diff --git a/src/infra/api/oi-admin.tpl.json b/src/infra/api/oi-admin.tpl.json index e8d7d0479..dd1630af5 100644 --- a/src/infra/api/oi-admin.tpl.json +++ b/src/infra/api/oi-admin.tpl.json @@ -36,6 +36,7 @@ "x-amazon-apigateway-integration": { "credentials": "${lambda_apigateway_proxy_role}", "passthroughBehavior": "when_no_match", + "timeoutInMillis" : 10000, "contentHandling": "CONVERT_TO_TEXT", "type": "aws_proxy", "httpMethod": "POST", @@ -150,6 +151,7 @@ "x-amazon-apigateway-integration": { "credentials": "${lambda_apigateway_proxy_role}", "passthroughBehavior": "when_no_match", + "timeoutInMillis" : 10000, "contentHandling": "CONVERT_TO_TEXT", "type": "aws_proxy", "httpMethod": "POST", @@ -239,6 +241,7 @@ "x-amazon-apigateway-integration": { "credentials": "${lambda_apigateway_proxy_role}", "passthroughBehavior": "when_no_match", + "timeoutInMillis" : 10000, "contentHandling": "CONVERT_TO_TEXT", "type": "aws_proxy", "httpMethod": "POST", @@ -349,6 +352,7 @@ "x-amazon-apigateway-integration": { "credentials": "${lambda_apigateway_proxy_role}", "passthroughBehavior": "when_no_match", + "timeoutInMillis" : 10000, "contentHandling": "CONVERT_TO_TEXT", "type": "aws_proxy", "httpMethod": "POST", @@ -449,6 +453,7 @@ "x-amazon-apigateway-integration": { "credentials": "${lambda_apigateway_proxy_role}", "passthroughBehavior": "when_no_match", + "timeoutInMillis" : 10000, "contentHandling": "CONVERT_TO_TEXT", "type": "aws_proxy", "httpMethod": "POST", @@ -655,6 +660,7 @@ "x-amazon-apigateway-integration": { "credentials": "${lambda_apigateway_proxy_role}", "passthroughBehavior": "when_no_match", + "timeoutInMillis" : 10000, "contentHandling": "CONVERT_TO_TEXT", "type": "aws_proxy", "httpMethod": "POST", @@ -900,6 +906,7 @@ "uri": "${assets_bucket_control_panel_uri}/index.html", "type": "aws", "passthroughBehavior": "WHEN_NO_TEMPLATES", + "timeoutInMillis" : 10000, "requestParameters": { "integration.request.querystring.client_id": "method.request.querystring.client_id", "integration.request.querystring.response_type": "method.request.querystring.response_type", @@ -982,6 +989,7 @@ "uri": "${assets_bucket_control_panel_uri}/index.html", "type": "aws", "passthroughBehavior": "WHEN_NO_TEMPLATES", + "timeoutInMillis" : 10000, "requestParameters": {}, "responseParameters": {}, "responses": { @@ -1030,6 +1038,7 @@ "uri": "${assets_bucket_control_panel_uri}/index.html", "type": "aws", "passthroughBehavior": "WHEN_NO_TEMPLATES", + "timeoutInMillis" : 10000, "requestParameters": {}, "responseParameters": {}, "responses": { @@ -1114,6 +1123,7 @@ "integration.request.path.proxy": "method.request.path.proxy" }, "passthroughBehavior": "when_no_match", + "timeoutInMillis" : 10000, "cacheKeyParameters": [ "method.request.path.proxy" ] diff --git a/src/infra/api/oi-internal-idp.tpl.json b/src/infra/api/oi-internal-idp.tpl.json index e1ae54e78..461f5cb8d 100644 --- a/src/infra/api/oi-internal-idp.tpl.json +++ b/src/infra/api/oi-internal-idp.tpl.json @@ -80,6 +80,7 @@ "integration.request.path.proxy": "method.request.path.proxy" }, "passthroughBehavior": "when_no_match", + "timeoutInMillis" : 10000, "cacheKeyParameters": [ "method.request.path.proxy" ] @@ -99,6 +100,7 @@ "connectionType": "VPC_LINK", "connectionId": "${connection_id}", "passthroughBehavior": "WHEN_NO_TEMPLATES", + "timeoutInMillis" : 10000, "requestParameters": { "integration.request.header.accept": "'*/*'" }, @@ -178,6 +180,7 @@ "connectionType": "VPC_LINK", "connectionId": "${connection_id}", "passthroughBehavior": "WHEN_NO_TEMPLATES", + "timeoutInMillis" : 10000, "requestParameters": { "integration.request.header.accept": "'*/*'" }, @@ -267,6 +270,7 @@ "connectionType": "VPC_LINK", "connectionId": "${connection_id}", "passthroughBehavior": "WHEN_NO_TEMPLATES", + "timeoutInMillis" : 10000, "requestParameters": { "integration.request.header.accept": "'*/*'" }, diff --git a/src/infra/api/oi.tpl.json b/src/infra/api/oi.tpl.json index b4913c9fc..a1576187a 100644 --- a/src/infra/api/oi.tpl.json +++ b/src/infra/api/oi.tpl.json @@ -35,6 +35,7 @@ "type": "mock", "requestParameters": {}, "passthroughBehavior": "when_no_match", + "timeoutInMillis" : 10000, "contentHandling": "CONVERT_TO_TEXT", "responses": { "302": { @@ -78,6 +79,7 @@ "connectionId": "${connection_id}", "requestParameters": {}, "passthroughBehavior": "WHEN_NO_TEMPLATES", + "timeoutInMillis" : 5000, "responses": { "200": { "statusCode": "200", @@ -187,6 +189,7 @@ "integration.request.querystring.state": "method.request.querystring.state" }, "passthroughBehavior": "when_no_match", + "timeoutInMillis" : 10000, "responseParameters": {}, "type": "aws", "responses": { @@ -195,7 +198,7 @@ "responseParameters": { "method.response.header.content-type": "integration.response.header.Content-Type", "method.response.header.location": "integration.response.header.location", - "method.response.header.Content-Security-Policy": "'default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.pagopa.it; frame-ancestors 'none';'" + "method.response.header.Content-Security-Policy": "'default-src 'self' https://*.oneid.pagopa.it ; script-src 'self' https://*.oneid.pagopa.it; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.oneid.pagopa.it; img-src 'self' data: https://*.pagopa.it; frame-ancestors 'none';'" } }, "404": { @@ -237,6 +240,7 @@ "uri": "${assets_bucket_uri}/index.html", "type": "aws", "passthroughBehavior": "WHEN_NO_TEMPLATES", + "timeoutInMillis" : 10000, "requestParameters": { "integration.request.querystring.errorCode": "method.request.querystring.errorCode" }, @@ -246,7 +250,7 @@ "statusCode": "200", "responseParameters": { "method.response.header.content-type": "integration.response.header.Content-Type", - "method.response.header.Content-Security-Policy": "'default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.pagopa.it; frame-ancestors 'none';'" + "method.response.header.Content-Security-Policy": "'default-src 'self' https://*.oneid.pagopa.it ; script-src 'self' https://*.oneid.pagopa.it; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.oneid.pagopa.it; img-src 'self' data: https://*.pagopa.it; frame-ancestors 'none';'" } }, "404": { @@ -276,6 +280,7 @@ "httpMethod": "POST", "uri": "arn:aws:apigateway:${aws_region}:lambda:path/2015-03-31/functions/${retrieve_status_lambda_arn}/invocations", "passthroughBehavior": "when_no_match", + "timeoutInMillis" : 5000, "contentHandling": "CONVERT_TO_TEXT", "type": "aws_proxy", "responses": { @@ -450,6 +455,7 @@ "connectionType": "VPC_LINK", "connectionId": "${connection_id}", "passthroughBehavior": "WHEN_NO_TEMPLATES", + "timeoutInMillis" : 10000, "requestParameters": { "integration.request.header.accept": "'*/*'" }, @@ -567,6 +573,7 @@ "integration.request.querystring.access_token": "method.request.querystring.access_token" }, "passthroughBehavior": "WHEN_NO_TEMPLATES", + "timeoutInMillis" : 10000, "responses": { "200": { "statusCode": "200", @@ -657,6 +664,7 @@ "uri": "${assets_bucket_uri}/{id_type}.xml", "type": "aws", "passthroughBehavior": "WHEN_NO_TEMPLATES", + "timeoutInMillis" : 2000, "requestParameters": { "integration.request.path.id_type": "method.request.path.id_type" }, @@ -794,6 +802,7 @@ "connectionType": "VPC_LINK", "connectionId": "${connection_id}", "passthroughBehavior": "WHEN_NO_TEMPLATES", + "timeoutInMillis" : 10000, "requestParameters": { "integration.request.header.accept": "'*/*'", "integration.request.header.X-Forwarded-For": "method.request.header.X-Forwarded-For", @@ -1065,6 +1074,7 @@ "connectionType": "VPC_LINK", "connectionId": "${connection_id}", "passthroughBehavior": "WHEN_NO_TEMPLATES", + "timeoutInMillis" : 20000, "requestParameters": { "integration.request.header.accept": "'*/*'", "integration.request.header.authorization": "method.request.header.authorization" @@ -1192,6 +1202,7 @@ "integration.request.header.Origin": "method.request.header.Origin" }, "passthroughBehavior": "WHEN_NO_TEMPLATES", + "timeoutInMillis" : 2000, "responses": { "200": { "statusCode": "200", @@ -1363,6 +1374,7 @@ "integration.request.header.Origin": "method.request.header.Origin" }, "passthroughBehavior": "WHEN_NO_TEMPLATES", + "timeoutInMillis" : 2000, "responses": { "204": { "statusCode": "204", @@ -1482,6 +1494,7 @@ "uri": "${uri}/idps", "connectionType": "VPC_LINK", "connectionId": "${connection_id}", + "timeoutInMillis" : 5000, "requestParameters": { "integration.request.header.accept": "'*/*'" }, @@ -1523,6 +1536,7 @@ "uri": "${uri}/clients/{client_id}", "connectionType": "VPC_LINK", "connectionId": "${connection_id}", + "timeoutInMillis" : 5000, "requestParameters": { "integration.request.header.accept": "'*/*'", "integration.request.path.client_id": "method.request.path.client_id" @@ -1583,6 +1597,7 @@ "uri": "${uri}/clients", "connectionType": "VPC_LINK", "connectionId": "${connection_id}", + "timeoutInMillis" : 5000, "responses": { "200": { "statusCode": "200", @@ -1657,7 +1672,7 @@ "statusCode": "200", "responseParameters": { "method.response.header.Content-Type": "integration.response.header.Content-Type", - "method.response.header.Content-Security-Policy": "'default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.pagopa.it; frame-ancestors 'none';'" + "method.response.header.Content-Security-Policy": "'default-src 'self' https://*.oneid.pagopa.it ; script-src 'self' https://*.oneid.pagopa.it; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.oneid.pagopa.it; img-src 'self' data: https://*.pagopa.it; frame-ancestors 'none';'" } }, "404": { @@ -1669,114 +1684,12 @@ "integration.request.path.proxy": "method.request.path.proxy" }, "passthroughBehavior": "when_no_match", + "timeoutInMillis" : 5000, "cacheKeyParameters": [ "method.request.path.proxy" ] } } - }, - "/assets/{proxy+}": { - "get": { - "parameters": [ - { - "name": "proxy", - "in": "path", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "description": "200 response", - "headers": { - "Content-Type": { - "schema": { - "type": "string" - } - }, - "Content-Length": { - "schema": { - "type": "string" - } - }, - "Content-Security-Policy": { - "type": "string" - } - }, - "content": {} - }, - "404": { - "$ref": "#/components/responses/notFound" - } - }, - "x-amazon-apigateway-integration": { - "type": "aws", - "credentials": "${s3_apigateway_proxy_role}", - "httpMethod": "GET", - "uri": "${assets_bucket_uri}/assets/{proxy}", - "responses": { - "default": { - "statusCode": "200", - "responseParameters": { - "method.response.header.Content-Type": "integration.response.header.Content-Type", - "method.response.header.Content-Security-Policy": "'default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.pagopa.it; frame-ancestors 'none';'" - } - }, - "404": { - "statusCode": "404", - "responseParameters": {} - } - }, - "requestParameters": { - "integration.request.path.proxy": "method.request.path.proxy" - }, - "passthroughBehavior": "when_no_match", - "cacheKeyParameters": [ - "method.request.path.proxy" - ] - } - } - }, - "/asset-manifest.json": { - "get": { - "tags": [ - "asset-manifest.json static file" - ], - "description": "This route will serve the asset-manifest.json file", - "parameters": [], - "x-amazon-apigateway-integration": { - "credentials": "${s3_apigateway_proxy_role}", - "httpMethod": "GET", - "uri": "${assets_bucket_uri}/asset-manifest.json", - "requestParameters": {}, - "passthroughBehavior": "when_no_match", - "responseParameters": {}, - "type": "aws", - "responses": { - "200": { - "statusCode": "200", - "responseParameters": { - "method.response.header.content-type": "integration.response.header.Content-Type", - "method.response.header.location": "integration.response.header.location" - } - }, - "404": { - "statusCode": "404", - "responseParameters": {} - } - } - }, - "responses": { - "200": { - "$ref": "#/components/responses/responseOkHtml" - }, - "404": { - "$ref": "#/components/responses/notFound" - } - } - } } }, "components": { diff --git a/src/infra/dev/eu-south-1/main.tf b/src/infra/dev/eu-south-1/main.tf index 9750932dc..ad4262ced 100644 --- a/src/infra/dev/eu-south-1/main.tf +++ b/src/infra/dev/eu-south-1/main.tf @@ -41,6 +41,7 @@ module "frontend" { domain_admin_name = module.r53_zones.dns_zone_name domain_internal_idp_name = module.r53_zones.dns_zone_name domain_auth_name = module.r53_zones.dns_zone_name + domain_assets_name = module.r53_zones.dns_zone_name r53_dns_zone_id = module.r53_zones.dns_zone_id role_prefix = local.project @@ -107,6 +108,12 @@ module "frontend" { cognito_domain_cloudfront_distribution = module.cognito.cloudfront_distribution cognito_domain_cloudfront_distribution_zone_id = module.cognito.cloudfront_distribution_zone_id + cloudfront = { + name = format("%s-cloudfront", local.project) + bucket_arn = module.storage.assets_bucket_arn + bucket_id = module.storage.assets_bucket_name + bucket_origin_domain_name = module.storage.assets_bucket_regional_domain_name + } } diff --git a/src/infra/modules/frontend/main.tf b/src/infra/modules/frontend/main.tf index 64791aacf..ecabf4de4 100644 --- a/src/infra/modules/frontend/main.tf +++ b/src/infra/modules/frontend/main.tf @@ -26,6 +26,16 @@ module "records" { ttl = var.dns_record_ttl } }, + { + name = "assets" + type = "A" + alias = { + name = aws_cloudfront_distribution.assets_cdn_distribution[0].domain_name + zone_id = aws_cloudfront_distribution.assets_cdn_distribution[0].hosted_zone_id + evaluate_target_health = true + ttl = var.dns_record_ttl + } + }, ], var.deploy_internal_idp_rest_api ? [ { @@ -77,6 +87,28 @@ module "acm" { } } +module "acm_assets" { + count = var.aws_region != "eu-south-1" ? 