Skip to content

Commit 197096f

Browse files
steph-torres-nhssteph-torres-nhs
committed
[PRMP-892] address PR comments
1 parent 06eb08e commit 197096f

File tree

7 files changed

+20
-26
lines changed

7 files changed

+20
-26
lines changed

infrastructure/buckets.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ module "ndr-lloyd-george-store" {
5151
access_logs_enabled = local.is_production
5252
access_logs_bucket_id = local.access_logs_bucket_id
5353
cloudfront_enabled = true
54-
cloudfront_arn = aws_cloudfront_distribution.distribution.arn
54+
cloudfront_arn = aws_cloudfront_distribution.s3_presign_mask.arn
5555
bucket_name = var.lloyd_george_bucket_name
5656
enable_bucket_versioning = true
5757
environment = var.environment
@@ -122,7 +122,7 @@ module "ndr-bulk-staging-store" {
122122
bucket_name = var.staging_store_bucket_name
123123
enable_cors_configuration = true
124124
enable_bucket_versioning = true
125-
cloudfront_arn = aws_cloudfront_distribution.distribution.arn
125+
cloudfront_arn = aws_cloudfront_distribution.s3_presign_mask.arn
126126
cloudfront_enabled = true
127127
environment = var.environment
128128
owner = var.owner
@@ -169,7 +169,7 @@ module "ndr-document-pending-review-store" {
169169
enable_bucket_versioning = true
170170
force_destroy = local.is_force_destroy
171171
cloudfront_enabled = true
172-
cloudfront_arn = aws_cloudfront_distribution.distribution.arn
172+
cloudfront_arn = aws_cloudfront_distribution.s3_presign_mask.arn
173173
enable_cors_configuration = true
174174
cors_rules = [
175175
{

infrastructure/cloudfront.tf

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ locals {
33
allow_us_comms = !local.is_production
44
}
55

6-
resource "aws_cloudfront_origin_access_control" "cloudfront_s3_oac" {
6+
resource "aws_cloudfront_origin_access_control" "s3" {
77
name = "${terraform.workspace}_cloudfront_s3_oac_policy"
88
description = "Cloud Front S3 OAC"
99
origin_access_control_origin_type = "s3"
@@ -21,13 +21,13 @@ module "cloudfront_firewall_waf_v2" {
2121
providers = { aws = aws.us_east_1 }
2222
}
2323

24-
resource "aws_cloudfront_distribution" "distribution" {
24+
resource "aws_cloudfront_distribution" "s3_presign_mask" {
2525
price_class = "PriceClass_100"
2626

2727
origin {
2828
domain_name = module.ndr-lloyd-george-store.bucket_regional_domain_name
2929
origin_id = module.ndr-lloyd-george-store.bucket_id
30-
origin_access_control_id = aws_cloudfront_origin_access_control.cloudfront_s3_oac.id
30+
origin_access_control_id = aws_cloudfront_origin_access_control.s3.id
3131
}
3232
enabled = true
3333
is_ipv6_enabled = true
@@ -38,7 +38,7 @@ resource "aws_cloudfront_distribution" "distribution" {
3838
target_origin_id = module.ndr-lloyd-george-store.bucket_id
3939
viewer_protocol_policy = "redirect-to-https"
4040
cache_policy_id = aws_cloudfront_cache_policy.nocache.id
41-
origin_request_policy_id = aws_cloudfront_origin_request_policy.viewer_policy.id
41+
origin_request_policy_id = aws_cloudfront_origin_request_policy.viewer.id
4242

4343
lambda_function_association {
4444
event_type = "origin-request"
@@ -49,7 +49,7 @@ resource "aws_cloudfront_distribution" "distribution" {
4949
origin {
5050
domain_name = module.ndr-document-pending-review-store.bucket_regional_domain_name
5151
origin_id = module.ndr-document-pending-review-store.bucket_id
52-
origin_access_control_id = aws_cloudfront_origin_access_control.cloudfront_s3_oac.id
52+
origin_access_control_id = aws_cloudfront_origin_access_control.s3.id
5353
}
5454

5555
ordered_cache_behavior {
@@ -59,7 +59,7 @@ resource "aws_cloudfront_distribution" "distribution" {
5959
target_origin_id = module.ndr-document-pending-review-store.bucket_id
6060
viewer_protocol_policy = "redirect-to-https"
6161
cache_policy_id = aws_cloudfront_cache_policy.nocache.id
62-
origin_request_policy_id = aws_cloudfront_origin_request_policy.viewer_policy.id
62+
origin_request_policy_id = aws_cloudfront_origin_request_policy.viewer.id
6363

6464
lambda_function_association {
6565
event_type = "origin-request"
@@ -70,7 +70,7 @@ resource "aws_cloudfront_distribution" "distribution" {
7070
origin {
7171
domain_name = module.ndr-bulk-staging-store.bucket_regional_domain_name
7272
origin_id = module.ndr-bulk-staging-store.bucket_id
73-
origin_access_control_id = aws_cloudfront_origin_access_control.cloudfront_s3_oac.id
73+
origin_access_control_id = aws_cloudfront_origin_access_control.s3.id
7474
}
7575

7676
ordered_cache_behavior {
@@ -80,7 +80,7 @@ resource "aws_cloudfront_distribution" "distribution" {
8080
target_origin_id = module.ndr-bulk-staging-store.bucket_id
8181
viewer_protocol_policy = "redirect-to-https"
8282
cache_policy_id = aws_cloudfront_cache_policy.nocache.id
83-
origin_request_policy_id = aws_cloudfront_origin_request_policy.viewer_policy.id
83+
origin_request_policy_id = aws_cloudfront_origin_request_policy.viewer.id
8484

8585
lambda_function_association {
8686
event_type = "origin-request"
@@ -102,7 +102,7 @@ resource "aws_cloudfront_distribution" "distribution" {
102102
web_acl_id = try(module.cloudfront_firewall_waf_v2[0].arn, "")
103103
}
104104

105-
resource "aws_cloudfront_origin_request_policy" "viewer_policy" {
105+
resource "aws_cloudfront_origin_request_policy" "viewer" {
106106
name = "${terraform.workspace}_BlockQueriesAndAllowViewer"
107107

108108
query_strings_config {

infrastructure/lambda-get-doc-ref.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ module "get-doc-ref-lambda" {
6464
WORKSPACE = terraform.workspace
6565
PRESIGNED_ASSUME_ROLE = aws_iam_role.get_doc_ref_presign_url_role.arn
6666
EDGE_REFERENCE_TABLE = module.cloudfront_edge_dynamodb_table.table_name
67-
CLOUDFRONT_URL = aws_cloudfront_distribution.distribution.domain_name
67+
CLOUDFRONT_URL = aws_cloudfront_distribution.s3_presign_mask.domain_name
6868
}
6969
depends_on = [
7070
aws_api_gateway_rest_api.ndr_doc_store_api,

infrastructure/lambda-get-document-fhir.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ module "get-doc-fhir-lambda" {
6060
LLOYD_GEORGE_DYNAMODB_NAME = module.lloyd_george_reference_dynamodb_table.table_name
6161
PDM_DYNAMODB_NAME = module.pdm_dynamodb_table.table_name
6262
OIDC_CALLBACK_URL = contains(["prod"], terraform.workspace) ? "https://${var.domain}/auth-callback" : "https://${terraform.workspace}.${var.domain}/auth-callback"
63-
CLOUDFRONT_URL = aws_cloudfront_distribution.distribution.domain_name
63+
CLOUDFRONT_URL = aws_cloudfront_distribution.s3_presign_mask.domain_name
6464
PDS_FHIR_IS_STUBBED = local.is_sandbox
6565
}
6666
depends_on = [

infrastructure/lambda-get-document-review.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ module "get_document_review_lambda" {
2424
APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id
2525
DOCUMENT_REVIEW_DYNAMODB_NAME = local.is_production ? "" : module.document_review_dynamodb_table[0].table_name
2626
EDGE_REFERENCE_TABLE = module.cloudfront_edge_dynamodb_table.table_name
27-
CLOUDFRONT_URL = aws_cloudfront_distribution.distribution.domain_name
27+
CLOUDFRONT_URL = aws_cloudfront_distribution.s3_presign_mask.domain_name
2828
PRESIGNED_ASSUME_ROLE = aws_iam_role.get_document_review_presign.arn
2929
WORKSPACE = terraform.workspace
3030
}

infrastructure/lambda-lloyd-george-record-stitch.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ module "lloyd-george-stitch-lambda" {
7878
LLOYD_GEORGE_BUCKET_NAME = "${terraform.workspace}-${var.lloyd_george_bucket_name}"
7979
LLOYD_GEORGE_DYNAMODB_NAME = "${terraform.workspace}_${var.lloyd_george_dynamodb_table_name}"
8080
STITCH_METADATA_DYNAMODB_NAME = "${terraform.workspace}_${var.stitch_metadata_dynamodb_table_name}"
81-
CLOUDFRONT_URL = aws_cloudfront_distribution.distribution.domain_name
81+
CLOUDFRONT_URL = aws_cloudfront_distribution.s3_presign_mask.domain_name
8282
WORKSPACE = terraform.workspace
8383
PRESIGNED_ASSUME_ROLE = aws_iam_role.stitch_presign_url_role.arn
8484
EDGE_REFERENCE_TABLE = module.cloudfront_edge_dynamodb_table.table_name

infrastructure/moved-resources-v1.6.8.tf

Lines changed: 4 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,12 @@
11
#PRMP-892
22
moved {
3-
from = module.cloudfront-distribution-lg.aws_cloudfront_distribution.distribution[0]
4-
to = aws_cloudfront_distribution.distribution
3+
from = local.is_production ? module.cloudfront-distribution-lg.aws_cloudfront_distribution.distribution[0] : module.cloudfront-distribution-lg.aws_cloudfront_distribution.distribution_with_secondary_bucket[0]
4+
to = aws_cloudfront_distribution.s3_presign_mask
55
}
66

7-
# moved {
8-
# from = module.cloudfront-distribution-lg.aws_cloudfront_distribution.distribution_with_secondary_bucket[0]
9-
# to = aws_cloudfront_distribution.distribution
10-
# }
11-
12-
137
moved {
148
from = module.cloudfront-distribution-lg.aws_cloudfront_origin_access_control.cloudfront_s3_oac
15-
to = aws_cloudfront_origin_access_control.cloudfront_s3_oac
9+
to = aws_cloudfront_origin_access_control.s3
1610
}
1711

1812
moved {
@@ -22,5 +16,5 @@ moved {
2216

2317
moved {
2418
from = module.cloudfront-distribution-lg.aws_cloudfront_origin_request_policy.viewer_policy
25-
to = aws_cloudfront_origin_request_policy.viewer_policy
19+
to = aws_cloudfront_origin_request_policy.viewer
2620
}

0 commit comments

Comments
 (0)