100 lines
2.6 KiB
Terraform
100 lines
2.6 KiB
Terraform
|
data "aws_iam_policy_document" "bucket_access_policy" {
|
||
|
statement {
|
||
|
actions = [ "s3:GetObject" ]
|
||
|
effect = "Allow"
|
||
|
resources = [ "${var.artifact_bucket.arn}/${var.environment}/webroot/*" ]
|
||
|
|
||
|
principals {
|
||
|
type = "AWS"
|
||
|
identifiers = [ aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn ]
|
||
|
}
|
||
|
}
|
||
|
|
||
|
statement {
|
||
|
actions = [ "s3:ListBucket" ]
|
||
|
effect = "Allow"
|
||
|
resources = [ var.artifact_bucket.arn ]
|
||
|
|
||
|
principals {
|
||
|
type = "AWS"
|
||
|
identifiers = [ aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn ]
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
output "oai_access_policy" {
|
||
|
value = data.aws_iam_policy_document.bucket_access_policy
|
||
|
}
|
||
|
|
||
|
resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
|
||
|
comment = "OAI for HFF Entry Forms {$var.environment} environment."
|
||
|
}
|
||
|
|
||
|
resource "aws_cloudfront_distribution" "s3_distribution" {
|
||
|
origin {
|
||
|
domain_name = var.artifact_bucket.bucket_regional_domain_name
|
||
|
origin_id = "S3-HffEntryForms-${var.environment}"
|
||
|
origin_path = "/${var.environment}/webroot"
|
||
|
|
||
|
s3_origin_config {
|
||
|
origin_access_identity = aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path
|
||
|
}
|
||
|
}
|
||
|
|
||
|
enabled = true
|
||
|
is_ipv6_enabled = true
|
||
|
comment = "HFF Entry Forms ${var.environment} distribution."
|
||
|
default_root_object = "/index.html"
|
||
|
|
||
|
logging_config {
|
||
|
include_cookies = false
|
||
|
bucket = var.artifact_bucket.bucket_domain_name
|
||
|
prefix = "${var.environment}/logs/cloudfront"
|
||
|
}
|
||
|
|
||
|
aliases = [local.app_domain_name]
|
||
|
|
||
|
default_cache_behavior {
|
||
|
allowed_methods = ["GET", "HEAD", "OPTIONS"]
|
||
|
cached_methods = ["GET", "HEAD", "OPTIONS"]
|
||
|
target_origin_id = "S3-HffEntryForms-${var.environment}"
|
||
|
|
||
|
forwarded_values {
|
||
|
query_string = false
|
||
|
|
||
|
cookies {
|
||
|
forward = "none"
|
||
|
}
|
||
|
}
|
||
|
|
||
|
min_ttl = 0
|
||
|
default_ttl = 60 * 60 * 24 * 365 # cache for a year
|
||
|
max_ttl = 60 * 60 * 24 * 365 # cache for a year
|
||
|
compress = true
|
||
|
viewer_protocol_policy = "redirect-to-https"
|
||
|
}
|
||
|
|
||
|
custom_error_response {
|
||
|
error_code = 404
|
||
|
response_code = 200
|
||
|
response_page_path = "/index.html"
|
||
|
}
|
||
|
|
||
|
price_class = "PriceClass_100" # US and Canada only
|
||
|
|
||
|
restrictions {
|
||
|
geo_restriction {
|
||
|
restriction_type = "none"
|
||
|
}
|
||
|
}
|
||
|
tags = {
|
||
|
Environment = local.environment_name
|
||
|
}
|
||
|
|
||
|
viewer_certificate {
|
||
|
# TODO
|
||
|
acm_certificate_arn = var.cloudfront_certificate_arn
|
||
|
ssl_support_method = "sni-only"
|
||
|
}
|
||
|
}
|