3개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hello.
Although it is not visible in the image, the reason why resource creation failed may be listed in the "Status reason" column.
Could you please share the "Status reason" column?
0
Thanks for the reply.
I deployed using the same template in my environment and saw the same error.
The cause of the error is unknown, but OAI itself is an old control method, so I used OAC to control it, and the deployment was successful.
The change should be made around line 227 to the following template.
FrontEndBucketPolicy:
Condition: DeployCloudFront
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref FrontEndBucket
PolicyDocument:
Statement:
- Action: s3:GetObject
Effect: Allow
Resource: !Sub ${FrontEndBucket.Arn}/*
Principal:
Service: cloudfront.amazonaws.com
Condition:
StringEquals:
AWS:SourceArn: !Sub arn:aws:cloudfront::${AWS::AccountId}:distribution/${CloudfrontDistribution}
CloudFrontOriginAccessControl:
Condition: DeployCloudFront
Type: AWS::CloudFront::OriginAccessControl
Properties:
OriginAccessControlConfig:
Description: Default Origin Access Control
Name: !Ref AWS::StackName
OriginAccessControlOriginType: s3
SigningBehavior: always
SigningProtocol: sigv4
CloudfrontDistribution:
Condition: DeployCloudFront
DependsOn: CloudFrontFunction
Type: AWS::CloudFront::Distribution
Properties:
Tags:
-
Key: application
Value: !Ref Application
-
Key: environment
Value: !Ref Environment
-
Key: Name
Value: !Sub ${Application}-${Environment}-CloudFrontDistribution
DistributionConfig:
WebACLId:
!If
- DeployWAF
- !GetAtt WAFFEStack.Outputs.WAFFEACLArn
- !Ref 'AWS::NoValue'
Enabled: true
PriceClass: 'PriceClass_100'
DefaultRootObject: 'index.html'
ViewerCertificate:
CloudFrontDefaultCertificate: true
MinimumProtocolVersion: TLSv1.2_2018
CustomErrorResponses:
- ErrorCachingMinTTL: 300
ErrorCode: 403
ResponseCode: 200
ResponsePagePath: '/index.html'
HttpVersion: http2
DefaultCacheBehavior:
AllowedMethods:
- HEAD
- DELETE
- POST
- GET
- OPTIONS
- PUT
- PATCH
ForwardedValues:
QueryString: false
TargetOriginId: !Sub S3-${FrontEndBucket}
ViewerProtocolPolicy: redirect-to-https
FunctionAssociations:
- EventType: viewer-response
FunctionARN: !GetAtt CloudFrontFunction.FunctionMetadata.FunctionARN
IPV6Enabled: true
Logging:
Bucket: !GetAtt AccessLoggingBucket.DomainName
Origins:
- DomainName: !GetAtt FrontEndBucket.DomainName
Id: !Sub S3-${FrontEndBucket}
S3OriginConfig:
OriginAccessIdentity: ''
OriginAccessControlId: !GetAtt CloudFrontOriginAccessControl.Id
Metadata:
cfn_nag:
rules_to_suppress:
- id: W70
reason: "It is already TLSv1.2_2018"
Thank you.