forked from elastic/elasticsearch
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merged in dev/rich/add-media-manager-cdn-2021.02.25 (pull request ela…
…stic#65) This is the initial commit for the Media Manager CloudFront CDN * This is the inital commit for the Media Manager CloudFront CDN. We are using terraform to create a CloudFront CDN, with each sandbox S3 Bucket as an origin server for the CDN. It routes traffic to the origin server based on the URL path, so the S3 bucket will need to have the content in the /sandbox S3 folder. The terraform resource 'aws_cloudfront_distribution' includes a 'cf_create' var to determine if the CDN should be created, so this must be passed as true to create the CDN. Additionally, it includes a 'cf_enabled' var that must be true for the CDN to accept traffic. In the event both of these are true, it will add a tag 'MediaCDN' to the engageli instance, with the value of the CDN FQDN. The rc.local on the engageli instance has also been modified to get this tag, and if the tag exists will modify the 'storagebaseurl' in the media manager local.yml file, so when playing video clips the content will be served via the CDN. If the tag is not set, the 'storagebaseurl' will continue to point directly to the S3 bucket as it is today. modified: aws/ams-cluster-v1-tf/main.tf new file: aws/ams-cluster-v1-tf/media-manager.tf modified: aws/ams-cluster-v1-tf/variables.tf modified: instance-files/engageli/etc/rc.local * Added CDN DNS alias 'stack-name-cdn.domain' modified: aws/ams-cluster-v1-tf/main.tf modified: aws/ams-cluster-v1-tf/media-manager.tf modified: aws/ams-cluster-v1-tf/variables.tf * Implement workaround for terraform bug causing origin servers to be dropped and added on each apply. modified: aws/ams-cluster-v1-tf/media-manager.tf modified: aws/ams-cluster-v1-tf/variables.tf * additional fixup and todo's modified: media-manager.tf * Fixed case where CDN not created, to not create DNS for alias modified: aws/ams-cluster-v1-tf/main.tf modified: aws/ams-cluster-v1-tf/media-manager.tf * Changes to address review feedback. modified: aws/ams-cluster-v1-tf/main.tf modified: aws/ams-cluster-v1-tf/media-manager.tf modified: aws/ams-cluster-v1-tf/variables.tf * Merge branch 'master' of bitbucket.org:engageli/devops into dev/rich/add-media-manager-cdn-2021.02.25 modified: admin-tools/package-lock.json modified: admin-tools/package.json modified: aws/ams-cluster-v1-tf/main.tf modified: aws/ams-cluster-v1-tf/variables.tf modified: packer/tag_all.sh modified: provisioning/provision-dequeue.sh * Changed default for var.cf_cert_arn to production wildcard for *.p1.engageli-prod.com modified: aws/ams-cluster-v1-tf/variables.tf * fixed missing curly bracket after merge modified: aws/ams-cluster-v1-tf/variables.tf Approved-by: Gideon Avida
- Loading branch information
Rich Nessel
committed
Mar 2, 2021
1 parent
fef6230
commit 6aa3e65
Showing
4 changed files
with
167 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,107 @@ | ||
# TODO: move media-manager S3 resorces from main.tf | ||
|
||
resource "aws_cloudfront_distribution" "mm_cloudfront_cdn" { | ||
count = var.cf_create ? 1 : 0 | ||
comment = "Media Manager CDN for terraform stack: ${var.stack_name}" | ||
enabled = var.cf_enabled | ||
price_class = var.cf_price_class | ||
is_ipv6_enabled = false # TODO: Create DNS AAAA record to support ipv6 | ||
aliases = [trimsuffix("${var.stack_name}-cdn.${var.domain}", ".")] | ||
|
||
viewer_certificate { | ||
#cloudfront_default_certificate = true | ||
acm_certificate_arn = var.cf_cert_arn | ||
ssl_support_method = var.cf_ssl_support_method | ||
minimum_protocol_version = var.cf_minimum_protocol_version | ||
} | ||
|
||
dynamic "origin" { | ||
for_each = [for b in aws_s3_bucket.mm : { | ||
name = b.bucket_domain_name | ||
id = lookup(b.tags, "Sandbox", b.bucket) | ||
}] | ||
content { | ||
domain_name = origin.value.name | ||
origin_id = origin.value.id | ||
origin_path = "" | ||
# This section is a required setting, but terraform has a bug that causes it to drop and | ||
# recreate each origin server on all apply if origin_access_identity null. The workaround | ||
# is to remove, reference: https://github.com/hashicorp/terraform/issues/7930 | ||
# If we include a value for origin_access_identity, it prevents direct access to the S3 | ||
# bucket, so it forces all requests to use the CDN or they will fail. | ||
# s3_origin_config { | ||
# origin_access_identity = "" | ||
# } | ||
} | ||
} | ||
|
||
default_cache_behavior { | ||
allowed_methods = ["GET", "HEAD"] | ||
cached_methods = ["GET", "HEAD"] | ||
viewer_protocol_policy = "https-only" | ||
compress = true | ||
target_origin_id = element(var.sandboxes, 0) #TODO: Get from S3 Sandbox tag, not used anyway | ||
forwarded_values { | ||
query_string = false | ||
headers = ["Origin"] | ||
cookies { | ||
forward = "none" | ||
} | ||
} | ||
} | ||
|
||
dynamic "ordered_cache_behavior" { | ||
for_each = [for b in aws_s3_bucket.mm : { | ||
id = lookup(b.tags, "Sandbox", b.bucket) | ||
}] | ||
content { | ||
path_pattern = "${ordered_cache_behavior.value.id}/*" | ||
allowed_methods = ["GET", "HEAD"] | ||
cached_methods = ["GET", "HEAD"] | ||
viewer_protocol_policy = "https-only" | ||
compress = true | ||
target_origin_id = ordered_cache_behavior.value.id | ||
forwarded_values { | ||
query_string = false | ||
headers = ["Origin"] | ||
cookies { | ||
forward = "none" | ||
} | ||
} | ||
} | ||
} | ||
|
||
restrictions { | ||
geo_restriction { | ||
restriction_type = "none" | ||
} | ||
} | ||
|
||
tags = { | ||
Name = "tf-${var.stack_name}-mm-cloudfront-cdn" | ||
Terraform = true | ||
StackName = var.stack_name | ||
} | ||
|
||
} | ||
|
||
output "mm_CDN_domain_name" { | ||
value = join("", aws_cloudfront_distribution.mm_cloudfront_cdn[*].domain_name) | ||
} | ||
|
||
resource "aws_route53_record" "mm-cdn-alias" { | ||
count = var.cf_create ? 1 : 0 | ||
zone_id = var.r53_zone_id | ||
name = "${var.stack_name}-cdn.${var.domain}" | ||
type = "A" | ||
|
||
alias { | ||
name = aws_cloudfront_distribution.mm_cloudfront_cdn[0].domain_name | ||
zone_id = aws_cloudfront_distribution.mm_cloudfront_cdn[0].hosted_zone_id | ||
evaluate_target_health = false | ||
} | ||
} | ||
|
||
output "mm_CDN_FQDN" { | ||
value = join("", aws_route53_record.mm-cdn-alias[*].fqdn) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters