Initial commit: AWS CloudFront with OpenTofu infrastructure

- Complete CloudFront distribution setup with origin.servidor.it.com
- WAF v2 integration for security protection
- S3 backend for Terraform state management
- CloudFront logging to S3
- HTTP-only origin protocol configuration (resolves 504 Gateway Timeout)
- Comprehensive documentation with deployment guide

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

outputs.tf

@@ -0,0 +1,113 @@
+# CloudFront Distribution Outputs
+output "cloudfront_distribution_id" {
+  description = "CloudFront distribution ID"
+  value       = aws_cloudfront_distribution.main.id
+}
+
+output "cloudfront_distribution_arn" {
+  description = "CloudFront distribution ARN"
+  value       = aws_cloudfront_distribution.main.arn
+}
+
+output "cloudfront_domain_name" {
+  description = "CloudFront distribution domain name"
+  value       = aws_cloudfront_distribution.main.domain_name
+}
+
+output "cloudfront_hosted_zone_id" {
+  description = "CloudFront distribution hosted zone ID"
+  value       = aws_cloudfront_distribution.main.hosted_zone_id
+}
+
+output "cloudfront_status" {
+  description = "CloudFront distribution status"
+  value       = aws_cloudfront_distribution.main.status
+}
+
+# CloudFormation Stack Outputs (conditional)
+output "cloudformation_stack_id" {
+  description = "CloudFormation stack ID"
+  value       = var.enable_cloudformation_stack ? aws_cloudformation_stack.network[0].id : null
+}
+
+output "cloudformation_stack_name" {
+  description = "CloudFormation stack name"
+  value       = var.enable_cloudformation_stack ? aws_cloudformation_stack.network[0].name : null
+}
+
+output "vpc_id" {
+  description = "VPC ID from CloudFormation stack"
+  value       = var.enable_cloudformation_stack ? data.aws_cloudformation_stack.network[0].outputs["VPCId"] : null
+}
+
+output "public_subnet_id" {
+  description = "Public subnet ID from CloudFormation stack"
+  value       = var.enable_cloudformation_stack ? data.aws_cloudformation_stack.network[0].outputs["PublicSubnetId"] : null
+}
+
+# Security Group Outputs (conditional)
+output "alb_security_group_id" {
+  description = "ALB security group ID"
+  value       = var.create_alb_security_group ? aws_security_group.alb[0].id : null
+}
+
+output "web_security_group_id" {
+  description = "Web server security group ID"
+  value       = var.create_web_security_group ? aws_security_group.web[0].id : null
+}
+
+# WAF Outputs (conditional)
+output "waf_web_acl_arn" {
+  description = "WAF Web ACL ARN"
+  value       = var.enable_waf ? aws_wafv2_web_acl.cloudfront[0].arn : null
+}
+
+output "waf_web_acl_id" {
+  description = "WAF Web ACL ID"
+  value       = var.enable_waf ? aws_wafv2_web_acl.cloudfront[0].id : null
+}
+
+# Origin Information
+output "origin_domain" {
+  description = "Origin domain name"
+  value       = var.origin_domain
+}
+
+# ACM Certificate Outputs
+output "acm_certificate_arn" {
+  description = "ACM certificate ARN"
+  value       = var.create_acm_certificate ? aws_acm_certificate.main[0].arn : null
+}
+
+output "acm_certificate_domain_validation_options" {
+  description = "ACM certificate domain validation options"
+  value       = var.create_acm_certificate ? aws_acm_certificate.main[0].domain_validation_options : null
+}
+
+# Route53 Outputs
+output "route53_zone_id" {
+  description = "Route53 hosted zone ID"
+  value       = var.create_route53_records ? data.aws_route53_zone.main[0].zone_id : null
+}
+
+# CloudFront URLs for testing
+output "cloudfront_url" {
+  description = "CloudFront distribution URL"
+  value       = "https://${aws_cloudfront_distribution.main.domain_name}"
+}
+
+output "custom_domain_urls" {
+  description = "Custom domain URLs"
+  value       = [for alias in var.cloudfront_aliases : "https://${alias}"]
+}
+
+output "domain_validation_records" {
+  description = "DNS records needed for domain validation (if not using Route53)"
+  value = var.create_route53_records || !var.create_acm_certificate ? null : [
+    for dvo in aws_acm_certificate.main[0].domain_validation_options : {
+      name   = dvo.resource_record_name
+      type   = dvo.resource_record_type
+      value  = dvo.resource_record_value
+    }
+  ]
+}