Terraform - CloudFront - dsk-alert-images 버킷 접근을 위한 CloudFront 생성

2024-02-05 11:44:08 +09:00
parent f728769c96
commit 72e5675f14
7 changed files with 123 additions and 0 deletions
--- a/terraform/cloudfront/distributions.tf
+++ b/terraform/cloudfront/distributions.tf
@@ -0,0 +1,39 @@
+resource "aws_cloudfront_distribution" "distribution" {
+    for_each = toset(var.buckets)
+
+    origin {
+        domain_name              = data.aws_s3_bucket.bucket[each.value].bucket_regional_domain_name
+        origin_id                = data.aws_s3_bucket.bucket[each.value].bucket_regional_domain_name
+        origin_access_control_id = aws_cloudfront_origin_access_control.origin_access[each.value].id
+
+        origin_shield {
+            enabled              = true
+            origin_shield_region = "ap-northeast-2"
+        }
+    }
+
+    enabled             = true
+    is_ipv6_enabled     = true
+    comment             = "Alert Images CDN - S3 Bucket: dsk-alert-images"
+    price_class         = "PriceClass_200"
+
+    restrictions {
+        geo_restriction {
+            restriction_type = "whitelist"
+            locations        = ["KR"]
+        }
+    }
+
+    default_cache_behavior {
+        cache_policy_id         = "658327ea-f89d-4fab-a63d-7e88639e58f6"
+        allowed_methods         = ["GET", "HEAD"]
+        cached_methods          = ["GET", "HEAD"]
+        target_origin_id        = data.aws_s3_bucket.bucket[each.value].bucket_regional_domain_name
+        compress                = true
+        viewer_protocol_policy  = "redirect-to-https"
+    }
+
+    viewer_certificate {
+        cloudfront_default_certificate = true
+    }
+}