Cloudfront for api-by-becki

2022-09-17 09:30:57 -07:00 · 2022-09-17 09:30:57 -07:00 · 7a5c17e1ae
parent 3ac01e0cd0
commit 7a5c17e1ae
4 changed files with 103 additions and 4 deletions
--- a/terraform/cloudfront.tf
+++ b/terraform/cloudfront.tf
@ -0,0 +1,63 @@
+resource "aws_cloudfront_distribution" "api-by-becki" {
+  origin {
+    domain_name = "abb.gmem.ca"
+    origin_id   = "abb.gmem.ca"
+    custom_origin_config {
+      http_port              = 80
+      https_port             = 443
+      origin_protocol_policy = "https-only"
+      origin_ssl_protocols   = ["TLSv1.2"]
+    }
+  }
+
+  default_cache_behavior {
+    allowed_methods        = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods         = ["GET", "HEAD"]
+    target_origin_id       = "abb.gmem.ca"
+    viewer_protocol_policy = "allow-all"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+
+    forwarded_values {
+      query_string = true
+
+      cookies {
+        forward = "all"
+      }
+    }
+  }
+
+
+  http_version = "http2and3"
+
+  enabled         = true
+  is_ipv6_enabled = true
+
+  aliases = ["api-by-becki.gmem.ca"]
+  viewer_certificate {
+    acm_certificate_arn = aws_acm_certificate.api-by-becki.arn
+    ssl_support_method = "sni-only"
+  }
+
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+}
+
+resource "aws_acm_certificate" "api-by-becki" {
+  domain_name       = "api-by-becki.gmem.ca"
+  validation_method = "DNS"
+  provider          = aws.virginia
+}
+
+resource "aws_acm_certificate_validation" "api-by-becki" {
+  certificate_arn = aws_acm_certificate.api-by-becki.arn
+  validation_record_fqdns = [
+    aws_route53_record.api-by-becki-primary.fqdn
+  ]
+  provider = aws.virginia
+}
--- a/terraform/gmem.ca.tf
+++ b/terraform/gmem.ca.tf
@ -8,4 +8,33 @@ resource "aws_route53_record" "api-by-becki" {
  type    = "A"
  ttl     = 300
  records = ["168.119.154.189"]
-}
+}
+
+resource "aws_route53_record" "api-by-becki-primary" {
+  zone_id = aws_route53_zone.gmemca.zone_id
+  name    = "api-by-becki"
+  type = "A"
+
+  alias {
+    name = "${aws_cloudfront_distribution.api-by-becki.domain_name}"
+    zone_id = "${aws_cloudfront_distribution.api-by-becki.hosted_zone_id}"
+    evaluate_target_health = false
+  }
+}
+
+resource "aws_route53_record" "api-by-becki-acm" {
+  for_each = {
+    for dvo in aws_acm_certificate.api-by-becki.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    }
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 60
+  type            = each.value.type
+  zone_id         = aws_route53_zone.gmemca.zone_id
+}
--- a/terraform/main.tf
+++ b/terraform/main.tf
@ -1,12 +1,12 @@
 terraform {
  required_providers {
    vercel = {
-      source = "vercel/vercel"
+      source  = "vercel/vercel"
      version = "~> 0.3"
    }
    aws = {
-        source = "hashicorp/aws"
-        version = "4.28.0"
+      source  = "hashicorp/aws"
+      version = "4.28.0"
    }
  }
  backend "s3" {
@ -15,3 +15,8 @@ terraform {
    region = "eu-west-2"
  }
 }
+
+provider "aws" {
+  alias = "virginia"
+  region = "us-east-1"
+}
--- a/vps/api-by-becki.yaml
+++ b/vps/api-by-becki.yaml
@ -32,6 +32,8 @@ spec:
          - name: API_COUCH_DATABASE
            value: art-by-becki
        resources:
+          requests:
+            cpu: "1m"
          limits:
            memory: "128Mi"
            cpu: "500m"