Request and Cache Policies (#5)

milliHQ · Feb 15, 2021 · 11e856e · 11e856e
1 parent eedae3d
commit 11e856e
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 51 deletions.
diff --git a/main.tf b/main.tf
@@ -104,42 +104,77 @@ locals {
   }
 }
 
-# TODO: Use request policy once support for cache policies is released
-# (We cannot use request policies without cache policies)
-# https://github.com/hashicorp/terraform-provider-aws/pull/17336
-
-# resource "aws_cloudfront_origin_request_policy" "api_gateway" {
-#   name        = var.deployment_name
-#   description = "Managed by Terraform-next.js image optimizer"
-
-#   cookies_config {
-#     cookie_behavior = "none"
-#   }
-
-#   headers_config {
-#     header_behavior = "whitelist"
-#     headers {
-#       items = local.cloudfront_allowed_headers
-#     }
-#   }
-
-#   query_strings_config {
-#     query_string_behavior = "whitelist"
-#     query_strings {
-#       items = local.cloudfront_allowed_query_string_keys
-#     }
-#   }
-# }
+resource "random_id" "policy_name" {
+  prefix      = "${var.deployment_name}-"
+  byte_length = 4
+}
+
+resource "aws_cloudfront_origin_request_policy" "this" {
+  name    = "${random_id.policy_name.hex}-request"
+  comment = "Managed by Terraform-next.js image optimizer"
+
+  cookies_config {
+    cookie_behavior = "none"
+  }
+
+  headers_config {
+    header_behavior = "whitelist"
+    headers {
+      items = local.cloudfront_allowed_headers
+    }
+  }
+
+  query_strings_config {
+    query_string_behavior = "whitelist"
+    query_strings {
+      items = local.cloudfront_allowed_query_string_keys
+    }
+  }
+}
+
+resource "aws_cloudfront_cache_policy" "this" {
+  name    = "${random_id.policy_name.hex}-cache"
+  comment = "Managed by Terraform-next.js image optimizer"
+
+  # Default values (Should be provided by origin)
+  min_ttl     = 0
+  default_ttl = 86400
+  max_ttl     = 31536000
+
+  parameters_in_cache_key_and_forwarded_to_origin {
+    cookies_config {
+      cookie_behavior = "none"
+    }
+
+    headers_config {
+      header_behavior = "whitelist"
+      headers {
+        items = local.cloudfront_allowed_headers
+      }
+    }
+
+    query_strings_config {
+      query_string_behavior = "whitelist"
+      query_strings {
+        items = local.cloudfront_allowed_query_string_keys
+      }
+    }
+
+    enable_accept_encoding_gzip   = true
+    enable_accept_encoding_brotli = true
+  }
+}
 
 module "cloudfront" {
   source = "./modules/cloudfront-cache"
 
   cloudfront_create_distribution       = var.cloudfront_create_distribution
   cloudfront_price_class               = var.cloudfront_price_class
-  cloudfront_allowed_query_string_keys = local.cloudfront_allowed_query_string_keys
-  cloudfront_allowed_headers           = local.cloudfront_allowed_headers
   cloudfront_origin                    = local.cloudfront_origin_image_optimizer
 
+  cloudfront_origin_request_policy_id = aws_cloudfront_origin_request_policy.this.id
+  cloudfront_cache_policy_id          = aws_cloudfront_cache_policy.this.id
+
   deployment_name = var.deployment_name
   tags            = var.tags
 }
diff --git a/modules/cloudfront-cache/main.tf b/modules/cloudfront-cache/main.tf
@@ -17,21 +17,8 @@ resource "aws_cloudfront_distribution" "distribution" {
     viewer_protocol_policy = "redirect-to-https"
     compress               = true
 
-    # Default values (Should be provided by origin)
-    min_ttl     = 0
-    default_ttl = 86400
-    max_ttl     = 31536000
-
-    forwarded_values {
-      cookies {
-        forward = "none"
-      }
-
-      headers = var.cloudfront_allowed_headers
-
-      query_string            = true
-      query_string_cache_keys = var.cloudfront_allowed_query_string_keys
-    }
+    origin_request_policy_id = var.cloudfront_origin_request_policy_id
+    cache_policy_id          = var.cloudfront_cache_policy_id
   }
 
   dynamic "origin" {

diff --git a/modules/cloudfront-cache/variables.tf b/modules/cloudfront-cache/variables.tf
@@ -6,19 +6,18 @@ variable "cloudfront_price_class" {
   type = string
 }
 
-variable "cloudfront_allowed_query_string_keys" {
-  type = list(string)
+variable "cloudfront_origin" {
+  type = any
 }
 
-variable "cloudfront_allowed_headers" {
-  type = list(string)
+variable "cloudfront_origin_request_policy_id" {
+  type = string
 }
 
-variable "cloudfront_origin" {
-  type = any
+variable "cloudfront_cache_policy_id" {
+  type = string
 }
 
-
 variable "deployment_name" {
   type = string
 }

diff --git a/versions.tf b/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.0"
+      version = ">= 3.28.0"
     }
     random = {
       source  = "hashicorp/random"