blob: 607cb29de360bd9393d653a17754a4ada266a039 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
resource "aws_cloudfront_distribution" "main" {
aliases = [var.s3_cloudfront_name]
enabled = true
http_version = "http2and3"
is_ipv6_enabled = true
price_class = "PriceClass_All"
retain_on_delete = true
wait_for_deployment = false
default_cache_behavior {
target_origin_id = aws_s3_bucket.static.bucket_regional_domain_name
compress = true
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
cache_policy_id = data.aws_cloudfront_cache_policy.managed["CachingOptimized"].id
origin_request_policy_id = data.aws_cloudfront_origin_request_policy.managed["CORS-S3Origin"].id
}
origin {
origin_id = aws_s3_bucket.static.bucket_regional_domain_name
domain_name = aws_s3_bucket.static.bucket_regional_domain_name
origin_access_control_id = aws_cloudfront_origin_access_control.main.id
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
acm_certificate_arn = aws_acm_certificate_validation.us-east-1.certificate_arn
minimum_protocol_version = "TLSv1.2_2021"
ssl_support_method = "sni-only"
}
}
resource "aws_cloudfront_origin_access_control" "main" {
name = var.s3_cloudfront_name
description = var.s3_cloudfront_name
origin_access_control_origin_type = "s3"
signing_behavior = "always"
signing_protocol = "sigv4"
}
# Managed policies
locals {
managed_cache_policies = [
"Amplify",
"CachingDisabled",
"CachingOptimized",
"CachingOptimizedForUncompressedObjects",
"Elemental-MediaPackage",
]
managed_origin_request_policies = [
"AllViewer",
"CORS-CustomOrigin",
"CORS-S3Origin",
"Elemental-MediaTailor-PersonalizedManifests",
"UserAgentRefererHeaders",
]
}
data "aws_cloudfront_cache_policy" "managed" {
for_each = toset(local.managed_cache_policies)
name = "Managed-${each.key}"
}
data "aws_cloudfront_origin_request_policy" "managed" {
for_each = toset(local.managed_origin_request_policies)
name = "Managed-${each.key}"
}
|