forked from grahamgilbert/terraform-aws-munki-repo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cloudfront.tf
136 lines (110 loc) · 3.89 KB
/
cloudfront.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
resource "aws_cloudfront_distribution" "www_distribution" {
origin {
// Here we're using our S3 bucket's URL!
domain_name = aws_s3_bucket.www.bucket_regional_domain_name
// This can be any name to identify this origin.
origin_id = "munki"
s3_origin_config {
origin_access_identity = aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path
}
}
enabled = true
default_root_object = "index.html"
price_class = var.price_class
// All values are defaults from the AWS console.
default_cache_behavior {
lambda_function_association {
event_type = "viewer-request"
lambda_arn = "${aws_lambda_function.basic_auth_lambda.arn}:${aws_lambda_function.basic_auth_lambda.version}"
}
viewer_protocol_policy = "redirect-to-https"
compress = true
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
// This needs to match the `origin_id` above.
target_origin_id = "munki"
min_ttl = var.default_cache_behavior_min_ttl
default_ttl = var.default_cache_behavior_default_ttl
max_ttl = var.default_cache_behavior_max_ttl
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
ordered_cache_behavior {
path_pattern = "/catalogs/*"
lambda_function_association {
event_type = "viewer-request"
lambda_arn = "${aws_lambda_function.basic_auth_lambda.arn}:${aws_lambda_function.basic_auth_lambda.version}"
}
viewer_protocol_policy = "redirect-to-https"
compress = true
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
min_ttl = var.catalogs_ordered_cache_behavior_min_ttl
default_ttl = var.catalogs_ordered_cache_behavior_default_ttl
max_ttl = var.catalogs_ordered_cache_behavior_max_ttl
target_origin_id = "munki"
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
ordered_cache_behavior {
path_pattern = "/manifests/*"
lambda_function_association {
event_type = "viewer-request"
lambda_arn = "${aws_lambda_function.basic_auth_lambda.arn}:${aws_lambda_function.basic_auth_lambda.version}"
}
viewer_protocol_policy = "redirect-to-https"
compress = true
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
min_ttl = var.manifests_ordered_cache_behavior_min_ttl
default_ttl = var.manifests_ordered_cache_behavior_default_ttl
max_ttl = var.manifests_ordered_cache_behavior_max_ttl
target_origin_id = "munki"
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
ordered_cache_behavior {
path_pattern = "/icons/*"
lambda_function_association {
event_type = "viewer-request"
lambda_arn = "${aws_lambda_function.basic_auth_lambda.arn}:${aws_lambda_function.basic_auth_lambda.version}"
}
viewer_protocol_policy = "redirect-to-https"
compress = true
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
min_ttl = var.icons_ordered_cache_behavior_min_ttl
default_ttl = var.icons_ordered_cache_behavior_default_ttl
max_ttl = var.icons_ordered_cache_behavior_max_ttl
target_origin_id = "munki"
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
cloudfront_default_certificate = true
}
}
resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
comment = "Some comment"
}