Terraform - CloudFront - dsk-alert-images 버킷 접근을 위한 CloudFront 생성
This commit is contained in:
dsk-minchulahn
25
terraform/cloudfront/.terraform.lock.hcl
generated
Normal file
25
terraform/cloudfront/.terraform.lock.hcl
generated
Normal file
@@ -0,0 +1,25 @@
|
|||||||
|
# This file is maintained automatically by "terraform init".
|
||||||
|
# Manual edits may be lost in future updates.
|
||||||
|
|
||||||
|
provider "registry.terraform.io/hashicorp/aws" {
|
||||||
|
version = "5.35.0"
|
||||||
|
constraints = "~> 5.0"
|
||||||
|
hashes = [
|
||||||
|
"h1:fggCACmhwwn6NOo3D6xY6WDyZfBSbMIb47X/MOC+zqE=",
|
||||||
|
"zh:3a2a6f40db82d30ea8c5e3e251ca5e16b08e520570336e7e342be823df67e945",
|
||||||
|
"zh:420a23b69b412438a15b8b2e2c9aac2cf2e4976f990f117e4bf8f630692d3949",
|
||||||
|
"zh:4d8b887f6a71b38cff77ad14af9279528433e279eed702d96b81ea48e16e779c",
|
||||||
|
"zh:4edd41f8e1c7d29931608a7b01a7ae3d89d6f95ef5502cf8200f228a27917c40",
|
||||||
|
"zh:6337544e2ded5cf37b55a70aa6ce81c07fd444a2644ff3c5aad1d34680051bdc",
|
||||||
|
"zh:668faa3faaf2e0758bf319ea40d2304340f4a2dc2cd24460ddfa6ab66f71b802",
|
||||||
|
"zh:79ddc6d7c90e59fdf4a51e6ea822ba9495b1873d6a9d70daf2eeaf6fc4eb6ff3",
|
||||||
|
"zh:885822027faf1aa57787f980ead7c26e7d0e55b4040d926b65709b764f804513",
|
||||||
|
"zh:8c50a8f397b871388ff2e048f5eb280af107faa2e8926694f1ffd9f32a7a7cdf",
|
||||||
|
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
|
||||||
|
"zh:a2f5d2553df5573a060641f18ee7585587047c25ba73fd80617f59b5893d22b4",
|
||||||
|
"zh:c43833ae2a152213ee92eb5be7653f9493779eddbe0ce403ea49b5f1d87fd766",
|
||||||
|
"zh:dab01527a3a55b4f0f958af6f46313d775e27f9ad9d10bedbbfea4a35a06dc5f",
|
||||||
|
"zh:ed49c65620ec42718d681a7fc00c166c295ff2795db6cede2c690b83f9fb3e65",
|
||||||
|
"zh:f0a358c0ae1087c466d0fbcc3b4da886f33f881a145c3836ec43149878b86a1a",
|
||||||
|
]
|
||||||
|
}
|
||||||
32
terraform/cloudfront/buckets.tf
Normal file
32
terraform/cloudfront/buckets.tf
Normal file
@@ -0,0 +1,32 @@
|
|||||||
|
data "aws_s3_bucket" "bucket" {
|
||||||
|
for_each = toset(var.buckets)
|
||||||
|
|
||||||
|
bucket = each.value
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_s3_bucket_policy" "policy" {
|
||||||
|
for_each = toset(var.buckets)
|
||||||
|
|
||||||
|
bucket = data.aws_s3_bucket.bucket[each.value].id
|
||||||
|
|
||||||
|
policy = jsonencode({
|
||||||
|
"Version" = "2008-10-17",
|
||||||
|
"Id": "PolicyForCloudFrontPrivateContent",
|
||||||
|
"Statement" = [
|
||||||
|
{
|
||||||
|
"Sid" = "AllowCloudFrontServicePrincipal"
|
||||||
|
"Effect" = "Allow",
|
||||||
|
"Principal" = {
|
||||||
|
"Service" = "cloudfront.amazonaws.com"
|
||||||
|
},
|
||||||
|
"Action" = "s3:GetObject",
|
||||||
|
"Resource" = "${data.aws_s3_bucket.bucket[each.value].arn}/*",
|
||||||
|
"Condition" = {
|
||||||
|
"StringEquals" = {
|
||||||
|
"AWS:SourceArn": "arn:aws:cloudfront::508259851457:distribution/${aws_cloudfront_distribution.distribution[each.value].id}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
