junte/Model
1
0
Fork 0
mirror of https://github.com/Hestia-Homes/Model.git synced 2026-06-08 11:17:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Model/infrastructure/terraform/modules/cloudfront/main.tf

192 lines
No EOL
4.3 KiB
HCL
Raw Blame History

resource "aws_cloudfront_cache_policy" "api" {
name = "api-no-cache"
default_ttl = 0
max_ttl = 0
min_ttl = 0
parameters_in_cache_key_and_forwarded_to_origin {
cookies_config {
cookie_behavior = "none"
}
headers_config {
header_behavior = "none"
}
query_strings_config {
query_string_behavior = "none"
}
}
}
resource "aws_cloudfront_origin_request_policy" "api" {
name = "api-forward-all"
headers_config {
header_behavior = "allViewer"
}
query_strings_config {
query_string_behavior = "all"
}
cookies_config {
cookie_behavior = "all"
}
}
############################################
# CloudFront Distribution
############################################
resource "aws_cloudfront_distribution" "this" {
##########################################
# Origins
##########################################
dynamic "origin" {
for_each = { for o in var.origins : o.origin_id => o }
content {
domain_name = origin.value.origin_domain_name
origin_id = origin.value.origin_id
######################################
# S3 Origin
######################################
dynamic "s3_origin_config" {
for_each = origin.value.origin_type == "s3" ? [1] : []
content {
origin_access_identity = aws_cloudfront_origin_access_identity.oai[origin.key].cloudfront_access_identity_path
}
}
######################################
# API Gateway Origin
######################################
dynamic "custom_origin_config" {
for_each = origin.value.origin_type == "api" ? [1] : []
content {
http_port = 80
https_port = 443
origin_protocol_policy = "https-only"
origin_ssl_protocols = ["TLSv1.2"]
}
}
}
}
enabled = true
aliases = var.aliases
##########################################
# Default Cache Behavior (S3)
##########################################
default_cache_behavior {
target_origin_id = "s3-origin"
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
compress = true
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
##########################################
# API Behavior
##########################################
ordered_cache_behavior {
path_pattern = "/v1/*"
target_origin_id = "api-origin"
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["GET","HEAD","OPTIONS","PUT","POST","PATCH","DELETE"]
cached_methods = ["GET","HEAD"]
cache_policy_id = aws_cloudfront_cache_policy.api.id
origin_request_policy_id = aws_cloudfront_origin_request_policy.api.id
min_ttl = 0
default_ttl = 0
max_ttl = 0
}
price_class = "PriceClass_All"
##########################################
# Geo Restrictions
##########################################
restrictions {
geo_restriction {
restriction_type = "none"
}
}
##########################################
# SSL Certificate
##########################################
viewer_certificate {
cloudfront_default_certificate = true
}
}
############################################
# Origin Access Identities (S3 only)
############################################
resource "aws_cloudfront_origin_access_identity" "oai" {
for_each = {
for o in var.origins : o.origin_id => o
if o.origin_type == "s3"
}
comment = "OAI for ${each.key}"
}
############################################
# S3 Bucket Policy (S3 only)
############################################
resource "aws_s3_bucket_policy" "bucket_policy" {
for_each = {
for o in var.origins : o.origin_id => o
if o.origin_type == "s3"
}
bucket = each.value.bucket_id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Principal = {
AWS = aws_cloudfront_origin_access_identity.oai[each.key].iam_arn
}
Action = "s3:GetObject"
Resource = "${each.value.bucket_arn}/*"
}
]
})
}
Reference in a new issue View git blame Copy permalink