0 : 1 + source = "terraform-aws-modules/acm/aws" + version = "5.0.0" + + #domain_name = format("admin.%s", var.domain_admin_name) + domain_name = var.domain_assets_name != null ? format("assets.%s", var.domain_assets_name) : null + + zone_id = var.r53_dns_zone_id + + validation_method = "DNS" + create_route53_records = true + + tags = { + Name = var.domain_assets_name != null ? format("assets.%s", var.domain_assets_name) : null + } + + providers = { + aws = aws.us_east_1 + } +} + module "acm_admin" { count = var.aws_region != "eu-south-1" ? 0 : 1 source = "terraform-aws-modules/acm/aws" @@ -506,6 +538,100 @@ module "rest_api_internal_idp" { api_authorizer = {} } +## Cloudfront + +resource "aws_cloudfront_origin_access_control" "assets_cdn" { + count = var.deploy_cloudfront ? 1 : 0 + name = var.cloudfront.name + description = "CDN for S3 assets bucket" + origin_access_control_origin_type = "s3" + signing_behavior = "always" + signing_protocol = "sigv4" +} + +data "aws_cloudfront_response_headers_policy" "cors_preflight_managed" { + name = "Managed-CORS-With-Preflight" +} + +# CloudFront Distribution +resource "aws_cloudfront_distribution" "assets_cdn_distribution" { + count = var.deploy_cloudfront ? 1 : 0 + origin { + domain_name = var.cloudfront.bucket_origin_domain_name + origin_access_control_id = aws_cloudfront_origin_access_control.assets_cdn[0].id + origin_id = "S3Origin" + } + aliases = ["assets.${var.domain_name}"] + enabled = true + is_ipv6_enabled = true + + + default_cache_behavior { + allowed_methods = ["GET", "HEAD", "OPTIONS"] + cached_methods = ["GET", "HEAD"] + target_origin_id = "S3Origin" + response_headers_policy_id = data.aws_cloudfront_response_headers_policy.cors_preflight_managed.id + + forwarded_values { + query_string = false + cookies { + forward = "none" + } + } + + viewer_protocol_policy = "redirect-to-https" + min_ttl = 0 + default_ttl = 3600 + max_ttl = 86400 + } + + price_class = "PriceClass_100" + + restrictions { + geo_restriction { + restriction_type = "none" + } + } + + viewer_certificate { + #cloudfront_default_certificate = true # Use this for *.cloudfront.net domain + # For custom domain, use ACM certificate and modify as needed + acm_certificate_arn = module.acm_assets[0].acm_certificate_arn + ssl_support_method = "sni-only" + minimum_protocol_version = "TLSv1.2_2021" + } + + # Enable WAF if needed + # web_acl_id = aws_waf_web_acl.example_waf.id + depends_on = [module.acm_assets] +} + +# S3 Bucket Policy +resource "aws_s3_bucket_policy" "content_bucket_policy" { + count = var.deploy_cloudfront ? 