Merge pull request #9 from dealmore/feature/cloudfront-policies

Request and Cache Policies (#5)

examples/with-existing-cloudfront/README.md

@@ -6,8 +6,8 @@ This example shows how to integrate the image optimizer into an existing CloudFr
 
 ## Integration
 
-For a zero config setup the module is preconfigured to create a CloudFront by itself.
-However when using the module togehter with an external CloudFront resource, disable this beheaviour by setting `cloudfront_create_distribution` to `false`:
+For a zero config setup the module is preconfigured to create a CloudFront distribution by itself.
+However when using the module together with an external CloudFront resource, you can disable this behavior by setting `cloudfront_create_distribution` to `false`:
 
 ```diff
 module "next_image_optimizer" {
@@ -17,7 +17,7 @@ module "next_image_optimizer" {
 }
 ```
 
-The module has some preconfigured output values (`cloudfront_allowed_query_string_keys`, `cloudfront_allowed_headers` and `cloudfront_origin_image_optimizer`) that make it easy to integrate the module with an existing CloudFront resource.
+The module has some preconfigured output values (`cloudfront_allowed_query_string_keys`, `cloudfront_origin_request_policy_id` and `cloudfront_cache_policy_id`) that make it easy to integrate the module with an existing CloudFront resource.
 
 ```tf
 #################
@@ -46,25 +46,13 @@ resource "aws_cloudfront_distribution" "distribution" {
   default_cache_behavior {
     allowed_methods  = ["GET", "HEAD"]
     cached_methods   = ["GET", "HEAD"]
-    target_origin_id = module.next_image_optimizer.cloudfront_origin_image_optimizer.origin_id
+    target_origin_id = module.next_image_optimizer.cloudfront_origin_id
 
     viewer_protocol_policy = "redirect-to-https"
     compress               = true
 
-    min_ttl     = 0
-    default_ttl = 86400
-    max_ttl     = 31536000
-
-    forwarded_values {
-      cookies {
-        forward = "none"
-      }
-
-      headers = module.next_image_optimizer.cloudfront_allowed_headers
-
-      query_string            = true
-      query_string_cache_keys = module.next_image_optimizer.cloudfront_allowed_query_string_keys
-    }
+    origin_request_policy_id = module.next_image_optimizer.cloudfront_origin_request_policy_id
+    cache_policy_id = module.next_image_optimizer.cloudfront_cache_policy_id
   }
 
   # This is a generic dynamic to create an origin

examples/with-existing-cloudfront/main.tf

@@ -38,25 +38,13 @@ resource "aws_cloudfront_distribution" "distribution" {
   default_cache_behavior {
     allowed_methods  = ["GET", "HEAD"]
     cached_methods   = ["GET", "HEAD"]
-    target_origin_id = module.next_image_optimizer.cloudfront_origin_image_optimizer.origin_id
+    target_origin_id = module.next_image_optimizer.cloudfront_origin_id
 
     viewer_protocol_policy = "redirect-to-https"
     compress               = true
 
-    min_ttl     = 0
-    default_ttl = 86400
-    max_ttl     = 31536000
-
-    forwarded_values {
-      cookies {
-        forward = "none"
-      }
-
-      headers = module.next_image_optimizer.cloudfront_allowed_headers
-
-      query_string            = true
-      query_string_cache_keys = module.next_image_optimizer.cloudfront_allowed_query_string_keys
-    }
+    origin_request_policy_id = module.next_image_optimizer.cloudfront_origin_request_policy_id
+    cache_policy_id = module.next_image_optimizer.cloudfront_cache_policy_id
   }
 
   # This is a generic dynamic to create an origin

main.tf

@@ -93,7 +93,7 @@ locals {
 
   cloudfront_origin_image_optimizer = {
     domain_name = trimprefix(module.api_gateway.this_apigatewayv2_api_api_endpoint, "https://")
-    origin_id   = "tf-next-image-optimizer"
+    origin_id   = var.cloudfront_origin_id
 
     custom_origin_config = {
       http_port              = "80"
@@ -104,41 +104,76 @@ locals {
   }
 }
 
-# TODO: Use request policy once support for cache policies is released
-# (We cannot use request policies without cache policies)
-# https://github.com/hashicorp/terraform-provider-aws/pull/17336
-
-# resource "aws_cloudfront_origin_request_policy" "api_gateway" {
-#   name        = var.deployment_name
-#   description = "Managed by Terraform-next.js image optimizer"
-
-#   cookies_config {
-#     cookie_behavior = "none"
-#   }
-
-#   headers_config {
-#     header_behavior = "whitelist"
-#     headers {
-#       items = local.cloudfront_allowed_headers
-#     }
-#   }
-
-#   query_strings_config {
-#     query_string_behavior = "whitelist"
-#     query_strings {
-#       items = local.cloudfront_allowed_query_string_keys
-#     }
-#   }
-# }
+resource "random_id" "policy_name" {
+  prefix      = "${var.deployment_name}-"
+  byte_length = 4
+}
+
+resource "aws_cloudfront_origin_request_policy" "this" {
+  name    = "${random_id.policy_name.hex}-request"
+  comment = "Managed by Terraform-next.js image optimizer"
+
+  cookies_config {
+    cookie_behavior = "none"
+  }
