forked from grahamgilbert/terraform-aws-munki-repo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudfront.tf
136 lines (110 loc) · 3.96 KB
/
cloudfront.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
resource "aws_cloudfront_distribution" "www_distribution" {
origin {
// Here we're using our S3 bucket's URL!
domain_name = "${aws_s3_bucket.www.bucket_regional_domain_name}"
// This can be any name to identify this origin.
origin_id = "munki"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
}
}
enabled = true
default_root_object = "index.html"
price_class = "${var.price_class}"
// All values are defaults from the AWS console.
default_cache_behavior {
lambda_function_association {
event_type = "viewer-request"
lambda_arn = "${aws_lambda_function.basic_auth_lambda.arn}:${aws_lambda_function.basic_auth_lambda.version}"
}
viewer_protocol_policy = "redirect-to-https"
compress = true
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
// This needs to match the `origin_id` above.
target_origin_id = "munki"
min_ttl = "${var.default_cache_behavior_min_ttl}"
default_ttl = "${var.default_cache_behavior_default_ttl}"
max_ttl = "${var.default_cache_behavior_max_ttl}"
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
ordered_cache_behavior {
path_pattern = "/catalogs/*"
lambda_function_association {
event_type = "viewer-request"
lambda_arn = "${aws_lambda_function.basic_auth_lambda.arn}:${aws_lambda_function.basic_auth_lambda.version}"
}
viewer_protocol_policy = "redirect-to-https"
compress = true
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
min_ttl = "${var.catalogs_ordered_cache_behavior_min_ttl}"
default_ttl = "${var.catalogs_ordered_cache_behavior_default_ttl}"
max_ttl = "${var.catalogs_ordered_cache_behavior_max_ttl}"
target_origin_id = "munki"
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
ordered_cache_behavior {
path_pattern = "/manifests/*"
lambda_function_association {
event_type = "viewer-request"
lambda_arn = "${aws_lambda_function.basic_auth_lambda.arn}:${aws_lambda_function.basic_auth_lambda.version}"
}
viewer_protocol_policy = "redirect-to-https"
compress = true
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
min_ttl = "${var.manifests_ordered_cache_behavior_min_ttl}"
default_ttl = "${var.manifests_ordered_cache_behavior_default_ttl}"
max_ttl = "${var.manifests_ordered_cache_behavior_max_ttl}"
target_origin_id = "munki"
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
ordered_cache_behavior {
path_pattern = "/icons/*"
lambda_function_association {
event_type = "viewer-request"
lambda_arn = "${aws_lambda_function.basic_auth_lambda.arn}:${aws_lambda_function.basic_auth_lambda.version}"
}
viewer_protocol_policy = "redirect-to-https"
compress = true
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
min_ttl = "${var.icons_ordered_cache_behavior_min_ttl}"
default_ttl = "${var.icons_ordered_cache_behavior_default_ttl}"
max_ttl = "${var.icons_ordered_cache_behavior_max_ttl}"
target_origin_id = "munki"
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
cloudfront_default_certificate = true
}
}
resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
comment = "Some comment"
}