Merge branch 'main' into DEV-1389-migrate-to-cms-discover-ecosystem-h…

…omepage-section
pagopa · Feb 13, 2024 · 5a1a57b · 5a1a57b
2 parents ed134d9 + 2d53f34
commit 5a1a57b
Show file tree

Hide file tree

Showing 2 changed files with 88 additions and 0 deletions.
diff --git a/.infrastructure/50_storage.tf b/.infrastructure/50_storage.tf
@@ -89,3 +89,42 @@ module "dynamodb_webinar_questions" {
     },
   ]
 }
+
+## Bucket S3 for CMS Strapi Medialibrary
+resource "random_integer" "bucket_random_integer" {
+  min = 1
+  max = 9999
+}
+
+data "aws_iam_policy_document" "s3_iam_policy_cms" {
+  statement {
+    actions = ["s3:GetObject", "s3:ListBucket"]
+    resources = [
+      "${module.s3_bucket_cms.s3_bucket_arn}",
+      "${module.s3_bucket_cms.s3_bucket_arn}/*"
+    ]
+
+    principals {
+      type        = "AWS"
+      identifiers = module.cloudfront_cms.cloudfront_origin_access_identity_iam_arns
+    }
+  }
+}
+
+module "s3_bucket_cms" {
+  source = "git::https://github.com/terraform-aws-modules/terraform-aws-s3-bucket.git?ref=3a1c80b29fdf8fc682d2749456ec36ecbaf4ce14" # v4.1.0
+
+  bucket                  = "cms-medialibrary-${random_integer.bucket_random_integer.result}"
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+
+  versioning = {
+    status  = true
+    enabled = true
+  }
+
+  attach_policy = true
+  policy        = data.aws_iam_policy_document.s3_iam_policy_cms.json
+}
diff --git a/.infrastructure/60_cdn.tf b/.infrastructure/60_cdn.tf
@@ -110,3 +110,52 @@ resource "aws_cloudfront_distribution" "website" {
     ssl_support_method             = var.use_custom_certificate ? "sni-only" : null
   }
 }
+
+## CDN to Medialibrary for CMS Strapi
+module "cloudfront_cms" {
+  source = "git::https://github.com/terraform-aws-modules/terraform-aws-cloudfront.git?ref=ed0f1f983f606304e00ad9f48399bd2fe0b79233" # v3.2.2
+
+  create_origin_access_identity = true
+  origin_access_identities = {
+    s3_cms = "Identity to access S3 bucket."
+  }
+
+  origin = {
+    s3_one = {
+      domain_name = module.s3_bucket_cms.s3_bucket_bucket_regional_domain_name
+      s3_origin_config = {
+        origin_access_identity = "s3_cms"
+      }
+    }
+  }
+
+  enabled         = true
+  is_ipv6_enabled = true
+  comment         = "CloudFront distribution for the medialibrary cms."
+
+  default_cache_behavior = {
+    allowed_methods        = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
+    cached_methods         = ["GET", "HEAD", "OPTIONS"]
+    target_origin_id       = "s3_one"
+    viewer_protocol_policy = "redirect-to-https"
+    min_ttl                = 0     # min time for objects to live in the distribution cache
+    default_ttl            = 3600  # default time for objects to live in the distribution cache
+    max_ttl                = 86400 # max time for objects to live in the distribution cache
+
+    forwarded_values = {
+      query_string = false
+      headers      = []
+      cookies = {
+        forward = "none"
+      }
+    }
+
+    viewer_certificate = {
+      cloudfront_default_certificate = true
+    }
+
+    geo_restriction = {
+      restriction_type = "none"
+    }
+  }
+}