-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcloudfront.tf
130 lines (104 loc) · 3.33 KB
/
cloudfront.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
locals {
s3_origin_id = "linkifybio-origin"
s3_profile_images_origin_id = "linkifybio-profiles-images-origin"
}
resource "aws_s3_bucket_acl" "app_buket_acl" {
bucket = aws_s3_bucket.app_bucket.id
acl = "private"
}
resource "aws_s3_bucket_acl" "profile_pictures_buket_acl" {
bucket = aws_s3_bucket.profile_images_bucket.id
acl = "private"
}
resource "aws_cloudfront_distribution" "s3_distribution" {
origin {
domain_name = "${local.domain_name}.s3-website-us-east-1.amazonaws.com"
origin_id = local.s3_origin_id
custom_origin_config {
http_port = "80"
https_port = "443"
origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
}
}
enabled = true
is_ipv6_enabled = true
comment = "linkifybio.com cloudfront distribution"
default_root_object = "index.html"
custom_error_response {
error_code = 404
response_code = 200
response_page_path = "/index.html"
}
aliases = [local.domain_name, "www.${local.domain_name}"]
default_cache_behavior {
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
target_origin_id = local.s3_origin_id
forwarded_values {
query_string = true
cookies {
forward = "all"
}
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
price_class = "PriceClass_100"
restrictions {
geo_restriction {
locations = []
restriction_type = "none"
}
}
viewer_certificate {
cloudfront_default_certificate = false
acm_certificate_arn = aws_acm_certificate_validation.validation.certificate_arn
ssl_support_method = "sni-only"
}
}
resource "aws_cloudfront_distribution" "profile_images_s3_distribution" {
origin {
domain_name = aws_s3_bucket.profile_images_bucket.bucket_regional_domain_name
origin_id = local.s3_profile_images_origin_id
s3_origin_config {
origin_access_identity = aws_cloudfront_origin_access_identity.oai.cloudfront_access_identity_path
}
}
enabled = true
is_ipv6_enabled = true
comment = "Profile images linkifybio.com cloudfront distribution"
aliases = ["cdn.${local.domain_name}"]
default_cache_behavior {
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
target_origin_id = local.s3_profile_images_origin_id
forwarded_values {
query_string = true
cookies {
forward = "all"
}
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
price_class = "PriceClass_100"
restrictions {
geo_restriction {
locations = []
restriction_type = "none"
}
}
viewer_certificate {
cloudfront_default_certificate = false
acm_certificate_arn = aws_acm_certificate_validation.cdn_validation.certificate_arn
ssl_support_method = "sni-only"
}
}
resource "aws_cloudfront_origin_access_identity" "oai" {
comment = "OAI for profile_images_s3_distribution"
}