joeac/joeac.net
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
283495ce22f526747fcd9681e969e9d24be08a64
joeac.net/infrastructure/cloudfront.tf
Joe Carstairs 86450b3dd8 Infrastructure as code (#3) 
* Moves website to website/

* Adds terraform gitignores

* Terraform with AWS provider

* Initialises Terraform

* Locals and variables for provider

* Fetches SSL certificate from ACM

* S3 static website bucket

* CloudFront distribution

* Route53 records

* Deployment workflow uses secret S3 bucket suffix

* Adds README

---------

Co-authored-by: Joe Carstairs <65492573+Sycamost@users.noreply.github.com>
2024-05-05 21:00:40 +01:00

60 lines
1.6 KiB
HCL
Raw Blame History

resource "aws_cloudfront_distribution" "joeac" {
enabled = true
is_ipv6_enabled = true
default_root_object = "index.html"
price_class = "PriceClass_100"
aliases = ["joeac.net"]
origin {
domain_name = aws_s3_bucket_website_configuration.website.website_endpoint
origin_id = local.website_origin_id
custom_origin_config {
http_port = 80
https_port = 443
origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
}
}
default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = local.website_origin_id
cache_policy_id = data.aws_cloudfront_cache_policy.caching_optimized.id
viewer_protocol_policy = "redirect-to-https"
}
restrictions {
geo_restriction {
restriction_type = "none"
locations = []
}
}
viewer_certificate {
acm_certificate_arn = data.aws_acm_certificate.joeac_ssl_certificate.arn
ssl_support_method = "sni-only"
minimum_protocol_version = "TLSv1.2_2021"
}
depends_on = [aws_cloudfront_origin_access_control.website]
}
resource "aws_cloudfront_origin_access_control" "website" {
name = "website"
origin_access_control_origin_type = "s3"
signing_behavior = "always"
signing_protocol = "sigv4"
}
data "aws_cloudfront_cache_policy" "caching_optimized" {
name = "Managed-CachingOptimized"
}
locals {
website_origin_id = "website"
}
Reference in New Issue View Git Blame Copy Permalink