resource "aws_cloudfront_origin_access_control" "s3_oac" {
name = "s3_oac_${random_string.bucket_random.result}"
description = "S3 OAC Policy"
origin_access_control_origin_type = "s3"
signing_behavior = "always"
signing_protocol = "sigv4"
}
data "aws_s3_bucket" "source_bucket" {
bucket = aws_s3_bucket.source.bucket
}
resource "aws_cloudfront_distribution" "cf_dist" {
origin {
domain_name = data.aws_s3_bucket.source_bucket.bucket_regional_domain_name
origin_access_control_id = aws_cloudfront_origin_access_control.s3_oac.id
origin_id = local.us_s3_origin_id
}
enabled = true #콘텐츠에 대한 최종 사용자 요청을 수락하도록 배포가 활성화되어 있는지 여부입니다
is_ipv6_enabled = false
comment = "CloudFront For S3, ALB"
default_root_object = "index.html"
default_cache_behavior { #S3 behavior
cache_policy_id = "658327ea-f89d-4fab-a63d-7e88639e58f6" #CachingOptimized
target_origin_id = local.us_s3_origin_id
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
compress = true
viewer_protocol_policy = "redirect-to-https"
}
price_class = "PriceClass_All"
restrictions { #국가 제한
geo_restriction {
restriction_type = "none"
locations = []
}
}
viewer_certificate { #인증서 HTTPS를 사용하여 객체를 요청하도록 한다
cloudfront_default_certificate = true
}
}
JSON
복사
