我已经在管理控制台中成功设置了CloudFront Origin故障转移。我想知道如何使用Terraform来做同样的事情?
这是一个非常简单的设置,有两个起点,一个起点组有一个主要起点和一个次要起点。
Terraform确实在文档中提供了example configuration。
如果您从一个简单的CloudFront资源开始,例如以下资源
resource "aws_cloudfront_distribution" "s3_distribution" {
origin {
domain_name = "${aws_s3_bucket.primary.bucket_regional_domain_name}"
origin_id = "primaryS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
default_cache_behavior {
# Note: Origin set to the single origin.
target_origin_id = "primaryS3"
}
}
然后添加原始故障转移配置非常容易。
这是一个示例(来自文档):
resource "aws_cloudfront_distribution" "s3_distribution" {
origin_group {
origin_id = "groupS3"
failover_criteria {
status_codes = [403, 404, 500, 502]
}
member {
origin_id = "primaryS3"
}
member {
origin_id = "failoverS3"
}
}
# Primary Origin
origin {
domain_name = "${aws_s3_bucket.primary.bucket_regional_domain_name}"
origin_id = "primaryS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
# Secondary Origin
origin {
domain_name = "${aws_s3_bucket.failover.bucket_regional_domain_name}"
origin_id = "failoverS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
default_cache_behavior {
# Important, use the failover group instead of the primary origin.
target_origin_id = "groupS3"
}
}