11resource "aws_cloudfront_distribution" "www_distribution" {
22 provider = aws. us_east_1
33
4- price_class = " PriceClass_100"
4+ price_class = " PriceClass_All"
5+ web_acl_id = null // aws will create and manage this automaticly
56
67 // origin is where CloudFront gets its content from.
78 origin {
8- domain_name = aws_s3_bucket. website . bucket_regional_domain_name
9- origin_id = var. website_name
10-
11- s3_origin_config {
12- origin_access_identity = aws_cloudfront_origin_access_identity. origin_access_identity . cloudfront_access_identity_path
13- }
9+ domain_name = aws_s3_bucket. website . bucket_regional_domain_name
10+ origin_id = var. website_name
11+ origin_access_control_id = aws_cloudfront_origin_access_control. www . id
1412 }
1513
1614 enabled = true
@@ -23,18 +21,11 @@ resource "aws_cloudfront_distribution" "www_distribution" {
2321 compress = true
2422 allowed_methods = [" GET" , " HEAD" ]
2523 cached_methods = [" GET" , " HEAD" ]
24+
2625 // This needs to match the `origin_id` above.
2726 target_origin_id = var. website_name
28- min_ttl = 0
29- default_ttl = 86400
30- max_ttl = 31536000
3127
32- forwarded_values {
33- query_string = false
34- cookies {
35- forward = " none"
36- }
37- }
28+ cache_policy_id = data. aws_cloudfront_cache_policy . caching_optimized . id
3829 }
3930
4031 aliases = [var . website_name , " www.${ var . website_name } " ]
@@ -65,5 +56,21 @@ resource "aws_cloudfront_distribution" "www_distribution" {
6556 response_code = 404
6657 response_page_path = " /404.html"
6758 }
59+
60+ lifecycle {
61+ ignore_changes = [web_acl_id ] // aws will create and manage this automaticly
62+ }
63+ }
64+
65+ data "aws_cloudfront_cache_policy" "caching_optimized" {
66+ // https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html
67+ name = " Managed-CachingOptimized"
6868}
6969
70+ resource "aws_cloudfront_origin_access_control" "www" {
71+ name = var. website_name
72+ description = " Access ${ var . website_name } bucket"
73+ origin_access_control_origin_type = " s3"
74+ signing_behavior = " always"
75+ signing_protocol = " sigv4"
76+ }
0 commit comments