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/cloudfront Issues and PRs that pertain to the cloudfront service.

Comments

@djcolon
Copy link

djcolon commented Jul 9, 2023
edited by justinretzolk
Loading

Terraform Core Version

1.5.2

AWS Provider Version

5.6.2

Affected Resource(s)

aws_cloudfront_distribution.custom_error_response

Expected Behavior

When, in a custom_error_response a response_page_path is set, but no response_code, terraform validate should raise a warning.

Actual Behavior

No warning is issued by terraform validate, and the operation fails when applying.

Relevant Error/Panic Output Snippet

Error: creating CloudFront Distribution: InvalidArgument: Your request must specify both ResponsePagePath and ResponseCode together or none of them.

Terraform Configuration Files

Main.tf:

################################################################################
# S3
################################################################################
resource "aws_s3_bucket" "s3_bucket" {
  bucket = var.bucket_name
}

################################################################################
# CloudFront
################################################################################

# Create a certificate for the cloudfront distribution. This will have to be
# validate from a different account by exporting the domain_validation_options
# from the root, and accessing them from the file thaa manages DNS using remote
# state, or (if possible) directly by being in the same file.
resource "aws_acm_certificate" "cert" {
  domain_name       = var.domain
  validation_method = "DNS"
}

# We then set up the OAC
# https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
resource "aws_cloudfront_origin_access_control" "s3_bucket" {
  name                              = "static_site_access"
  description                       = "Access for cloudfront to the static site in this account."
  origin_access_control_origin_type = "s3"
  signing_behavior                  = "always"
  signing_protocol                  = "sigv4"
}

# And the cloudfront distribution.
resource "aws_cloudfront_distribution" "s3_distribution" {
  origin {
    domain_name              = aws_s3_bucket.s3_bucket.bucket_regional_domain_name
    origin_id                = aws_s3_bucket.s3_bucket.id
    origin_access_control_id = aws_cloudfront_origin_access_control.s3_bucket.id
  }
  enabled             = true
  is_ipv6_enabled     = true
  comment             = "Cloudfront distribution to the static site in this account."
  default_root_object = "index.html"
  aliases             = concat([var.domain], var.aliases)

  # AWS Managed Caching Policy (CachingDisabled)
  default_cache_behavior {
    # Using the CachingOptimized managed policy ID:
    # https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html#managed-cache-caching-optimized
    cache_policy_id        = "658327ea-f89d-4fab-a63d-7e88639e58f6"
    allowed_methods        = ["GET", "HEAD", "OPTIONS"]
    # See: https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_CachedMethods.html
    cached_methods         = ["GET", "HEAD"]
    target_origin_id       = aws_s3_bucket.s3_bucket.id
    viewer_protocol_policy = "redirect-to-https"
  }

  restrictions {
    geo_restriction {
      restriction_type = "whitelist"
      locations        = ["US", "GB", "NL"]
    }
  }

  viewer_certificate {
    acm_certificate_arn = aws_acm_certificate.cert.arn
    ssl_support_method  = "sni-only"
  }

  custom_error_response {
    error_code         = "404"
    response_page_path = "404.html"
    #response_code      = 404
  }
}

Variables.tf:

variable "bucket_name" {
  description = "Name of the s3 bucket. Must be unique."
  type        = string
}

variable "domain" {
  description = "Domain for the page."
  type        = string
  default     = ""
}

variable "aliases" {
  description = "CNAME aliases for the cloudfront distribution."
  type        = list(string)
  default     = []
}

Steps to Reproduce

terraform apply

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customerrorresponse.html

Would you like to implement a fix?

No
@djcolon djcolon added bug Addresses a defect in current functionality. needs-triage Waiting for first response or review from a maintainer. labels Jul 9, 2023
@github-actions
Copy link

github-actions bot commented Jul 9, 2023

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added service/acm Issues and PRs that pertain to the acm service. service/cloudfront Issues and PRs that pertain to the cloudfront service. service/s3 Issues and PRs that pertain to the s3 service. labels Jul 9, 2023
@justinretzolk justinretzolk added enhancement Requests to existing resources that expand the functionality or scope. and removed service/s3 Issues and PRs that pertain to the s3 service. service/acm Issues and PRs that pertain to the acm service. needs-triage Waiting for first response or review from a maintainer. bug Addresses a defect in current functionality. labels Jul 10, 2023
@justinretzolk justinretzolk changed the title [Bug]: aws_cloudfront_distribution custom_error_response should require both ResponsePagePath and ResponseCode together or none of them [Enhancement]: aws_cloudfront_distribution custom_error_response should require both ResponsePagePath and ResponseCode together or none of them Jul 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/cloudfront Issues and PRs that pertain to the cloudfront service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@djcolon @justinretzolk