Initial commit: AWS CloudFront with OpenTofu infrastructure

- Complete CloudFront distribution setup with origin.servidor.it.com - WAF v2 integration for security protection - S3 backend for Terraform state management - CloudFront logging to S3 - HTTP-only origin protocol configuration (resolves 504 Gateway Timeout) - Comprehensive documentation with deployment guide 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-09 09:08:17 +09:00
commit 210c454359
12 changed files with 1386 additions and 0 deletions
--- a/terraform.tfvars.example
+++ b/terraform.tfvars.example
@@ -0,0 +1,39 @@
+# AWS Configuration
+aws_region   = "us-east-1"
+project_name = "aws-cf"
+environment  = "dev"
+
+# Origin Configuration
+origin_domain = "origin.servidor.it.com"
+
+# Domain Configuration
+domain_name = "servidor.it.com"
+
+# CloudFront Configuration
+cloudfront_aliases = [
+  "servidor.it.com",
+  "www.servidor.it.com"
+]
+
+# Route53 Configuration
+create_route53_records = true
+certificate_domain_validation_options = "DNS"
+
+# CloudFront Settings
+price_class               = "PriceClass_100"  # PriceClass_All, PriceClass_200, PriceClass_100
+origin_protocol_policy    = "https-only"      # http-only, https-only, match-viewer
+viewer_protocol_policy    = "redirect-to-https" # allow-all, https-only, redirect-to-https
+
+# Cache Policies (AWS Managed Policies)
+cache_policy_id           = "4135ea2d-6df8-44a3-9df3-4b5a84be39ad" # CachingDisabled
+origin_request_policy_id  = "88a5eaf4-2fd4-4709-b370-b4c650ea3fcf" # CORS-S3Origin
+
+# Security Configuration
+create_alb_security_group = false
+create_web_security_group = false
+enable_waf                = false
+
+# SSH Access (if creating EC2 security groups)
+ssh_allowed_cidrs = [
+  "0.0.0.0/0" # Restrict this to your IP in production
+]