-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.tf
120 lines (100 loc) · 3.37 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
locals {
id = "${replace(var.name, " ", "-")}"
}
# ----------------------------------------
# CREATE A CLOUDFRONT DISTRIBUTION
# ----------------------------------------
# CloudFront distribution
resource "aws_cloudfront_distribution" "this" {
count = "${var.access_identity ? 0 : 1}"
origin {
domain_name = "${var.origin}"
origin_id = "${local.id}"
dynamic "custom_origin_config" {
for_each = var.custom_origin_config.http_port != "" ? list(var.custom_origin_config) : []
content {
http_port = var.custom_origin_config.http_port
https_port = var.custom_origin_config.https_port
origin_protocol_policy = var.custom_origin_config.origin_protocol_policy
origin_ssl_protocols = var.custom_origin_config.origin_ssl_protocols
}
}
}
enabled = true
comment = "${var.name}"
aliases = "${var.aliases}"
default_cache_behavior {
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "${local.id}"
compress = true
forwarded_values {
query_string = true
headers = ["${var.forwarded_headers}"]
cookies {
forward = "all"
}
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = "${var.min_ttl}"
default_ttl = "${var.default_ttl}"
max_ttl = "${var.max_ttl}"
}
tags = "${merge(var.tags, map("Name", "${var.name}"))}"
viewer_certificate {
acm_certificate_arn = "${var.certificate}"
cloudfront_default_certificate = "${var.certificate == "" ? true : false}"
ssl_support_method = "${var.certificate != "" ? "sni-only" : null}"
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
}
resource "aws_cloudfront_distribution" "access_identity" {
count = "${var.access_identity ? 1 : 0}"
origin {
domain_name = "${var.origin}"
origin_id = "${local.id}"
s3_origin_config {
origin_access_identity = "origin-access-identity/cloudfront/${length(aws_cloudfront_origin_access_identity.this.*.id) > 0 ? element(concat(aws_cloudfront_origin_access_identity.this.*.id, list("")), 0) : ""}"
}
}
enabled = true
comment = "${var.name}"
aliases = "${var.aliases}"
default_cache_behavior {
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "${local.id}"
compress = true
forwarded_values {
query_string = true
headers = "${var.forwarded_headers}"
cookies {
forward = "all"
}
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = "${var.min_ttl}"
default_ttl = "${var.default_ttl}"
max_ttl = "${var.max_ttl}"
}
tags = "${merge(var.tags, map("Name", "${var.name}"))}"
viewer_certificate {
acm_certificate_arn = "${var.certificate}"
cloudfront_default_certificate = "${var.certificate == "" ? true : false}"
minimum_protocol_version = var.certificate == "" ? "TLSv1" : var.minimum_protocol_version
ssl_support_method = "${var.certificate != "" ? "sni-only" : null}"
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
}
resource "aws_cloudfront_origin_access_identity" "this" {
count = "${var.access_identity ? 1 : 0}"
comment = "${local.id}"
}