1  locals {
 2    full_name = "${var.env}.${var.stage}"
 3    bucket_name = "${local.full_name}-cf-cdn"
 4    bucket_domain_name = "${local.bucket_name}.s3.amazonaws.com"
 5  }
 6  
 7  resource "aws_cloudfront_distribution" "default" {
 8    enabled             = true
 9    wait_for_deployment = true
10    comment             = var.comment
11    aliases             = var.aliases
12    price_class         = var.price_class
13  
14    tags = {
15      Name = local.full_name
16    }
17  
18    dynamic "origin" {
19      iterator = fqdn
20      for_each = var.origin_fqdns
21      content {
22        domain_name = fqdn.value
23        origin_id   = "ELB-${split(".", fqdn.value)[0]}"
24  
25        custom_origin_config {
26          http_port  = 80
27          https_port = 443
28  
29          origin_protocol_policy = "http-only"
30          origin_ssl_protocols   = ["TLSv1", "TLSv1.1", "TLSv1.2"]
31        }
32      }
33    }
34  
35    viewer_certificate {
36      acm_certificate_arn            = var.cert_arn
37      minimum_protocol_version       = var.minimum_protocol_version
38      ssl_support_method             = "sni-only"
39      cloudfront_default_certificate = false
40    }
41  
42    dynamic "default_cache_behavior" {
43      iterator = fqdn
44      for_each = var.origin_fqdns
45      content {
46        target_origin_id = "ELB-${split(".", fqdn.value)[0]}"
47  
48        allowed_methods = var.allowed_methods
49        cached_methods  = var.cached_methods
50        compress        = var.compress
51  
52        forwarded_values {
53          query_string = false
54          headers      = []
55          cookies { forward = "none" }
56        }
57  
58        viewer_protocol_policy = "redirect-to-https"
59        default_ttl            = var.default_ttl
60        min_ttl                = var.min_ttl
61        max_ttl                = var.max_ttl
62      }
63    }
64  
65    /* Special case for /metadata/all to show newly added Dapps */
66    dynamic "ordered_cache_behavior" {
67      iterator = fqdn
68      for_each = var.origin_fqdns
69      content {
70        target_origin_id = "ELB-${split(".", fqdn.value)[0]}"
71  
72        path_pattern    = "/metadata/all"
73        cached_methods  = ["GET", "HEAD"]
74        allowed_methods = ["GET", "HEAD", "OPTIONS"]
75  
76        forwarded_values {
77          query_string = false
78          headers      = []
79          cookies { forward = "none" }
80        }
81  
82        viewer_protocol_policy = "redirect-to-https"
83        min_ttl                = var.min_ttl
84        default_ttl            = 60
85        max_ttl                = 60
86      }
87    }
88  
89    restrictions {
90      geo_restriction {
91        restriction_type = "none"
92      }
93    }
94  }