slococo-uni
/
bsmsapp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add cloudfront distribution (www -> non-www)

This commit is contained in:
Santiago Lo Coco 2022-12-13 09:25:05 -03:00
parent 383844ba51
commit 3034550990
6 changed files with 129 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
terraform/modules/cloudfront/main.tf
View File

@ -61,6 +61,16 @@ resource "aws_cloudfront_distribution" "this" {
forward = "none"
}
}
dynamic "function_association" {
for_each = lookup(i.value, "function_association", [])
iterator = f
content {
event_type = f.key
function_arn = lookup(f.value, "function_arn", aws_cloudfront_function.this[0].arn)
}
}
}
}
@ -75,3 +85,12 @@ resource "aws_cloudfront_distribution" "this" {
ssl_support_method = "sni-only"
}
}
resource "aws_cloudfront_function" "this" {
count = var.code != "" ? 1 : 0
name = "redirectWWW"
runtime = "cloudfront-js-1.0"
code = var.code
publish = true
}

7
terraform/modules/cloudfront/variables.tf
View File

@ -5,7 +5,7 @@
variable "web_acl_id" {
description = "Id or ARN of the AWS WAF web ACL that is associated with the distribution."
type = string
nullable = false
nullable = true
}
variable "tags" {
@ -49,3 +49,8 @@ variable "acm_certificate_arn" {
type = string
nullable = false
}
variable "code" {
description = "CloudFront function code to run."
type = string
}

52
terraform/organization/cloudfront.tf
View File

@ -1,4 +1,5 @@
module "cloudfront" {
for_each = local.cloudfront
source = "../modules/cloudfront"
providers = {
@ -12,53 +13,14 @@ module "cloudfront" {
]
enabled = true
web_acl_id = module.waf.web_acl_arn
aliases = [
local.domain,
"www.${local.domain}"
]
web_acl_id = try(each.value.web_acl_id, null)
aliases = each.value.aliases
acm_certificate_arn = module.acm.certificate_arn
default_root_object = "index.html"
origin = {
api-gateway = {
domain_name = replace(replace(module.apigw.endpoint, "https://", ""), "/", "")
origin_path = "/api"
custom_origin_config = {
http_port = 80
https_port = 443
origin_protocol_policy = "match-viewer"
origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
}
}
s3 = {
domain_name = module.s3["website"].domain_name
s3_origin_config = {
origin_access_identity = module.s3["website"].cloudfront_access_identity
}
}
}
default_cache_behavior = {
target_origin_id = "s3"
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD"]
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
forwarded_values = {
query_string = false
cookies = {
forward = "none"
}
}
}
origin = each.value.origin
default_cache_behavior = each.value.default_cache_behavior
code = try(each.value.code, "")
}

70
terraform/organization/locals.tf
View File

@ -132,4 +132,74 @@ locals {
domain = "santilococo.com.ar"
emails = ["slococo@itba.edu.ar"]
cloudfront = {
root = {
web_acl_id = module.waf.web_acl_arn
aliases = [
local.domain
]
origin = {
api-gateway = {
domain_name = replace(replace(module.apigw.endpoint, "https://", ""), "/", "")
origin_path = "/api"
custom_origin_config = {
http_port = 80
https_port = 443
origin_protocol_policy = "match-viewer"
origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
}
}
s3 = {
domain_name = module.s3["website"].domain_name
s3_origin_config = {
origin_access_identity = module.s3["website"].cloudfront_access_identity
}
}
}
default_cache_behavior = {
target_origin_id = "s3"
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD"]
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
},
redirect = {
aliases = [
"www.${local.domain}"
]
origin = {
s3 = {
domain_name = module.s3["website"].domain_name
s3_origin_config = {
origin_access_identity = module.s3["website"].cloudfront_access_identity
}
}
}
default_cache_behavior = {
target_origin_id = "s3"
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD"]
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
function_association = {
viewer-request = {}
}
}
code = file("${local.path}/lambda/redirectWWW.js")
}
}
}

7
terraform/organization/route53.tf
View File

@ -16,15 +16,16 @@ module "route53" {
name = local.domain
type = "A"
alias = {
name = module.cloudfront.distribution_domain_name
zone_id = module.cloudfront.distribution_hosted_zone_id
name = module.cloudfront["root"].distribution_domain_name
zone_id = module.cloudfront["root"].distribution_hosted_zone_id
}
},
www = {
name = "www.${local.domain}"
type = "A"
alias = {
name = local.domain
name = module.cloudfront["redirect"].distribution_domain_name
zone_id = module.cloudfront["redirect"].distribution_hosted_zone_id
}
}
}

23
terraform/resources/lambda/redirectWWW.js Normal file
View File

@ -0,0 +1,23 @@
function handler(event) {
var host = (event.request.headers.host && event.request.headers.host.value) || '';
if (host.indexOf('www.') !== 0) {
return event.request;
}
var queryString = Object
.keys(event.request.querystring)
.map(key => key + '=' + event.request.querystring[key].value)
.join('&');
return {
statusCode: 301,
statusDescription: 'Moved Permanently',
headers: {
location: {
value: 'https://' + host.replace('www.', '') + event.request.uri +
(queryString.length > 0 ? '?' + queryString : ''),
},
},
};
}