【发布时间】:2023-03-24 08:42:01
【问题描述】:
我已在管理控制台中成功设置 CloudFront 源故障转移。我想知道如何使用 Terraform 做同样的事情?
这是一个非常简单的设置,两个来源,一个来源组,一个主要来源和一个次要来源。
【问题讨论】:
标签: amazon-web-services terraform amazon-cloudfront
【发布时间】:2023-03-24 08:42:01
【问题描述】:
Terraform 确实在文档中提供了 example configuration。
如果您从如下所示的简单 CloudFront 资源开始
resource "aws_cloudfront_distribution" "s3_distribution" {
origin {
domain_name = "${aws_s3_bucket.primary.bucket_regional_domain_name}"
origin_id = "primaryS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
default_cache_behavior {
# Note: Origin set to the single origin.
target_origin_id = "primaryS3"
}
}
然后添加 Origin Failover 配置相当容易。
- 添加次要来源。
- 将其与主要成员分组(成员的顺序很重要)。
- 将默认原点设置为组。
这是一个示例(来自文档):
resource "aws_cloudfront_distribution" "s3_distribution" {
origin_group {
origin_id = "groupS3"
failover_criteria {
status_codes = [403, 404, 500, 502]
}
member {
origin_id = "primaryS3"
}
member {
origin_id = "failoverS3"
}
}
# Primary Origin
origin {
domain_name = "${aws_s3_bucket.primary.bucket_regional_domain_name}"
origin_id = "primaryS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
# Secondary Origin
origin {
domain_name = "${aws_s3_bucket.failover.bucket_regional_domain_name}"
origin_id = "failoverS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
default_cache_behavior {
# Important, use the failover group instead of the primary origin.
target_origin_id = "groupS3"
}
}
【讨论】: