mizzy/cloudfront.tf

## cloudfront.tf
resource "aws_acm_certificate" "mizzy_org" {
  provider = aws.us-east-1
  domain_name       = "mizzy.org"
  validation_method = "EMAIL"
}

resource "aws_cloudfront_distribution" "mizzy_org" {
  enabled = true
  aliases = ["mizzy.org"]

  default_cache_behavior {
    allowed_methods        = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
    cached_methods         = ["GET", "HEAD"]
    target_origin_id       = "mizzy-org"
    viewer_protocol_policy = "https-only"

    forwarded_values {
      query_string = true
      query_string_cache_keys = ["datehash"]
      cookies {
        forward = "none"
      }
    }

    function_association {
      event_type   = "viewer-request"
      function_arn = aws_cloudfront_function.mizzy_org.arn
    }
  }

  origin {
    custom_origin_config {
      http_port                = 80
      https_port               = 443
      origin_keepalive_timeout = 5
      origin_protocol_policy   = "https-only"
      origin_read_timeout      = 59
      origin_ssl_protocols     = ["TLSv1", "TLSv1.1", "TLSv1.2"]
    }

    domain_name = "mizzy.org"
    origin_id   = "mizzy-org"
  }

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  viewer_certificate {
    acm_certificate_arn = aws_acm_certificate.mizzy_org.arn
    ssl_support_method  = "sni-only"
  }
}

resource "aws_cloudfront_function" "mizzy_org" {
  name    = "add-date-hash-query-string"
  runtime = "cloudfront-js-1.0"
  code    = <<EOF
function handler(event) {
    var request = event.request
    if ( request.querystring.preview && request.querystring.preview.value == 'true' ) {
        var crypto = require('crypto');
        var hmac = crypto.createHmac('sha256', Date.now().toString());
        var digest = hmac.digest('hex')
        request.querystring.datehash = { value: digest }
    }
    return request
}
  EOF
}
	resource "aws_acm_certificate" "mizzy_org" {
	provider = aws.us-east-1
	domain_name = "mizzy.org"
	validation_method = "EMAIL"
	}

	resource "aws_cloudfront_distribution" "mizzy_org" {
	enabled = true
	aliases = ["mizzy.org"]

	default_cache_behavior {
	allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
	cached_methods = ["GET", "HEAD"]
	target_origin_id = "mizzy-org"
	viewer_protocol_policy = "https-only"

	forwarded_values {
	query_string = true
	query_string_cache_keys = ["datehash"]
	cookies {
	forward = "none"
	}
	}

	function_association {
	event_type = "viewer-request"
	function_arn = aws_cloudfront_function.mizzy_org.arn
	}
	}

	origin {
	custom_origin_config {
	http_port = 80
	https_port = 443
	origin_keepalive_timeout = 5
	origin_protocol_policy = "https-only"
	origin_read_timeout = 59
	origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
	}

	domain_name = "mizzy.org"
	origin_id = "mizzy-org"
	}

	restrictions {
	geo_restriction {
	restriction_type = "none"
	}
	}

	viewer_certificate {
	acm_certificate_arn = aws_acm_certificate.mizzy_org.arn
	ssl_support_method = "sni-only"
	}
	}

	resource "aws_cloudfront_function" "mizzy_org" {
	name = "add-date-hash-query-string"
	runtime = "cloudfront-js-1.0"
	code = <<EOF
	function handler(event) {
	var request = event.request
	if ( request.querystring.preview && request.querystring.preview.value == 'true' ) {
	var crypto = require('crypto');
	var hmac = crypto.createHmac('sha256', Date.now().toString());
	var digest = hmac.digest('hex')
	request.querystring.datehash = { value: digest }
	}
	return request
	}
	EOF
	}