-
Notifications
You must be signed in to change notification settings - Fork 0
/
cloudfront.tf
61 lines (49 loc) · 1.65 KB
/
cloudfront.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
resource "aws_cloudfront_distribution" "www_distribution" {
origin {
// Here we're using our S3 bucket's URL!
domain_name = "${aws_s3_bucket.www.bucket_regional_domain_name}"
// This can be any name to identify this origin.
origin_id = "${var.root_domain_name}"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
}
}
enabled = true
default_root_object = "index.html"
price_class = "PriceClass_100"
// All values are defaults from the AWS console.
default_cache_behavior {
lambda_function_association {
event_type = "viewer-request"
lambda_arn = "${aws_lambda_function.redirect_lambda.arn}:${aws_lambda_function.redirect_lambda.version}"
}
viewer_protocol_policy = "redirect-to-https"
compress = true
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
// This needs to match the `origin_id` above.
target_origin_id = "${var.root_domain_name}"
min_ttl = 0
default_ttl = 1800
max_ttl = 3600
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
aliases = ["${var.root_domain_name}", "${var.www_domain_name}"]
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
acm_certificate_arn = "${aws_acm_certificate_validation.cert.certificate_arn}"
ssl_support_method = "sni-only"
}
}
resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
comment = "Some comment"
}