Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regional domains show s3 instead of s3-website resulting in misconfiguration #148

Closed
nitrocode opened this issue Mar 31, 2021 · 3 comments · Fixed by #149
Closed

Regional domains show s3 instead of s3-website resulting in misconfiguration #148

nitrocode opened this issue Mar 31, 2021 · 3 comments · Fixed by #149
Labels
bug 🐛 An issue with the system

Comments

@nitrocode
Copy link
Member

nitrocode commented Mar 31, 2021
edited
Loading

Found a bug? Maybe our Slack Community can help.

Slack Community

Describe the Bug

Looks like the static bucket hack removal PR #143 caused an issue where -website is missing from the domain

This ticket is created on behalf of @syphernl

https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/143/files#r604661084

This change seems to have broken the "s3-website" functionality. It now wants to change the origin domain_name from
XXXXX.s3-website.eu-west-1.amazonaws.com to XXXXX.s3.eu-west-1.amazonaws.com which results in an AccessDenied when loading the domain.

Expected Behavior

No errors

Steps to Reproduce

Use eu-west-1 region with var.website_enabled

Solution Proposals

  • Perhaps it would be better to use website_domain or website_endpoint outputs?
    • website_endpoint seems correct according to the comments below
  • Is there a reason to use the non regional endpoint vs the regional endpoint? I wonder if the website_domain covers this.
    • website_endpoint seems to cover this
  • Override the origin domain_name via an input in case this comes up again
    • might be overkill
@nitrocode nitrocode added the bug 🐛 An issue with the system label Mar 31, 2021
@nitrocode nitrocode mentioned this issue Mar 31, 2021
Merged
@syphernl
Copy link
Contributor

That's odd. Perhaps it would be better to use website_endpoint or website_domain instead.

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#website_endpoint

Could you check if the outputs of either use the correct s3-website endpoint ?

Certainly, I did some digging and found the following:

  • website_domain: s3-website-eu-west-1.amazonaws.com
  • website_endpoint: REDACTED.s3-website-eu-west-1.amazonaws.com

Using website_endpoint would probably be best here as the bucket_ attributes do not contain the -website suffix:

  • bucket_domain_name: REDACTED.s3.amazonaws.com
  • bucket_regional_domain_name: REDACTED.s3.eu-west-1.amazonaws.com

@nitrocode nitrocode mentioned this issue Mar 31, 2021
Merged
@nitrocode
Copy link
Member Author

Thanks @syphernl . I put in an initial PR with branch website_endpoint to use that when var.website_enabled is true.

Could you use point your module to my feature branch to see if it works as expected for you ?

module "cdn" {
  source = "[email protected]:cloudposse/terraform-aws-cloudfront-s3-cdn.git?ref=website_endpoint"

  website_enabled = true
  # ...
}

@syphernl
Copy link
Contributor

@nitrocode Looks good!

One minor thing I noticed is that it wants to replace the existing
REDACTED.s3-website.eu-west-1.amazonaws.com into
REDACTED.s3-website-eu-west-1.amazonaws.com (a dash instead of a dot between s3-website and the region) but this is due to the way things were generated prior to v0.55.

Since both the dash and dot-variants are working the same this is an acceptable change IMHO.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐛 An issue with the system
Projects
None yet
Milestone
No milestone
2 participants
@syphernl @nitrocode