-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy path6-optional-preprod-cfront.tf_
138 lines (115 loc) · 3.9 KB
/
6-optional-preprod-cfront.tf_
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
#
# Copyright Amazon.com, Inc. and its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT
#
# Licensed under the MIT License. See the LICENSE accompanying this file
# for the specific language governing permissions and limitations under
# the License.
#
resource "aws_cloudfront_origin_access_identity" "preprod_origin_access_identity" {
provider = aws.preprod
comment = "waf poc"
}
#virginia for Cfront protected resources
resource "aws_cloudfront_distribution" "preprod" {
provider = aws.preprod
default_root_object = var.default_root_object
enabled = true
is_ipv6_enabled = var.is_ipv6_enabled
price_class = var.price_class
retain_on_delete = var.retain_on_delete
wait_for_deployment = var.wait_for_deployment
#web_acl_id = var.web_acl_id
/* dynamic "logging_config" {
for_each = length(keys(var.logging_config)) == 0 ? [] : [var.logging_config]
content {
bucket = logging_config.value["bucket"]
prefix = lookup(logging_config.value, "prefix", null)
include_cookies = lookup(logging_config.value, "include_cookies", null)
}
} */
origin {
domain_name = aws_s3_bucket.preprod_web.bucket_regional_domain_name
origin_id = "primaryS3"
#origin_path = lookup(origin.value, "origin_path", "")
s3_origin_config {
origin_access_identity = aws_cloudfront_origin_access_identity.preprod_origin_access_identity.cloudfront_access_identity_path
}
/* dynamic "custom_origin_config" {
for_each = length(lookup(origin.value, "custom_origin_config", "")) == 0 ? [] : [lookup(origin.value, "custom_origin_config", "")]
content {
http_port = custom_origin_config.value.http_port
https_port = custom_origin_config.value.https_port
origin_protocol_policy = custom_origin_config.value.origin_protocol_policy
origin_ssl_protocols = custom_origin_config.value.origin_ssl_protocols
origin_keepalive_timeout = lookup(custom_origin_config.value, "origin_keepalive_timeout", null)
origin_read_timeout = lookup(custom_origin_config.value, "origin_read_timeout", null)
}
} */
/* dynamic "custom_header" {
for_each = lookup(origin.value, "custom_header", [])
content {
name = custom_header.value.name
value = custom_header.value.value
}
} */
}
default_cache_behavior {
target_origin_id = "primaryS3"
viewer_protocol_policy = "allow-all"
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
#compress = true
#field_level_encryption_id = lookup(i.value, "field_level_encryption_id", null)
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
ordered_cache_behavior {
path_pattern = "/content/immutable/*"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = "primaryS3"
forwarded_values {
query_string = false
headers = ["Origin"]
cookies {
forward = "none"
}
}
min_ttl = 0
default_ttl = 86400
max_ttl = 31536000
compress = true
viewer_protocol_policy = "redirect-to-https"
}
viewer_certificate {
cloudfront_default_certificate = true
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
tags = merge(
{
"Name" = format("%s", "CloudFront ${var.environment}")
},
{
"Environment" = format("%s", var.environment)
},
local.cfront_tags,
local.common_tags,
)
lifecycle {
ignore_changes = [
web_acl_id,
]
}
}