使用CloudFormation配置S3來源的CloudFront

Question

我嘗試首次使用CloudFormation配置使用S3存儲桶作爲其原點的CloudFront分配。

但是，當模板運行時，我收到錯誤One or more of your origins do not exist。我假定它的原始DomainName被配置不正確，但是一直沒能找到可用的配置。

目前，我有以下模板：

{ 
    "AWSTemplateFormatVersion": "2010-09-09", 
    "Resources": { 
    "AssetBucket": { 
     "Type": "AWS::S3::Bucket", 
     "Properties": { 
     "BucketName": "cdn-assets", 
     "AccessControl": "PublicRead", 
     "CorsConfiguration": { 
      "CorsRules": [ 
      { 
       "AllowedHeaders": [ 
       "*" 
       ], 
       "AllowedMethods": [ 
       "GET" 
       ], 
       "AllowedOrigins": [ 
       "*" 
       ], 
       "Id": "OpenCors", 
       "MaxAge": "3600" 
      } 
      ] 
     } 
     } 
    }, 
    "AssetCDN": { 
     "Type": "AWS::CloudFront::Distribution", 
     "Properties": { 
     "DistributionConfig": { 
      "Origins": [ 
      { 
       "DomainName": { 
       "Fn::GetAtt": [ 
           "AssetBucket", 
           "DomainName" 
          ] 
       }, 
       "Id": "AssetBucketOrigin", 
       "S3OriginConfig": {} 
      } 
      ], 
      "Enabled": "true", 
      "DefaultCacheBehavior": { 
      "Compress": true, 
      "AllowedMethods": [ 
       "GET", 
       "HEAD", 
       "OPTIONS" 
      ], 
      "TargetOriginId": "origin-access-identity/cloudfront/AssetCDN", 
      "ForwardedValues": { 
       "QueryString": "false", 
       "Cookies": { 
       "Forward": "none" 
       } 
      }, 
      "ViewerProtocolPolicy": "allow-all" 
      }, 
      "PriceClass": "PriceClass_All", 
      "ViewerCertificate": { 
      "CloudFrontDefaultCertificate": "true" 
      } 
     } 
     }, 
     "DependsOn": [ 
     "AssetBucket" 
     ] 
    } 
    } 
} 

我一直沒能找到這個多的建議，所以希望有人能指出我在正確的方向。

Answer 1

您的緩存行爲的TargetOriginId屬性必須與S3 Origin的Id屬性中指定的值匹配。

在你上面的例子中，TargetOriginId是origin-access-identity/cloudfront/AssetCDN，而Id是AssetBucketOrigin，這是導致錯誤。

Answer 2

這裏真正的問題是Cloudfront有一個依賴項 - S3存儲桶。所以你應該把這個引用放在cloudfront對象中，讓CFN知道首先它應該創建S3 bucket。要做到這一點，你必須將您的Origins.Id和DefaultCacheBehavior.TargetOriginId屬性更改爲您的存儲桶配置：

{ 
    "AWSTemplateFormatVersion": "2010-09-09", 
    "Resources": { 
    "AssetBucket": { 
     "Type": "AWS::S3::Bucket", 
     "Properties": { 
     "BucketName": "cdn-assets", 
     "AccessControl": "PublicRead", 
     "CorsConfiguration": { 
      "CorsRules": [ 
      { 
       "AllowedHeaders": [ 
       "*" 
       ], 
       "AllowedMethods": [ 
       "GET" 
       ], 
       "AllowedOrigins": [ 
       "*" 
       ], 
       "Id": "OpenCors", 
       "MaxAge": "3600" 
      } 
      ] 
     } 
     } 
    }, 
    "AssetCDN": { 
     "Type": "AWS::CloudFront::Distribution", 
     "Properties": { 
     "DistributionConfig": { 
      "Origins": [ 
      { 
       "DomainName": { 
       "Fn::GetAtt": [ 
           "AssetBucket", 
           "DomainName" 
          ] 
       }, 
       "Id": { "Ref": "AssetBucket" }, /// HERE!!!! 
       "S3OriginConfig": {} 
      } 
      ], 
      "Enabled": "true", 
      "DefaultCacheBehavior": { 
      "Compress": true, 
      "AllowedMethods": [ 
       "GET", 
       "HEAD", 
       "OPTIONS" 
      ], 
      "TargetOriginId": { "Ref": "AssetBucket" }, /// HERE!!!! 
      "ForwardedValues": { 
       "QueryString": "false", 
       "Cookies": { 
       "Forward": "none" 
       } 
      }, 
      "ViewerProtocolPolicy": "allow-all" 
      }, 
      "PriceClass": "PriceClass_All", 
      "ViewerCertificate": { 
      "CloudFrontDefaultCertificate": "true" 
      } 
     } 
     }, 
     "DependsOn": [ 
     "AssetBucket" 
     ] 
    } 
    } 
}