fix: Prevent CF from constant redeploying because of TTL values

Selleo · Oct 9, 2023 · 95e2801 · 95e2801
1 parent c1a0b1c
commit 95e2801
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 67 deletions.
diff --git a/modules/public-storage/main.tf b/modules/public-storage/main.tf
@@ -23,11 +23,11 @@ resource "aws_cloudfront_origin_access_control" "this" {
 }
 
 resource "aws_cloudfront_distribution" "this" {
-  comment             = "Public Storage ${random_id.prefix.hex}"
-  enabled             = true
-  is_ipv6_enabled     = true
-  aliases             = var.aliases
-  price_class         = var.price_class
+  comment         = "Public Storage ${random_id.prefix.hex}"
+  enabled         = true
+  is_ipv6_enabled = true
+  aliases         = var.aliases
+  price_class     = var.price_class
 
   viewer_certificate {
     cloudfront_default_certificate = false
@@ -52,39 +52,21 @@ resource "aws_cloudfront_distribution" "this" {
   }
 
   default_cache_behavior {
-    allowed_methods  = var.default_cache_behavior.allowed_methods
-    cached_methods   = var.default_cache_behavior.cached_methods
+    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
+    cached_methods   = ["GET", "HEAD"]
     target_origin_id = local.origin_id
 
     response_headers_policy_id = var.response_headers_policy_id
-    origin_request_policy_id = var.origin_request_policy_id
-    cache_policy_id = aws_cloudfront_cache_policy.this.id
+    origin_request_policy_id   = var.origin_request_policy_id
+    cache_policy_id            = aws_cloudfront_cache_policy.this.id
+    compress = true
 
-    compress               = var.default_cache_behavior.compress
     viewer_protocol_policy = "redirect-to-https"
-    min_ttl                = var.default_cache_behavior.min_ttl
-    default_ttl            = var.default_cache_behavior.default_ttl
-    max_ttl                = var.default_cache_behavior.max_ttl
-  }
-
-  dynamic "custom_error_response" {
-    for_each = var.custom_error_responses
-
-    content {
-      error_code            = custom_error_response.value.error_code
-      error_caching_min_ttl = custom_error_response.value.error_caching_min_ttl
-      response_code         = custom_error_response.value.response_code
-      response_page_path    = custom_error_response.value.response_page_path
-    }
   }
 
   tags = merge(local.tags, { "resource.group" = "network" })
 }
 
-resource "aws_cloudfront_origin_access_identity" "this" {
-  comment = "Public Storage ${random_id.prefix.hex}"
-}
-
 resource "aws_iam_policy" "deployment_policy" {
   name   = "cdn-deployment-public-storage-${random_id.prefix.hex}"
   policy = data.aws_iam_policy_document.this.json
@@ -183,9 +165,9 @@ resource "aws_cloudfront_cache_policy" "this" {
   name    = "cdn-public-storage-${random_id.prefix.hex}"
   comment = "Cache policy for Public Storage ${random_id.prefix.hex}"
 
-  min_ttl     = var.default_cache_behavior.min_ttl
-  default_ttl = var.default_cache_behavior.default_ttl
-  max_ttl     = var.default_cache_behavior.max_ttl
+  min_ttl     = 1
+  default_ttl = 86400
+  max_ttl     = 31536000
 
   parameters_in_cache_key_and_forwarded_to_origin {
     cookies_config {

diff --git a/modules/public-storage/variables.tf b/modules/public-storage/variables.tf
@@ -33,49 +33,13 @@ variable "tags" {
   default     = {}
 }
 
-variable "custom_error_responses" {
-  type = list(object({
-    error_code            = number
-    error_caching_min_ttl = number
-    response_code         = number
-    response_page_path    = string
-  }))
-
-  default = []
-
-  description = "List of custom error responses for distribution."
-}
-
 variable "certificate_minimum_protocol_version" {
   # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#minimum_protocol_version
   type        = string
   default     = "TLSv1.2_2019"
   description = "The minimum version of the SSL protocol that you want to use for HTTPS."
 }
 
-variable "default_cache_behavior" {
-  # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#default-cache-behavior-arguments
-  type = object({
-    allowed_methods = list(string),
-    cached_methods  = list(string),
-    min_ttl         = number
-    max_ttl         = number
-    default_ttl     = number
-    compress        = bool
-  })
-
-  default = {
-    allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
-    cached_methods  = ["GET", "HEAD"]
-    min_ttl         = 1
-    default_ttl     = 86400  # 1 day
-    max_ttl         = 31536000 # 1 year
-    compress        = true
-  }
-
-  description = "Default cache behavior for this distribution"
-}
-
 variable "response_headers_policy_id" {
   type        = string
   description = "The identifier for a response headers policy."