Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Issue #680] Add basic CDN configuration #3082

Merged
merged 22 commits into from
Dec 6, 2024
Merged

[Issue #680] Add basic CDN configuration #3082

merged 22 commits into from
Dec 6, 2024

Conversation

coilysiren
Copy link
Collaborator

@coilysiren coilysiren commented Dec 3, 2024
edited
Loading

Summary

Relates to #680

Time to review: 20 mins

Changes proposed

  • Adds a Cloudfront CDN
  • The CDN caches everything at 1 hour by default
  • It is only active in staging and prod
  • It logs to a newly created S3 bucket (with a whole lot of permissions)
  • It forward to the frontend ALB
  • It only caches GET, HEAD, OPTIONS

Testing

https://d3oegia17k54zs.cloudfront.net/

image

You can have the load balancer available at the same time as the CDN: http://frontend-staging-1506108424.us-east-1.elb.amazonaws.com/. That said, after we roll this to production and test it, we should block public access to the load balancer, and swap the simpler.grants.gov CNAME over to the CDN.

image

@coilysiren coilysiren marked this pull request as ready for review December 3, 2024 20:43
mdragon
mdragon previously approved these changes Dec 3, 2024
View reviewed changes
Copy link
Collaborator

@mdragon mdragon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

acouch
acouch reviewed Dec 3, 2024
View reviewed changes
infra/modules/service/cdn.tf Outdated
# Default to caching for 1 hour, with a minimum of 1 minute.
# The default TTL can be overriden by the `Cache-Control max-age` or `Expires` headers
# There's also a `max_ttl` option, which can be used to override the above headers.
min_ttl = 60
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Think we might want this as 0 is we set those in the app with the s-maxage= https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html#ExpirationDownloadDist

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had this as 0 at first! I'll put it back

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

4d22583

@coilysiren coilysiren marked this pull request as draft December 5, 2024 22:02
@coilysiren coilysiren marked this pull request as ready for review December 5, 2024 22:22
mdragon
mdragon approved these changes Dec 6, 2024
View reviewed changes
Copy link
Collaborator

@mdragon mdragon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ship it!

@coilysiren coilysiren merged commit 38f1969 into main Dec 6, 2024
5 of 6 checks passed
@coilysiren coilysiren deleted the kai/cdn branch December 6, 2024 18:05
@coilysiren
Copy link
Collaborator Author

_> the checkov fails are false positives ... and they weren't failing earlier in the PR

@coilysiren coilysiren mentioned this pull request Dec 6, 2024
Merged
coilysiren added a commit that referenced this pull request Dec 6, 2024
@coilysiren
[no ticket] Adds some checkov skips (#3125)
8efc1f0 
## Context

follows #3082
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@acouch acouch acouch left review comments

@mdragon mdragon mdragon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@coilysiren @mdragon @acouch