-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcf.tf
138 lines (111 loc) · 4.58 KB
/
cf.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
resource "aws_cloudfront_origin_access_identity" "access_id" {
comment = "Created to facilitate CF access to ${var.primary_fqdn} and the corresponding bucket."
}
resource "aws_cloudfront_distribution" "web_distro" {
enabled = true
is_ipv6_enabled = true
default_root_object = var.default_root_object
aliases = var.origins
web_acl_id = var.waf_web_acl_arn
origin {
domain_name = aws_s3_bucket.web.bucket_regional_domain_name
origin_id = var.s3_origin_id
s3_origin_config {
origin_access_identity = aws_cloudfront_origin_access_identity.access_id.cloudfront_access_identity_path
}
}
viewer_certificate {
acm_certificate_arn = var.cert_arn
ssl_support_method = "sni-only"
}
default_cache_behavior {
allowed_methods = var.default_cache_behavior.allowed_methods
cached_methods = var.default_cache_behavior.cached_methods
target_origin_id = var.s3_origin_id
viewer_protocol_policy = var.default_cache_behavior.viewer_protocol_policy
forwarded_values {
query_string = var.default_cache_behavior.forward_query_strings
headers = var.default_cache_behavior.forward_headers
cookies {
forward = var.default_cache_behavior.forward_cookies
whitelisted_names = var.default_cache_behavior.whitelisted_cookie_names
}
}
dynamic "lambda_function_association" {
for_each = var.default_cache_behavior.lambda_function_associations
content {
event_type = lambda_function_association.value.event_type
include_body = lambda_function_association.value.include_body
lambda_arn = lambda_function_association.value.lambda_arn
}
}
dynamic "function_association" {
for_each = var.default_cache_behavior.function_associations
content {
event_type = function_association.value.event_type
function_arn = function_association.value.function_arn
}
}
min_ttl = var.default_cache_behavior.min_ttl
default_ttl = var.default_cache_behavior.default_ttl
max_ttl = var.default_cache_behavior.max_ttl
compress = var.default_cache_behavior.compress
}
dynamic "ordered_cache_behavior" {
for_each = var.ordered_cache_behaviors
content {
path_pattern = ordered_cache_behavior.value.path_pattern
allowed_methods = ordered_cache_behavior.value.allowed_methods
cached_methods = ordered_cache_behavior.value.cached_methods
target_origin_id = var.s3_origin_id
viewer_protocol_policy = ordered_cache_behavior.value.viewer_protocol_policy
forwarded_values {
query_string = ordered_cache_behavior.value.forward_query_strings
headers = ordered_cache_behavior.value.forward_headers
cookies {
forward = ordered_cache_behavior.value.forward_cookies
whitelisted_names = ordered_cache_behavior.value.whitelisted_cookie_names
}
}
dynamic "lambda_function_association" {
for_each = ordered_cache_behavior.value.lambda_function_associations
content {
event_type = lambda_function_association.value.event_type
include_body = lambda_function_association.value.include_body
lambda_arn = lambda_function_association.value.lambda_arn
}
}
dynamic "function_association" {
for_each = ordered_cache_behavior.value.function_associations
content {
event_type = function_association.value.event_type
function_arn = function_association.value.function_arn
}
}
min_ttl = ordered_cache_behavior.value.min_ttl
default_ttl = ordered_cache_behavior.value.default_ttl
max_ttl = ordered_cache_behavior.value.max_ttl
compress = ordered_cache_behavior.value.compress
}
}
dynamic "custom_error_response" {
for_each = [for c in var.custom_error_responses : {
error_caching_min_ttl = c.error_caching_min_ttl
error_code = c.error_code
response_code = c.response_code
response_page_path = c.response_page_path
}]
content {
error_caching_min_ttl = custom_error_response.value.error_caching_min_ttl
error_code = custom_error_response.value.error_code
response_code = custom_error_response.value.response_code
response_page_path = custom_error_response.value.response_page_path
}
}
restrictions {
geo_restriction {
restriction_type = var.restriction_type
locations = var.restriction_locations
}
}
}