From c5269de73bf50a31938dbe215e8421f2107d6984 Mon Sep 17 00:00:00 2001 From: amavrogiannis Date: Fri, 29 Mar 2024 14:36:18 +0000 Subject: [PATCH 1/4] default cft cert --- infra/modules/web/cloudfront.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra/modules/web/cloudfront.tf b/infra/modules/web/cloudfront.tf index 75290ed..ca15fb1 100644 --- a/infra/modules/web/cloudfront.tf +++ b/infra/modules/web/cloudfront.tf @@ -99,8 +99,8 @@ resource "aws_cloudfront_distribution" "this" { viewer_certificate { # acm_certificate_arn = data.aws_acm_certificate.this.arn cloudfront_default_certificate = true - minimum_protocol_version = "TLSv1.2_2021" - ssl_support_method = "sni-only" + # minimum_protocol_version = "TLSv1.2_2021" + # ssl_support_method = "sni-only" } } From 17fe251e4487a5c72cece4b71af14f25aef80d86 Mon Sep 17 00:00:00 2001 From: amavrogiannis Date: Fri, 29 Mar 2024 16:24:14 +0000 Subject: [PATCH 2/4] it worked locally --- infra/envs/prod/modules.tf | 4 ++++ infra/envs/test/backend.tf | 3 ++- infra/envs/test/modules.tf | 7 +++++-- infra/modules/web/cloudfront.tf | 12 +++++++----- 4 files changed, 18 insertions(+), 8 deletions(-) diff --git a/infra/envs/prod/modules.tf b/infra/envs/prod/modules.tf index 733a1f3..b049448 100644 --- a/infra/envs/prod/modules.tf +++ b/infra/envs/prod/modules.tf @@ -11,4 +11,8 @@ module "cvalexmav_web" { service_group = "CV_Website" environment = "Production" + providers = { + aws.virginia = aws.virginia + } + } \ No newline at end of file diff --git a/infra/envs/test/backend.tf b/infra/envs/test/backend.tf index 99c89c8..0378370 100644 --- a/infra/envs/test/backend.tf +++ b/infra/envs/test/backend.tf @@ -24,7 +24,7 @@ terraform { provider "aws" { # alias = "main" region = "eu-west-1" - # profile = var.PROFILE + profile = "alexm" default_tags { tags = { Terraform = "TRUE" @@ -36,4 +36,5 @@ provider "aws" { alias = "virginia" region = "us-east-1" # profile = var.PROFILE_US + profile = "alexm-us" } \ No newline at end of file diff --git a/infra/envs/test/modules.tf b/infra/envs/test/modules.tf index ca9fa52..01a7fbe 100644 --- a/infra/envs/test/modules.tf +++ b/infra/envs/test/modules.tf @@ -4,11 +4,14 @@ module "testalexmav_web" { bucket_name = "test.alexmav.co.uk" enable_website = true - - domain_acm = "cv.alexmav.co.uk" + + domain_acm = "test.alexmav.co.uk" # Tags service_group = "Test_Website" environment = "Development" + providers = { + aws.virginia = aws.virginia + } } \ No newline at end of file diff --git a/infra/modules/web/cloudfront.tf b/infra/modules/web/cloudfront.tf index ca15fb1..25a46e0 100644 --- a/infra/modules/web/cloudfront.tf +++ b/infra/modules/web/cloudfront.tf @@ -1,5 +1,7 @@ data "aws_acm_certificate" "this" { domain = var.domain_acm + + provider = aws.virginia } resource "aws_cloudfront_origin_access_identity" "this" { @@ -80,7 +82,7 @@ resource "aws_cloudfront_distribution" "this" { min_ttl = 0 default_ttl = 3600 - max_ttl = 7200 + max_ttl = 86400 compress = true viewer_protocol_policy = "redirect-to-https" } @@ -97,10 +99,10 @@ resource "aws_cloudfront_distribution" "this" { #First, create certificate, before pasting the ARN here. viewer_certificate { - # acm_certificate_arn = data.aws_acm_certificate.this.arn - cloudfront_default_certificate = true - # minimum_protocol_version = "TLSv1.2_2021" - # ssl_support_method = "sni-only" + acm_certificate_arn = data.aws_acm_certificate.this.arn + cloudfront_default_certificate = false + minimum_protocol_version = "TLSv1.2_2021" + ssl_support_method = "sni-only" } } From 521203321381a5626e90c62372c465b312b973ec Mon Sep 17 00:00:00 2001 From: amavrogiannis Date: Fri, 29 Mar 2024 16:24:55 +0000 Subject: [PATCH 3/4] cicid --- .github/workflows/terraform_prod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_prod.yaml b/.github/workflows/terraform_prod.yaml index 0e68844..7e66d48 100644 --- a/.github/workflows/terraform_prod.yaml +++ b/.github/workflows/terraform_prod.yaml @@ -3,7 +3,7 @@ name: "Production - Terraform Infrastructure" on: push: branches: - - main + - prod paths: - infra/envs/prod/** - infra/modules/** From a4e3a5c44599238ebdaae91ed4435739db9dd653 Mon Sep 17 00:00:00 2001 From: amavrogiannis Date: Fri, 29 Mar 2024 16:27:17 +0000 Subject: [PATCH 4/4] fixing backend --- infra/envs/prod/backend.tf | 1 - infra/envs/test/backend.tf | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/infra/envs/prod/backend.tf b/infra/envs/prod/backend.tf index 99c89c8..bb4c146 100644 --- a/infra/envs/prod/backend.tf +++ b/infra/envs/prod/backend.tf @@ -22,7 +22,6 @@ terraform { } provider "aws" { - # alias = "main" region = "eu-west-1" # profile = var.PROFILE default_tags { diff --git a/infra/envs/test/backend.tf b/infra/envs/test/backend.tf index 0378370..01f1d72 100644 --- a/infra/envs/test/backend.tf +++ b/infra/envs/test/backend.tf @@ -24,7 +24,7 @@ terraform { provider "aws" { # alias = "main" region = "eu-west-1" - profile = "alexm" + # profile = "alexm" default_tags { tags = { Terraform = "TRUE" @@ -36,5 +36,4 @@ provider "aws" { alias = "virginia" region = "us-east-1" # profile = var.PROFILE_US - profile = "alexm-us" } \ No newline at end of file