In my case, it’s very useful to output the S3 Arn and the Cloudfront CDN. For the CM, i download manually the .csv by AWS console because it’s ready for be sent to the provider for validation by DNS. After the validations, complete the Cloudfront settings adding the SSL Certificate and the CNAMEs (manually).
You can download the code by my GitHub
In the provider.tf there is an alias because the certificate must be created in Virginia to be recognized by Cloudfront
In the var_input.tf there are the tags for the resources, the Origin arn and Identity
In the var_output.tf i print the S3 Arn and the Cloudfront CDN
Now you can create the bucket.tf. The bucket policy is created for get the object by Origin
The Certificate Manager
Remember to send the CNAME to the provider and, after the validation, complete the Cloudfront settings adding the SSL Certificate and the CNAMEs.
AWS Certified Solutions Architect Official Study Guide: https://amzn.to/2HQ0UM4
AWS Certified Solutions Architect Associate Practice Tests: https://amzn.to/2T9APwz