Stay up to date with the latest from the Knowledge Center. See all new and updated Knowledge Center articles published in the last month and re:Post’s top contributors.
How do I resolve the "One or more of your origins or origin groups do not exist" error in CloudFormation?
When I try to use AWS CloudFormation to update an AWS::CloudFront::Distribution resource, I receive the following error: "One or more of your origins or origin groups do not exist."
Resolution
The TargetOriginId of CacheBehavior or DefaultCacheBehavior must match an Id from the Origin or OriginGroups property in the AWS::CloudFront::Distribution resource. If the IDs don't match, then you receive the origins or origin groups do not exist error.
This error occurs when you set the TargetOriginId of an origin that doesn't exist or that you created outside of CloudFormation. On an update operation, CloudFormation deletes all origins and origin groups in the distribution that you created outside of CloudFormation. If you're using the origin or origin group when CloudFormation tries to delete it, then you receive the error.
Note: It's a best practice not to modify stack resources outside of CloudFormation. Modifications outside of CloudFormation can create a mismatch between your stack's template and the current state of your stack resources.
To resolve this issue, complete the following steps:
- Open the AWS::CloudFront::Distribution resource in the CloudFormation template.
- Make sure that each TargetOriginId matches the ID of one of the origins or origin groups that's defined in the Origins or OriginGroups properties. If the ID doesn't match, then enter the correct origin ID as a parameter for DefaultCacheBehavior or CacheBehavior.
In the following example template snippets, DefaultCacheBehavior defines and uses a CloudFront distribution with a single origin. Also, the origin uses an origin access identity (OAI) for authentication, and the origin is Amazon Simple Storage Service (Amazon S3).
JSON example:
YAML example:{ "AWSTemplateFormatVersion": "2010-09-09T00:00:00.000Z", "Resources": { "cloudfrontdistribution": { "Type": "AWS::CloudFront::Distribution", "Properties": { "DistributionConfig": { "DefaultCacheBehavior": { "ViewerProtocolPolicy": "https-only", "DefaultTTL": 3600, "ForwardedValues": { "Cookies": { "Forward": "none" }, "QueryString": true }, "TargetOriginId": "my-s3-origin" }, "Enabled": true, "Origins": [ { "DomainName": "my-s3-bucket.s3.amazonaws.com", "Id": "my-s3-origin", "S3OriginConfig": { "OriginAccessIdentity": { "Fn::Sub": "origin-access-identity/cloudfront/${CloudFrontOriginAccessIdentity}" } }, "OriginPath": "/my-content" } ] } } }, "CloudFrontOriginAccessIdentity": { "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity", "Properties": { "CloudFrontOriginAccessIdentityConfig": { "Comment": { "Ref": "AWS::StackName" } } } } } }
Note: In the preceding examples, replace my-s3-origin with your origin ID, my-s3-bucket.s3.amazonaws.com with your domain name, and /my-content with your origin path.AWSTemplateFormatVersion: 2010-09-09 Resources: cloudfrontdistribution: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: DefaultCacheBehavior: ViewerProtocolPolicy: https-only DefaultTTL: 3600 ForwardedValues: Cookies: Forward: none QueryString: true TargetOriginId: my-s3-origin Enabled: true Origins: - DomainName: 'my-s3-bucket.s3.amazonaws.com' Id: my-s3-origin S3OriginConfig: OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${CloudFrontOriginAccessIdentity} OriginPath: /my-content CloudFrontOriginAccessIdentity: Type: AWS::CloudFront::CloudFrontOriginAccessIdentity Properties: CloudFrontOriginAccessIdentityConfig: Comment: !Sub ${AWS::StackName} - Test your CloudFront distribution to verify that your CloudFormation stack is created or updated.
Related information
Use various origins with CloudFront distributions
Relevant content
- asked 9 months ago
- asked 2 years ago
- asked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
