forked from magenx/Magento-2-aws-cluster-terraform
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudfront.tf
92 lines (70 loc) · 2.69 KB
/
cloudfront.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
////////////////////////////////////////////////////////[ CLOUDFRONT ]////////////////////////////////////////////////////
# # ---------------------------------------------------------------------------------------------------------------------#
# Create CloudFront distribution with S3 origin
# # ---------------------------------------------------------------------------------------------------------------------#
resource "aws_cloudfront_origin_access_identity" "this" {
comment = "CloudFront origin access identity"
}
resource "aws_cloudfront_distribution" "this" {
enabled = true
is_ipv6_enabled = true
web_acl_id = aws_wafv2_web_acl.this.arn
price_class = "PriceClass_100"
comment = "${var.app["domain"]} assets"
origin {
domain_name = aws_s3_bucket.this["media"].bucket_regional_domain_name
origin_id = "${var.app["domain"]}-media-assets"
s3_origin_config {
origin_access_identity = aws_cloudfront_origin_access_identity.this.cloudfront_access_identity_path
}
custom_header {
name = "X-Magenx-Header"
value = random_uuid.this.result
}
}
default_cache_behavior {
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "${var.app["domain"]}-media-assets"
origin_request_policy_id = data.aws_cloudfront_origin_request_policy.s3.id
cache_policy_id = data.aws_cloudfront_cache_policy.s3.id
viewer_protocol_policy = "https-only"
}
origin {
domain_name = var.app["domain"]
origin_id = "${var.app["domain"]}-static-assets"
custom_origin_config {
http_port = 80
https_port = 443
origin_protocol_policy = "https-only"
origin_ssl_protocols = ["TLSv1.2"]
}
}
ordered_cache_behavior {
path_pattern = "/static/*"
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "${var.app["domain"]}-static-assets"
origin_request_policy_id = data.aws_cloudfront_origin_request_policy.custom.id
cache_policy_id = data.aws_cloudfront_cache_policy.custom.id
viewer_protocol_policy = "https-only"
compress = true
}
logging_config {
include_cookies = false
bucket = aws_s3_bucket.this["system"].bucket_domain_name
prefix = "${local.project}-cloudfront-logs"
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
cloudfront_default_certificate = true
minimum_protocol_version = "TLSv1.2_2021"
}
tags = {
Name = "${local.project}-cloudfront"
}
}