})
|
||||||
|
}
|
||||||
39
terraform/cloudfront/distributions.tf
Normal file
39
terraform/cloudfront/distributions.tf
Normal file
@@ -0,0 +1,39 @@
|
|||||||
|
resource "aws_cloudfront_distribution" "distribution" {
|
||||||
|
for_each = toset(var.buckets)
|
||||||
|
|
||||||
|
origin {
|
||||||
|
domain_name = data.aws_s3_bucket.bucket[each.value].bucket_regional_domain_name
|
||||||
|
origin_id = data.aws_s3_bucket.bucket[each.value].bucket_regional_domain_name
|
||||||
|
origin_access_control_id = aws_cloudfront_origin_access_control.origin_access[each.value].id
|
||||||
|
|
||||||
|
origin_shield {
|
||||||
|
enabled = true
|
||||||
|
origin_shield_region = "ap-northeast-2"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
enabled = true
|
||||||
|
is_ipv6_enabled = true
|
||||||
|
comment = "Alert Images CDN - S3 Bucket: dsk-alert-images"
|
||||||
|
price_class = "PriceClass_200"
|
||||||
|
|
||||||
|
restrictions {
|
||||||
|
geo_restriction {
|
||||||
|
restriction_type = "whitelist"
|
||||||
|
locations = ["KR"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
default_cache_behavior {
|
||||||
|
cache_policy_id = "658327ea-f89d-4fab-a63d-7e88639e58f6"
|
||||||
|
allowed_methods = ["GET", "HEAD"]
|
||||||
|
cached_methods = ["GET", "HEAD"]
|
||||||
|
target_origin_id = data.aws_s3_bucket.bucket[each.value].bucket_regional_domain_name
|
||||||
|
compress = true
|
||||||
|
viewer_protocol_policy = "redirect-to-https"
|
||||||
|
}
|
||||||
|
|
||||||
|
viewer_certificate {
|
||||||
|
cloudfront_default_certificate = true
|
||||||
|
}
|
||||||
|
}
|
||||||
3
terraform/cloudfront/main.tf
Normal file
3
terraform/cloudfront/main.tf
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
provider "aws" {
|
||||||
|
region = var.aws_region
|
||||||
|
}
|
||||||
8
terraform/cloudfront/origin-access.tf
Normal file
8
terraform/cloudfront/origin-access.tf
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
resource "aws_cloudfront_origin_access_control" "origin_access" {
|
||||||
|
for_each = toset(var.buckets)
|
||||||
|
|
||||||
|
name = data.aws_s3_bucket.bucket[each.value].bucket_regional_domain_name
|
||||||
|
origin_access_control_origin_type = "s3"
|
||||||
|
signing_behavior = "always"
|
||||||
|
signing_protocol = "sigv4"
|
||||||
|
}
|
||||||
8
terraform/cloudfront/variables.tf
Normal file
8
terraform/cloudfront/variables.tf
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
variable "aws_region" {
|
||||||
|
default = "ap-northeast-2"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "buckets" {
|
||||||
|
type = list(string)
|
||||||
|
default = ["dsk-alert-images"]
|
||||||
|
}
|
||||||
8
terraform/cloudfront/version.tf
Normal file
8
terraform/cloudfront/version.tf
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
aws = {
|
||||||
|
source = "hashicorp/aws"
|
||||||
|
version = "~> 5.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user