Error error creating CloudFront Distribution InvalidViewerCertificate To add an alternate domain name CNAME to a CloudFront distribution you must attach a trusted certificate

0 votes

Hi Guys,

I am trying to deploy one project to the S3 bucket using Terraform. But it is showing me the below error.

Error: error creating CloudFront Distribution: InvalidViewerCertificate: To add an alternate domain name (CNAME) to a CloudFront distribution, you must attach a trusted certificate that validates your authorization to use the domain name.

I am using the below code.

resource "aws_cloudfront_distribution" "cdn" {
  origin {
    origin_id   = var.domain
    domain_name = aws_s3_bucket.site.bucket_regional_domain_name
    custom_origin_config {
      http_port = 80
      https_port = 443
      origin_protocol_policy = "match-viewer"
      origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
    }
  }
  aliases = [var.domain]
  enabled             = true
  wait_for_deployment = false
  default_root_object = "index.html"
  custom_error_response {
      error_caching_min_ttl = 0
      error_code = 404
      response_code = 200
      response_page_path = "/index.html"
  }
  default_cache_behavior {
    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = var.domain
    forwarded_values {
      query_string = true
      cookies {
        forward = "none"
      }
    }
    viewer_protocol_policy = "allow-all"
    min_ttl                = 0
    default_ttl            = 3600
    max_ttl                = 86400
  }
  price_class = "PriceClass_100"
  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }
  viewer_certificate {
    cloudfront_default_certificate = true
  }
}
Sep 10, 2020 in Terraform by akhtar
• 38,170 points
375 views

1 answer to this question.

0 votes

Hi@akhtar,

If you want to use the default certificate you will not add alternate domain names to the CloudFront distribution, you will need to generate an SSL certificate using Amazon certificate manager. In other words, to make this work you need to comment out aliases = [var.domain] in the CloudFront config part.

answered Sep 10, 2020 by MD
• 95,160 points

Related Questions In Terraform

0 votes
1 answer

How to attach an EBS volume to EC2 instance using terraform?

Hi@akhtar, You can use aws_volume_attachment resource to attach ...READ MORE

answered Jun 12, 2020 in Terraform by MD
• 95,160 points
3,693 views
0 votes
1 answer
0 votes
1 answer

How to add a route for IGW in AWS using Terraform code?

Hi@akhtar, Terraform has one keyword named route. It allows ...READ MORE

answered Jul 22, 2020 in Terraform by MD
• 95,160 points
455 views
0 votes
1 answer
+1 vote
2 answers
0 votes
1 answer

An argument named "versioning" is not expected here. Did you mean to define a block of type "versioning"?

Hi@akhtar, The error is telling that you need ...READ MORE

answered Dec 1, 2020 in Terraform by MD
• 95,160 points
436 views