terraform-aws-cloudfront icon indicating copy to clipboard operation
terraform-aws-cloudfront copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

origin_access_control_id not implemented

Open skkiran-pro opened this issue 1 year ago β€’ 3 comments
trafficstars

Description

We can only use the legacy origin_access_identity like below:

origin = {
  default = {
    domain_name      = module.web_app.s3_bucket_bucket_regional_domain_name
    s3_origin_config = {
      origin_access_identity = "web_app" 
    }
  }
}

origin_access_control does not work:

  origin = {
    default = {
      domain_name              = module.web_app.s3_bucket_bucket_regional_domain_name
      origin_id                = module.web_app.s3_bucket_id
      origin_access_control_id = aws_cloudfront_origin_access_control.test.id
    }
  }

skkiran-pro avatar May 29 '24 05:05 skkiran-pro

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] avatar Jun 29 '24 00:06 github-actions[bot]

I can also confirm that its not working as the code states. had to use the next config

origin = { s3_one = { domain_name = "testbucket.s3.eu-west-1.amazonaws.com" origin_id = "s3-my-private-bucket" origin_access_control = "oac" } }

andrei-gabriel-p avatar Jul 04 '24 09:07 andrei-gabriel-p

+1 This is not working as intended.

As a workaround (I am not proud of this and it should be thrown in a corner somewhere), you can have the module refer to itself, and manually pass in the origin_access_control_id.

      origin_access_control_id = module.this.cloudfront_origin_access_controls_ids[0]

Duceswild99 avatar Jul 09 '24 20:07 Duceswild99

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] avatar Aug 09 '24 00:08 github-actions[bot]

There are two ways to achieve the same result:

  1. origin_access_control_id - expects ID of the resource created externally from the module (e.g. E345SXM82MIOSU)
  2. origin_access_control - key in the origin_access_control argument created by the module.

See this example for more details: https://github.com/terraform-aws-modules/terraform-aws-cloudfront/blob/master/examples/complete/main.tf#L96-L101

The workaround by @Duceswild99 can be like:

     origin_access_control = "key_from_origin_access_control" # created by this module

antonbabenko avatar Aug 12 '24 23:08 antonbabenko

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] avatar Sep 12 '24 00:09 github-actions[bot]

This issue was automatically closed because of stale in 10 days

github-actions[bot] avatar Sep 22 '24 00:09 github-actions[bot]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Oct 23 '24 02:10 github-actions[bot]