+
+  headers_config {
+    header_behavior = "whitelist"
+    headers {
+      items = local.cloudfront_allowed_headers
+    }
+  }
+
+  query_strings_config {
+    query_string_behavior = "whitelist"
+    query_strings {
+      items = local.cloudfront_allowed_query_string_keys
+    }
+  }
+}
+
+resource "aws_cloudfront_cache_policy" "this" {
+  name    = "${random_id.policy_name.hex}-cache"
+  comment = "Managed by Terraform-next.js image optimizer"
+
+  # Default values (Should be provided by origin)
+  min_ttl     = 0
+  default_ttl = 86400
+  max_ttl     = 31536000
+
+  parameters_in_cache_key_and_forwarded_to_origin {
+    cookies_config {
+      cookie_behavior = "none"
+    }
+
+    headers_config {
+      header_behavior = "whitelist"
+      headers {
+        items = local.cloudfront_allowed_headers
+      }
+    }
+
+    query_strings_config {
+      query_string_behavior = "whitelist"
+      query_strings {
+        items = local.cloudfront_allowed_query_string_keys
+      }
+    }
+
+    enable_accept_encoding_gzip   = true
+    enable_accept_encoding_brotli = true
+  }
+}
 
 module "cloudfront" {
   source = "./modules/cloudfront-cache"
 
-  cloudfront_create_distribution       = var.cloudfront_create_distribution
-  cloudfront_price_class               = var.cloudfront_price_class
-  cloudfront_allowed_query_string_keys = local.cloudfront_allowed_query_string_keys
-  cloudfront_allowed_headers           = local.cloudfront_allowed_headers
-  cloudfront_origin                    = local.cloudfront_origin_image_optimizer
+  cloudfront_create_distribution = var.cloudfront_create_distribution
+  cloudfront_price_class         = var.cloudfront_price_class
+  cloudfront_origin              = local.cloudfront_origin_image_optimizer
+
+  cloudfront_origin_request_policy_id = aws_cloudfront_origin_request_policy.this.id
+  cloudfront_cache_policy_id          = aws_cloudfront_cache_policy.this.id
 
   deployment_name = var.deployment_name
   tags            = var.tags

modules/cloudfront-cache/main.tf

@@ -17,21 +17,8 @@ resource "aws_cloudfront_distribution" "distribution" {
     viewer_protocol_policy = "redirect-to-https"
     compress               = true
 
-    # Default values (Should be provided by origin)
-    min_ttl     = 0
-    default_ttl = 86400
-    max_ttl     = 31536000
-
-    forwarded_values {
-      cookies {
-        forward = "none"
-      }
-
-      headers = var.cloudfront_allowed_headers
-
-      query_string            = true
-      query_string_cache_keys = var.cloudfront_allowed_query_string_keys
-    }
+    origin_request_policy_id = var.cloudfront_origin_request_policy_id
+    cache_policy_id          = var.cloudfront_cache_policy_id
   }
 
   dynamic "origin" {

modules/cloudfront-cache/variables.tf

@@ -6,19 +6,18 @@ variable "cloudfront_price_class" {
   type = string
 }
 
-variable "cloudfront_allowed_query_string_keys" {
-  type = list(string)
+variable "cloudfront_origin" {
+  type = any
 }
 
-variable "cloudfront_allowed_headers" {
-  type = list(string)
+variable "cloudfront_origin_request_policy_id" {
+  type = string
 }
 
-variable "cloudfront_origin" {
-  type = any
+variable "cloudfront_cache_policy_id" {
+  type = string
 }
 
-
 variable "deployment_name" {
   type = string
 }

outputs.tf

@@ -8,17 +8,22 @@ output "cloudfront_hosted_zone_id" {
   value       = module.cloudfront.cloudfront_hosted_zone_id
 }
 
-output "cloudfront_allowed_query_string_keys" {
-  description = "Allowed query string keys used by the image optimizer."
-  value       = local.cloudfront_allowed_query_string_keys
-}
-
-output "cloudfront_allowed_headers" {
-  description = "Allowed header keys used by the image optimizer."
-  value       = local.cloudfront_allowed_headers
+output "cloudfront_origin_id" {
+  description = "Id of the custom origin used for image optimization."
+  value       = var.cloudfront_origin_id
 }
 
 output "cloudfront_origin_image_optimizer" {
   description = "Predefined CloudFront origin of the image optimizer. Can be used to embedd the image optimizer into an existing CloudFront resource."
   value       = local.cloudfront_origin_image_optimizer
 }
+
+output "cloudfront_origin_request_policy_id" {
+  description = "Request policy id used for image optimization."
+  value       = aws_cloudfront_origin_request_policy.this.id
+}
+
+output "cloudfront_cache_policy_id" {
+  description = "Cache policy id used for image optimization."
+  value       = aws_cloudfront_cache_policy.this.id
+}

variables.tf

@@ -87,6 +87,12 @@ variable "cloudfront_price_class" {
   default     = "PriceClass_100"
 }
 
+variable "cloudfront_origin_id" {
+  description = "Override the id for the custom CloudFront id."
+  type        = string
+  default     = "tf-next-image-optimizer"
+}
+
 ##########
 # Labeling
 ##########

versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.0"
+      version = ">= 3.28.0"
     }
     random = {
       source  = "hashicorp/random"