65 lines
1.4 KiB
HCL
65 lines
1.4 KiB
HCL
resource "aws_cloudfront_distribution" "s3_distribution" {
|
|
origin {
|
|
domain_name = var.bucket_domain_name
|
|
origin_id = "S3-${var.bucket_name}"
|
|
|
|
s3_origin_config {
|
|
origin_access_identity = aws_cloudfront_origin_access_identity.oai.cloudfront_access_identity_path
|
|
}
|
|
}
|
|
|
|
enabled = true
|
|
|
|
default_cache_behavior {
|
|
allowed_methods = ["GET", "HEAD"]
|
|
cached_methods = ["GET", "HEAD"]
|
|
target_origin_id = "S3-${var.bucket_name}"
|
|
viewer_protocol_policy = "redirect-to-https"
|
|
compress = true
|
|
|
|
forwarded_values {
|
|
query_string = false
|
|
cookies {
|
|
forward = "none"
|
|
}
|
|
}
|
|
|
|
min_ttl = 0
|
|
default_ttl = 86400
|
|
max_ttl = 31536000
|
|
}
|
|
|
|
price_class = "PriceClass_All"
|
|
|
|
restrictions {
|
|
geo_restriction {
|
|
restriction_type = "none"
|
|
}
|
|
}
|
|
|
|
viewer_certificate {
|
|
cloudfront_default_certificate = true
|
|
}
|
|
}
|
|
|
|
resource "aws_cloudfront_origin_access_identity" "oai" {
|
|
comment = "OAI for ${var.bucket_name}"
|
|
}
|
|
|
|
resource "aws_s3_bucket_policy" "bucket_policy" {
|
|
bucket = var.bucket_id
|
|
|
|
policy = jsonencode({
|
|
Version = "2012-10-17"
|
|
Statement = [
|
|
{
|
|
Effect = "Allow"
|
|
Principal = {
|
|
AWS = "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${aws_cloudfront_origin_access_identity.oai.id}"
|
|
}
|
|
Action = "s3:GetObject"
|
|
Resource = "${var.bucket_arn}/*"
|
|
},
|
|
]
|
|
})
|
|
}
|