如何使用 Terraform 进行 CloudFront 源站故障转移?
How to do CloudFront origin failover with Terraform?
我已在管理控制台中成功设置 CloudFront 源故障转移。我想知道如何使用 Terraform 做同样的事情?
这是一个非常简单的设置,两个来源,一个来源组,一个主要来源和一个次要来源。
Terraform 在文档中确实提供了 example configuration。
如果您从像下面这样的简单 CloudFront 资源开始
resource "aws_cloudfront_distribution" "s3_distribution" {
origin {
domain_name = "${aws_s3_bucket.primary.bucket_regional_domain_name}"
origin_id = "primaryS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
default_cache_behavior {
# Note: Origin set to the single origin.
target_origin_id = "primaryS3"
}
}
然后添加源故障转移配置就相当容易了。
- 添加次要来源。
- 将其与主要成员分组(成员的顺序很重要)。
- 将默认原点设置为组。
这是一个示例(来自文档):
resource "aws_cloudfront_distribution" "s3_distribution" {
origin_group {
origin_id = "groupS3"
failover_criteria {
status_codes = [403, 404, 500, 502]
}
member {
origin_id = "primaryS3"
}
member {
origin_id = "failoverS3"
}
}
# Primary Origin
origin {
domain_name = "${aws_s3_bucket.primary.bucket_regional_domain_name}"
origin_id = "primaryS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
# Secondary Origin
origin {
domain_name = "${aws_s3_bucket.failover.bucket_regional_domain_name}"
origin_id = "failoverS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
default_cache_behavior {
# Important, use the failover group instead of the primary origin.
target_origin_id = "groupS3"
}
}
我已在管理控制台中成功设置 CloudFront 源故障转移。我想知道如何使用 Terraform 做同样的事情?
这是一个非常简单的设置,两个来源,一个来源组,一个主要来源和一个次要来源。
Terraform 在文档中确实提供了 example configuration。
如果您从像下面这样的简单 CloudFront 资源开始
resource "aws_cloudfront_distribution" "s3_distribution" {
origin {
domain_name = "${aws_s3_bucket.primary.bucket_regional_domain_name}"
origin_id = "primaryS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
default_cache_behavior {
# Note: Origin set to the single origin.
target_origin_id = "primaryS3"
}
}
然后添加源故障转移配置就相当容易了。
- 添加次要来源。
- 将其与主要成员分组(成员的顺序很重要)。
- 将默认原点设置为组。
这是一个示例(来自文档):
resource "aws_cloudfront_distribution" "s3_distribution" {
origin_group {
origin_id = "groupS3"
failover_criteria {
status_codes = [403, 404, 500, 502]
}
member {
origin_id = "primaryS3"
}
member {
origin_id = "failoverS3"
}
}
# Primary Origin
origin {
domain_name = "${aws_s3_bucket.primary.bucket_regional_domain_name}"
origin_id = "primaryS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
# Secondary Origin
origin {
domain_name = "${aws_s3_bucket.failover.bucket_regional_domain_name}"
origin_id = "failoverS3"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}"
}
}
default_cache_behavior {
# Important, use the failover group instead of the primary origin.
target_origin_id = "groupS3"
}
}