1 : 0 + bucket = var.cloudfront.bucket_id #aws_s3_bucket.content_bucket.id + + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Sid = "AllowCloudFrontServicePrincipalReadOnly" + Effect = "Allow" + Principal = { + Service = "cloudfront.amazonaws.com" + } + Action = "s3:GetObject" + Resource = "${var.cloudfront.bucket_arn}/*" + Condition = { + StringEquals = { + "AWS:SourceArn" = aws_cloudfront_distribution.assets_cdn_distribution[0].arn + } + } + } + ] + }) +} + /* ## REST API Gateway ## diff --git a/src/infra/modules/frontend/variables.tf b/src/infra/modules/frontend/variables.tf index f0ee854a3..e34496c21 100644 --- a/src/infra/modules/frontend/variables.tf +++ b/src/infra/modules/frontend/variables.tf @@ -31,6 +31,12 @@ variable "domain_internal_idp_name" { default = null } +variable "domain_assets_name" { + type = string + description = "DNS assets domain name." + default = null +} + variable "cognito_domain_cloudfront_distribution" { type = string default = null @@ -217,6 +223,23 @@ variable "web_acl" { description = "WEB acl name" } +## Cloudfront + +variable "cloudfront" { + type = object({ + name = string, + bucket_origin_domain_name = string, + bucket_id = string, + bucket_arn = string + }) + default = null +} + +variable "deploy_cloudfront" { + type = bool + default = true +} + ## Network loadbalancer. variable "nlb_dns_name" { diff --git a/src/infra/modules/rest-api/main.tf b/src/infra/modules/rest-api/main.tf index 35ac36ac7..122ca2e95 100644 --- a/src/infra/modules/rest-api/main.tf +++ b/src/infra/modules/rest-api/main.tf @@ -21,7 +21,7 @@ resource "aws_api_gateway_deployment" "main" { rest_api_id = aws_api_gateway_rest_api.main.id triggers = { - redeployment = sha1(jsonencode(aws_api_gateway_rest_api.main.body)) + redeployment = sha1(jsonencode(aws_api_gateway_rest_api.main.*)) } lifecycle { diff --git a/src/infra/modules/storage/outputs.tf b/src/infra/modules/storage/outputs.tf index cc35b5466..d0044da28 100644 --- a/src/infra/modules/storage/outputs.tf +++ b/src/infra/modules/storage/outputs.tf @@ -30,7 +30,9 @@ output "assets_control_panel_bucket_arn" { output "assets_control_panel_bucket_name" { value = try(module.s3_assets_control_panel_bucket[0].s3_bucket_id, null) } - +output "assets_bucket_regional_domain_name" { + value = try(module.s3_assets_bucket[0].s3_bucket_bucket_regional_domain_name, null) +} output "assets_internal_idp_bucket_arn" { value = try(module.s3_internal_idp_assets_bucket[0].s3_bucket_arn, null) } diff --git a/src/infra/prod/eu-central-1/main.tf b/src/infra/prod/eu-central-1/main.tf index 4e195ddf2..d31ae8f62 100644 --- a/src/infra/prod/eu-central-1/main.tf +++ b/src/infra/prod/eu-central-1/main.tf @@ -480,10 +480,12 @@ module "frontend" { sns_topic_arn = module.sns.sns_topic_arn } domain_admin_name = "admin" + domain_assets_name = "assets" api_gateway_admin_plan = null rest_api_admin_name = null openapi_admin_template_file = null client_manager_lambda_arn = null + deploy_cloudfront = false } diff --git a/src/infra/prod/eu-south-1/main.tf b/src/infra/prod/eu-south-1/main.tf index 97015b0d3..529dba50e 100644 --- a/src/infra/prod/eu-south-1/main.tf +++ b/src/infra/prod/eu-south-1/main.tf @@ -490,10 +490,11 @@ module "frontend" { source = "../../modules/frontend" ## DNS - domain_name = module.r53_zones.dns_zone_name - domain_admin_name = module.r53_zones.dns_zone_name - domain_auth_name = module.r53_zones.dns_zone_name - r53_dns_zone_id = module.r53_zones.dns_zone_id + domain_name = module.r53_zones.dns_zone_name + domain_admin_name = module.r53_zones.dns_zone_name + domain_auth_name = module.r53_zones.dns_zone_name + domain_assets_name = module.r53_zones.dns_zone_name + r53_dns_zone_id = module.r53_zones.dns_zone_id role_prefix = local.project @@ -551,6 +552,13 @@ module "frontend" { cognito_domain_cloudfront_distribution = module.cognito.cloudfront_distribution cognito_domain_cloudfront_distribution_zone_id = module.cognito.cloudfront_distribution_zone_id + + cloudfront = { + name = format("%s-cloudfront", local.project) + bucket_arn = module.storage.assets_bucket_arn + bucket_id = module.storage.assets_bucket_name + bucket_origin_domain_name = module.storage.assets_bucket_regional_domain_name + } } ## Monitoring / Dashboard ## diff --git a/src/infra/uat/eu-south-1/.terraform.lock.hcl b/src/infra/uat/eu-south-1/.terraform.lock.hcl index 549bd23be..1706db759 100644 --- a/src/infra/uat/eu-south-1/.terraform.lock.hcl +++ b/src/infra/uat/eu-south-1/.terraform.lock.hcl @@ -1,6 +1,25 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/hashicorp/archive" { + version = "2.7.1" + hashes = [ + "h1:A7EnRBVm4h9ryO9LwxYnKr4fy7ExPMwD5a1DsY7m1Y0=", + "zh:19881bb356a4a656a865f48aee70c0b8a03c35951b7799b6113883f67f196e8e", + "zh:2fcfbf6318dd514863268b09bbe19bfc958339c636bcbcc3664b45f2b8bf5cc6", + "zh:3323ab9a504ce0a115c28e64d0739369fe85151291a2ce480d51ccbb0c381ac5", + "zh:362674746fb3da3ab9bd4e70c75a3cdd9801a6cf258991102e2c46669cf68e19", + "zh:7140a46d748fdd12212161445c46bbbf30a3f4586c6ac97dd497f0c2565fe949", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:875e6ce78b10f73b1efc849bfcc7af3a28c83a52f878f503bb22776f71d79521", + "zh:b872c6ed24e38428d817ebfb214da69ea7eefc2c38e5a774db2ccd58e54d3a22", + "zh:cd6a44f731c1633ae5d37662af86e7b01ae4c96eb8b04144255824c3f350392d", + "zh:e0600f5e8da12710b0c52d6df0ba147a5486427c1a2cc78f31eea37a47ee1b07", + "zh:f21b2e2563bbb1e44e73557bcd6cdbc1ceb369d471049c40eb56cb84b6317a60", + "zh:f752829eba1cc04a479cf7ae7271526b402e206d5bcf1fcce9f535de5ff9e4e6", + ] +} + provider "registry.terraform.io/hashicorp/aws" { version = "5.77.0" constraints = ">= 2.49.0, >= 3.29.0, >= 4.22.0, >= 4.33.0, >= 4.40.0, >= 4.66.1, >= 5.20.0, >= 5.21.0, >= 5.27.0, >= 5.32.0, >= 5.33.0, >= 5.49.0, >= 5.58.0, >= 5.75.1, 5.77.0" diff --git a/src/infra/uat/eu-south-1/main.tf b/src/infra/uat/eu-south-1/main.tf index 069dd4675..43c322a42 100644 --- a/src/infra/uat/eu-south-1/main.tf +++ b/src/infra/uat/eu-south-1/main.tf @@ -42,6 +42,7 @@ module "frontend" { domain_admin_name = module.r53_zones.dns_zone_name domain_internal_idp_name = module.r53_zones.dns_zone_name domain_auth_name = module.r53_zones.dns_zone_name + domain_assets_name = module.r53_zones.dns_zone_name r53_dns_zone_id = module.r53_zones.dns_zone_id role_prefix = local.project @@ -104,6 +105,13 @@ module "frontend" { cognito_domain_cloudfront_distribution = module.cognito.cloudfront_distribution cognito_domain_cloudfront_distribution_zone_id = module.cognito.cloudfront_distribution_zone_id + + cloudfront = { + name = format("%s-cloudfront", local.project) + bucket_arn = module.storage.assets_bucket_arn + bucket_id = module.storage.assets_bucket_name + bucket_origin_domain_name = module.storage.assets_bucket_regional_domain_name + } } module "storage" {