My problem
I am trying to build a personal CDN to share static file with my contacts. The design includes an S3 bucket, a CloudFront distribution and a subdomain registered via Route53, all configured using Terraform.
However, I can reach my files via S3 and Cloudfront, but not via my subdomain (cdn.adamatan.com).
What's working
S3
curl http://cdn.adamatan.com.s3.amazonaws.com/index.html
CloudFront
curl https://d36tl9ayobqfgg.cloudfront.net/index.html
What's broken
I can't get the files using the subdomain. Moreover, the nslookup for cdn.adamatan.com and adamatan.con do not work. I think that I've misconfigured Route53 somehow.
Configuration
Domain
Hosted Zone
Terraform configuration
variable "hosted_zone" {
default = "adamatan.com"
}
variable "domain" {
default = "cdn.adamatan.com"
}
variable "aws_region" {
default = "us-east-1"
}
provider "aws" {
region = "${var.aws_region}"
profile = "personal"
version = "~> 1.1"
}
/*
The S3 bucket storing the files. It must bear the same name as the domain
pointing to it. See https://gist.github.com/danihodovic/a51eb0d9d4b29649c2d094f4251827dd,
and http://stackoverflow.com/a/5048129/2966951
*/
resource "aws_s3_bucket" "adamatan_cdn_bucket" {
bucket = "${var.domain}"
acl = "public-read"
policy = <<EOF
{
"Version":"2008-10-17",
"Statement":[{
"Sid":"AllowPublicRead",
"Effect":"Allow",
"Principal": {"AWS": "*"},
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::${var.domain}/*"]
}]
}
EOF
tags {
Description = "Origin bucket for my personal CDN"
}
}
resource "aws_route53_zone" "cdn_zone" {
name = "${var.hosted_zone}"
}
resource "aws_route53_record" "root_domain" {
zone_id = "${aws_route53_zone.cdn_zone.zone_id}"
name = "${var.domain}"
type = "A"
alias {
name = "${aws_cloudfront_distribution.adamatan_cdn_distribution.domain_name}"
zone_id = "${aws_cloudfront_distribution.adamatan_cdn_distribution.hosted_zone_id}"
evaluate_target_health = false
}
}
resource "aws_cloudfront_distribution" "adamatan_cdn_distribution" {
origin {
domain_name = "${var.domain}.s3.amazonaws.com"
origin_id = "${var.domain}"
}
enabled = true
is_ipv6_enabled = true
comment = "Permanent public file distribution"
default_root_object = "index.html"
aliases = ["${var.domain}"]
default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "${var.domain}"
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
viewer_protocol_policy = "allow-all"
min_ttl = 60
default_ttl = 300
max_ttl = 86400
}
price_class = "PriceClass_All"
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
cloudfront_default_certificate = true
}
}
output "domain" {
value = "${var.domain}"
}
output "cdn_domain" {
value = "${aws_cloudfront_distribution.adamatan_cdn_distribution.domain_name}"
}
My question
How can I map my subdomain (cdn.adamatan.com) to my cloudfront distribution (d36tl9ayobqfgg.cloudfront.net) using Terraform (preferably with SSL support)?
Best Answer
In Amazon Hosted Zone you have different set of name servers than at your registrar.
None of the name servers above answers to
adamatan.com SOA&cdn.adamatan.com. These name servers don't have your domain configured at them, while the set of servers on your zone have:Go to the domain management on your Gandi account and change your name servers accordingly. The NS records at the parent (
.com) zone should match the ones in your own (adamatan.com).Keep in mind that the
TTLon both zones is172800seconds i.e. 48 hours. It may take up to two days for these changes to take effect.dig adamatan.com NS @a.gtld-servers.net.shows if they have been updated on the root name servers of.com, and that's when the count actually begins.