This module provides for a concrete configuration for terraform to manage multiple Cloudfront distributions that are backed by any AWS supported origin. This module is designed to be more specific to our use cases and open enough to leverage any features that you might need exposed. The reason this module is leveraged over the typical public module is that we can can make our own adjustments and provide our own solutions at our own pace and not suffer under the weight of the public needs.

For S3 origins, this module will create an access identity user to connect to S3; S3 will have a policy to allow for this lock down. Due to Cloudfront and S3 being public, there is no support for encryption at rest in the S3 buckets; if AWS provides this down the road we will update to support it.

• Example: S3 Default found in ./example/default/
• geo_restriction
• Terraform Cloudfront
• Terraform Experiments Requirement
• AWS S3 Website Routing Rules

• aliases is used to allow other alias's to be pointed at the CDN, these records are not touched, you need to update it to point to the CDN after deployment.
• aliases_to_create is used to define domains that will be created and pointed to the CDN automatically; the root domain MUST have a matching Route53 zone already.
• a default index.html page will be uploaded to the new S3 bucket; future changes are ignored on that resource.
• ensure S3 log delivery group is enabled on your S3 logging bucket ACL.
• whitelisting defined in geo_restriction object.
• if you define a s3_website for an origin, a semi public s3 bucket will be used instead, however with full S3 website support, which may help you more.

    price_class_map = {
        all_locations           = "PriceClass_All",
        north_america_africa    = "PriceClass_200"
        north_america           = "PriceClass_100",
    }

• aws_cloudfront_distribution
• aws_cloudfront_origin_access_identity
• aws_route53_record (if defined in aliases_to_create)
• aws_s3_bucket (if configured)
• aws_s3_bucket_public_access_block
• aws_s3_bucket_object
• aws_s3_bucket_policy

NOTE Most of the configuration of a deployment is optional, the defaults will be looking for S3; but you can define whatever configurations you need to make; just review the variable definition for more details on what is passed in for you to meet your needs.

module "service" {
  source          = "[email protected]:dev-head/tf-module.aws.cdn.git?ref=0.0.1"

  base-tags = {
    Environment = "test"
    Managed     = "true"
    CreatedBy   = "terraform"
  }
  
  deployments = {
    distro_001  = {
      name = "a fancy example"
      origins = {
        default = {
          bucket_name     = "an-example-01"
          create_bucket   = true
          s3_upload = [{
            enabled = true
            path    = "html"
            pattern = "**"
            prefix  = ""
          }]
        }
      }
    }
  }
}

• aws_caller_identity Details on current AWS user.
• aws_region The current configured.
• key_resources Key Resources provides for full resource mapping for each of the defined deployments; allowing access to the full range of resource attributes.
• key_attributes Key Attributes provides for a specific mapping of defined resource values for each of the defined deployments; allowing for human friendly output.
• base-tags The tags that were set for all resources. (Optionally you can overwrite them in each distro by providing a tag to replace it or new tags.)

chtf 1.1.3

The examples are designed for you to be able to build and test updates.

cd example/default 

# Creates `local.ini` for you to overright any local variables, such as your AWS Profile.
make init 

make plan

git git fetch 
git pull origin main
git checkout -b dev/0.0.1

# Use change log update for commit message.
git add .  
git commit -a

git push origin dev/0.0.1
git checkout main 
git merge dev/0.0.1
git push origin main

git tag -l
git tag -a 0.0.1
git show 0.0.1
git push origin 0.0.1