Skip to content
This repository was archived by the owner on Mar 25, 2025. It is now read-only.

Commit 5943880

Browse files
WintusWintus
committed
Add CloudFront config
1 parent 6d20b30 commit 5943880

File tree

2 files changed

+99
-0
lines changed

2 files changed

+99
-0
lines changed

cloudfront/main.tf

Lines changed: 92 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,93 @@
1+
/*
2+
CDN
3+
*/
14

5+
resource "aws_cloudfront_distribution" "image" {
6+
enabled = true
7+
8+
origin {
9+
origin_id = "${aws_s3_bucket.image_origin.id}"
10+
domain_name = "${aws_s3_bucket.image_origin.bucket_domain_name}"
11+
12+
s3_origin_config {
13+
origin_access_identity = "${aws_cloudfront_origin_access_identity.image.cloudfront_access_identity_path}"
14+
}
15+
}
16+
17+
default_cache_behavior {
18+
target_origin_id = "${aws_s3_bucket.image_origin.id}"
19+
20+
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
21+
cached_methods = ["GET", "HEAD"]
22+
23+
lambda_function_association {
24+
event_type = "origin-response"
25+
lambda_arn = "${var.OriginResponseLambdaFunctionQualifiedArn}"
26+
}
27+
28+
forwarded_values {
29+
query_string = true
30+
31+
cookies {
32+
forward = "none"
33+
}
34+
}
35+
36+
viewer_protocol_policy = "allow-all"
37+
}
38+
39+
viewer_certificate {
40+
cloudfront_default_certificate = true
41+
}
42+
43+
price_class = "PriceClass_200"
44+
45+
restrictions {
46+
geo_restriction {
47+
restriction_type = "none"
48+
}
49+
}
50+
51+
tags {
52+
Environment = "dev"
53+
}
54+
}
55+
56+
resource "aws_cloudfront_origin_access_identity" "image" {
57+
comment = "Managed by Terraform"
58+
}
59+
60+
/*
61+
Origin
62+
*/
63+
64+
resource "aws_s3_bucket" "image_origin" {
65+
bucket = "${var.origin_s3_bucket_name}"
66+
}
67+
68+
resource "aws_s3_bucket_policy" "image_origin" {
69+
bucket = "${aws_s3_bucket.image_origin.id}"
70+
policy = "${data.aws_iam_policy_document.image_s3_origin.json}"
71+
}
72+
73+
data "aws_iam_policy_document" "image_s3_origin" {
74+
statement {
75+
actions = ["s3:GetObject"]
76+
resources = ["${aws_s3_bucket.image_origin.arn}/*"]
77+
78+
principals {
79+
type = "AWS"
80+
identifiers = ["${aws_cloudfront_origin_access_identity.image.iam_arn}"]
81+
}
82+
}
83+
84+
statement {
85+
actions = ["s3:ListBucket"]
86+
resources = ["${aws_s3_bucket.image_origin.arn}"]
87+
88+
principals {
89+
type = "AWS"
90+
identifiers = ["${aws_cloudfront_origin_access_identity.image.iam_arn}"]
91+
}
92+
}
93+
}

cloudfront/variables.tf

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,10 @@
11
variable "main_aws_region" {
22
default = "ap-northeast-1"
33
}
4+
5+
# output from serverless
6+
variable "OriginResponseLambdaFunctionQualifiedArn" {}
7+
8+
variable "origin_s3_bucket_name" {
9+
default = "image-resize.wintus.tokyo"
10+
}

0 commit comments

Comments
 (0)