infra/terraform/cloudfront.tf

resource "aws_cloudfront_distribution" "api-by-becki" {
  origin {
    domain_name = "abb.gmem.ca"
    origin_id   = "abb.gmem.ca"
    custom_origin_config {
      http_port              = 80
      https_port             = 443
      origin_protocol_policy = "https-only"
      origin_ssl_protocols   = ["TLSv1.2"]
    }
  }

  default_cache_behavior {
    allowed_methods        = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
    cached_methods         = ["GET", "HEAD"]
    target_origin_id       = "abb.gmem.ca"
    viewer_protocol_policy = "redirect-to-https"
    cache_policy_id = "658327ea-f89d-4fab-a63d-7e88639e58f6"
    response_headers_policy_id = "eaab4381-ed33-4a86-88ca-d9558dc6cd63"
  }


  http_version = "http2and3"

  enabled         = true
  is_ipv6_enabled = true

  aliases = ["api-by-becki.gmem.ca"]
  viewer_certificate {
    acm_certificate_arn = aws_acm_certificate.api-by-becki.arn
    ssl_support_method = "sni-only"
  }


  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }
}

resource "aws_acm_certificate" "api-by-becki" {
  domain_name       = "api-by-becki.gmem.ca"
  validation_method = "DNS"
  provider          = aws.virginia
}

resource "aws_acm_certificate_validation" "api-by-becki" {
  certificate_arn = aws_acm_certificate.api-by-becki.arn
  validation_record_fqdns = [for record in aws_route53_record.api-by-becki-acm : record.fqdn]
  provider = aws.virginia
}