lkrimphove/main.tf

## main.tf
### CLOUDFRONT

module "cloudfront" {
  source              = "terraform-aws-modules/cloudfront/aws"
  comment             = "Outdoor Activities Cloudfront"
  is_ipv6_enabled     = true
  price_class         = "PriceClass_100"
  wait_for_deployment = false

  create_origin_access_identity = true
  origin_access_identities = {
    s3_bucket = "s3_bucket_access"
  }

  origin = {
    s3_bucket = {
      domain_name = module.output_bucket.s3_bucket_bucket_regional_domain_name
      s3_origin_config = {
        origin_access_identity = "s3_bucket"
      }
    }
  }

  default_cache_behavior = {
    target_origin_id       = "s3_bucket"
    viewer_protocol_policy = "redirect-to-https"

    default_ttl = 5400
    min_ttl     = 3600
    max_ttl     = 7200

    allowed_methods = ["GET", "HEAD"]
    cached_methods  = ["GET", "HEAD"]
    compress        = true
    query_string    = false

    function_association = {
      viewer-request = {
        function_arn = aws_cloudfront_function.viewer_request.arn
      }
    }
  }

  default_root_object = "index.html"

  custom_error_response = [
    {
      error_code         = 403
      response_code      = 404
      response_page_path = "/404.html"
    },
    {
      error_code         = 404
      response_code      = 404
      response_page_path = "/404.html"
    }
  ]
}

data "aws_iam_policy_document" "s3_policy" {
  version = "2012-10-17"
  statement {
    actions   = ["s3:GetObject"]
    resources = ["${module.output_bucket.s3_bucket_arn}/*"]
    principals {
      type        = "AWS"
      identifiers = module.cloudfront.cloudfront_origin_access_identity_iam_arns
    }
  }
}

resource "aws_s3_bucket_policy" "docs" {
  bucket = module.output_bucket.s3_bucket_id
  policy = data.aws_iam_policy_document.s3_policy.json
}

resource "aws_cloudfront_function" "viewer_request" {
  name    = "cloudfront-viewer-request"
  runtime = "cloudfront-js-1.0"
  publish = true
  code    = file("../src/viewer-request.js")
}
	### CLOUDFRONT

	module "cloudfront" {
	source = "terraform-aws-modules/cloudfront/aws"
	comment = "Outdoor Activities Cloudfront"
	is_ipv6_enabled = true
	price_class = "PriceClass_100"
	wait_for_deployment = false

	create_origin_access_identity = true
	origin_access_identities = {
	s3_bucket = "s3_bucket_access"
	}

	origin = {
	s3_bucket = {
	domain_name = module.output_bucket.s3_bucket_bucket_regional_domain_name
	s3_origin_config = {
	origin_access_identity = "s3_bucket"
	}
	}
	}

	default_cache_behavior = {
	target_origin_id = "s3_bucket"
	viewer_protocol_policy = "redirect-to-https"

	default_ttl = 5400
	min_ttl = 3600
	max_ttl = 7200

	allowed_methods = ["GET", "HEAD"]
	cached_methods = ["GET", "HEAD"]
	compress = true
	query_string = false

	function_association = {
	viewer-request = {
	function_arn = aws_cloudfront_function.viewer_request.arn
	}
	}
	}

	default_root_object = "index.html"

	custom_error_response = [
	{
	error_code = 403
	response_code = 404
	response_page_path = "/404.html"
	},
	{
	error_code = 404
	response_code = 404
	response_page_path = "/404.html"
	}
	]
	}

	data "aws_iam_policy_document" "s3_policy" {
	version = "2012-10-17"
	statement {
	actions = ["s3:GetObject"]
	resources = ["${module.output_bucket.s3_bucket_arn}/*"]
	principals {
	type = "AWS"
	identifiers = module.cloudfront.cloudfront_origin_access_identity_iam_arns
	}
	}
	}

	resource "aws_s3_bucket_policy" "docs" {
	bucket = module.output_bucket.s3_bucket_id
	policy = data.aws_iam_policy_document.s3_policy.json
	}

	resource "aws_cloudfront_function" "viewer_request" {
	name = "cloudfront-viewer-request"
	runtime = "cloudfront-js-1.0"
	publish = true
	code = file("../src/viewer-request.js")
	}