outright api https (#18)

bcheidemann · Dec 16, 2023 · 1f945aa · 1f945aa
1 parent 6fd7555
commit 1f945aa
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 2 deletions.
diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf
@@ -135,3 +135,60 @@ resource "aws_cloudfront_distribution" "catlord_files_distribution" {
     prefix          = "aws_cloudfront_distribution/catlord_files_distribution/"
   }
 }
+
+// ===================== Outright API =====================
+resource "aws_cloudfront_distribution" "outright_api_distribution" {
+  origin {
+    domain_name = "server.outright.api.catlord.co.uk"
+    origin_id   = "APIOrigin"
+
+    custom_origin_config {
+      http_port                = 80
+      https_port               = 443
+      origin_protocol_policy   = "https-only"
+      origin_ssl_protocols     = ["TLSv1.2"]
+    }
+  }
+
+  enabled             = true
+  is_ipv6_enabled     = true
+
+  default_cache_behavior {
+    allowed_methods  = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = "APIOrigin"
+
+    forwarded_values {
+      query_string = true
+      headers      = ["*"]
+      cookies {
+        forward = "all"
+      }
+    }
+
+    viewer_protocol_policy = "redirect-to-https"
+
+    # Set the TTL values to 0 to effectively disable caching
+    min_ttl     = 0
+    default_ttl = 0
+    max_ttl     = 0
+  }
+
+  viewer_certificate {
+    acm_certificate_arn            = aws_acm_certificate_validation.catlord_static_site_cert_validation.certificate_arn
+    ssl_support_method             = "sni-only"
+    minimum_protocol_version       = "TLSv1.2_2021"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+
+  logging_config {
+    include_cookies = false
+    bucket          = "${aws_s3_bucket.logging_bucket.bucket}.s3.amazonaws.com"
+    prefix          = "aws_cloudfront_distribution/outright_api_distribution/"
+  }
+}
diff --git a/terraform/r53.tf b/terraform/r53.tf
@@ -102,14 +102,26 @@ resource "aws_route53_record" "outright_servers" {
   records = ["149.202.89.159"]
 }
 
-resource "aws_route53_record" "outright_api" {
+resource "aws_route53_record" "outright_api_server" {
   zone_id = aws_route53_zone.catlord.zone_id
-  name    = "outright.api.catlord.co.uk"
+  name    = "server.outright.api.catlord.co.uk"
   type    = "A"
   ttl     = 300
   records = ["139.162.245.152"]
 }
 
+resource "aws_route53_record" "outright_api" {
+  zone_id = aws_route53_zone.catlord.zone_id
+  name    = "outright.api.catlord.co.uk"
+  type    = "A"
+
+  alias {
+    name                   = aws_cloudfront_distribution.outright_api_distribution.domain_name
+    zone_id                = aws_cloudfront_distribution.outright_api_distribution.hosted_zone_id
+    evaluate_target_health = false
+  }
+}
+
 resource "aws_route53_record" "catlord_files" {
   zone_id = aws_route53_zone.catlord.zone_id
   name    = "files.catlord.co.uk"