-
Notifications
You must be signed in to change notification settings - Fork 5
/
cdn.tf
102 lines (86 loc) · 2.49 KB
/
cdn.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
resource "aws_cloudfront_distribution" "www_distribution" {
origin {
custom_origin_config {
// These are all the defaults.
http_port = "80"
https_port = "443"
origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1.2"]
}
domain_name = "${aws_s3_bucket.www.website_endpoint}"
origin_id = "${var.www_domain}"
}
is_ipv6_enabled = true
enabled = true
default_root_object = "index.html"
default_cache_behavior {
viewer_protocol_policy = "redirect-to-https"
compress = true
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
// This needs to match the `origin_id` above.
target_origin_id = "${var.www_domain}"
min_ttl = 0
default_ttl = 300
max_ttl = 3600
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
aliases = ["${var.www_domain}"]
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
acm_certificate_arn = "${aws_acm_certificate_validation.cert.certificate_arn}"
ssl_support_method = "sni-only"
minimum_protocol_version = "TLSv1.2_2018"
}
}
resource "aws_cloudfront_distribution" "non-www_distribution" {
origin {
custom_origin_config {
http_port = "80"
https_port = "443"
origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1.2"]
}
domain_name = "${aws_s3_bucket.non-www.website_endpoint}"
origin_id = "${var.root_domain}"
}
is_ipv6_enabled = true
enabled = true
default_root_object = "index.html"
default_cache_behavior {
viewer_protocol_policy = "redirect-to-https"
compress = true
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "${var.root_domain}"
min_ttl = 0
default_ttl = 300
max_ttl = 3600
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
aliases = ["${var.root_domain}"]
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
acm_certificate_arn = "${aws_acm_certificate.certificate.arn}"
ssl_support_method = "sni-only"
minimum_protocol_version = "TLSv1.2_2018"
}
}