Initial commit: AWS CloudFront with OpenTofu infrastructure
- Complete CloudFront distribution setup with origin.servidor.it.com - WAF v2 integration for security protection - S3 backend for Terraform state management - CloudFront logging to S3 - HTTP-only origin protocol configuration (resolves 504 Gateway Timeout) - Comprehensive documentation with deployment guide 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
kappa
159
variables.tf
Normal file
159
variables.tf
Normal file
@@ -0,0 +1,159 @@
|
||||
variable "aws_region" {
|
||||
description = "AWS region"
|
||||
type = string
|
||||
default = "us-east-1"
|
||||
}
|
||||
|
||||
variable "project_name" {
|
||||
description = "Name of the project"
|
||||
type = string
|
||||
default = "aws-cf"
|
||||
}
|
||||
|
||||
variable "environment" {
|
||||
description = "Environment (dev, staging, prod)"
|
||||
type = string
|
||||
default = "dev"
|
||||
}
|
||||
|
||||
variable "origin_domain" {
|
||||
description = "Origin domain name"
|
||||
type = string
|
||||
default = "origin.servidor.it.com"
|
||||
}
|
||||
|
||||
variable "cloudfront_aliases" {
|
||||
description = "List of aliases for CloudFront distribution"
|
||||
type = list(string)
|
||||
default = ["servidor.it.com", "www.servidor.it.com"]
|
||||
}
|
||||
|
||||
variable "domain_name" {
|
||||
description = "Main domain name for ACM certificate"
|
||||
type = string
|
||||
default = "servidor.it.com"
|
||||
}
|
||||
|
||||
variable "certificate_domain_validation_options" {
|
||||
description = "Domain validation method for ACM certificate"
|
||||
type = string
|
||||
default = "DNS"
|
||||
}
|
||||
|
||||
variable "create_route53_records" {
|
||||
description = "Whether to create Route53 records for domain validation and alias"
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "price_class" {
|
||||
description = "CloudFront distribution price class"
|
||||
type = string
|
||||
default = "PriceClass_All"
|
||||
|
||||
validation {
|
||||
condition = contains([
|
||||
"PriceClass_All",
|
||||
"PriceClass_200",
|
||||
"PriceClass_100"
|
||||
], var.price_class)
|
||||
error_message = "Price class must be one of: PriceClass_All, PriceClass_200, PriceClass_100"
|
||||
}
|
||||
}
|
||||
|
||||
variable "origin_protocol_policy" {
|
||||
description = "Origin protocol policy"
|
||||
type = string
|
||||
default = "https-only"
|
||||
|
||||
validation {
|
||||
condition = contains([
|
||||
"http-only",
|
||||
"https-only",
|
||||
"match-viewer"
|
||||
], var.origin_protocol_policy)
|
||||
error_message = "Origin protocol policy must be one of: http-only, https-only, match-viewer"
|
||||
}
|
||||
}
|
||||
|
||||
variable "viewer_protocol_policy" {
|
||||
description = "Viewer protocol policy"
|
||||
type = string
|
||||
default = "redirect-to-https"
|
||||
|
||||
validation {
|
||||
condition = contains([
|
||||
"allow-all",
|
||||
"https-only",
|
||||
"redirect-to-https"
|
||||
], var.viewer_protocol_policy)
|
||||
error_message = "Viewer protocol policy must be one of: allow-all, https-only, redirect-to-https"
|
||||
}
|
||||
}
|
||||
|
||||
variable "cache_policy_id" {
|
||||
description = "CloudFront cache policy ID (managed or custom)"
|
||||
type = string
|
||||
default = "4135ea2d-6df8-44a3-9df3-4b5a84be39ad" # CachingDisabled
|
||||
}
|
||||
|
||||
variable "origin_request_policy_id" {
|
||||
description = "CloudFront origin request policy ID"
|
||||
type = string
|
||||
default = "88a5eaf4-2fd4-4709-b370-b4c650ea3fcf" # CORS-S3Origin
|
||||
}
|
||||
|
||||
# Security-related variables
|
||||
variable "create_alb_security_group" {
|
||||
description = "Whether to create ALB security group"
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "create_web_security_group" {
|
||||
description = "Whether to create web server security group"
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "ssh_allowed_cidrs" {
|
||||
description = "CIDR blocks allowed for SSH access"
|
||||
type = list(string)
|
||||
default = ["0.0.0.0/0"] # Restrict this in production
|
||||
}
|
||||
|
||||
variable "enable_waf" {
|
||||
description = "Whether to enable WAF for CloudFront"
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "enable_cloudformation_stack" {
|
||||
description = "Whether to create CloudFormation stack"
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "create_acm_certificate" {
|
||||
description = "Whether to create ACM certificate"
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "enable_cloudfront_logging" {
|
||||
description = "Whether to enable CloudFront access logging"
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "cloudfront_logs_bucket" {
|
||||
description = "S3 bucket for CloudFront logs"
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "cloudfront_logs_prefix" {
|
||||
description = "Prefix for CloudFront logs in S3"
|
||||
type = string
|
||||
default = "cloudfront-logs/"
|
||||
}
|
||||
Reference in New Issue
Block a user