Skip to content

Commit

Permalink
Fix S3 Bucket KMS Key
Browse files Browse the repository at this point in the history
  • Loading branch information
@Tomdango
Tomdango committed Jul 4, 2023
1 parent ada302c commit 78711e8
Show file tree
Hide file tree
Showing 6 changed files with 11 additions and 66 deletions.
6 changes: 3 additions & 3 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ data "aws_region" "current" {}
module "assets" {
source = "./modules/opennext-assets"

aws_account_id = data.aws_caller_identity.current.account_id
prefix = "${var.prefix}-assets"
assets_path = "${local.opennext_abs_path}/assets"
cache_path = "${local.opennext_abs_path}/cache"
Expand Down Expand Up @@ -415,10 +414,11 @@ module "cloudfront" {

logging_bucket_domain_name = module.cloudfront_logs.logs_s3_bucket.bucket_regional_domain_name
assets_origin_access_identity = module.assets.cloudfront_origin_access_identity.cloudfront_access_identity_path

origins = {
assets_bucket = module.assets.assets_bucket.bucket_regional_domain_name
server_function = "${module.server_function.lambda_function_url.url_id}.lambda-url.eu-west-2.on.aws"
image_optimization_function = "${module.image_optimization_function.lambda_function_url.url_id}.lambda-url.eu-west-2.on.aws"
server_function = "${module.server_function.lambda_function_url.url_id}.lambda-url.${data.aws_region.current.name}.on.aws"
image_optimization_function = "${module.image_optimization_function.lambda_function_url.url_id}.lambda-url.${data.aws_region.current.name}.on.aws"
}

aliases = local.cloudfront.aliases
Expand Down
45 changes: 0 additions & 45 deletions modules/opennext-assets/kms.tf
View file

This file was deleted.

4 changes: 2 additions & 2 deletions modules/opennext-assets/s3.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,9 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "assets" {
bucket = aws_s3_bucket.assets.bucket

rule {

apply_server_side_encryption_by_default {
kms_master_key_id = try(data.aws_kms_key.assets_key[0].arn, aws_kms_key.assets_key[0].arn)
sse_algorithm = "aws:kms"
sse_algorithm = "AES256"
}
}
}
Expand Down
10 changes: 0 additions & 10 deletions modules/opennext-assets/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,13 +44,3 @@ variable "replication_configuration" {
}))
})
}

variable "kms_key_arn" {
description = "The KMS Key ARN for the encryption of the static assets S3 bucket"
type = string
default = null
}

variable "aws_account_id" {
type = string
}
7 changes: 1 addition & 6 deletions modules/opennext-cloudfront/cloudfront.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ EOF

data "aws_cloudfront_origin_request_policy" "origin_request_policy" {
count = var.origin_request_policy == null ? 1 : 0
name = "Managed-AllViewer"
name = "Managed-AllViewerExceptHostHeader"
}

resource "aws_cloudfront_origin_request_policy" "origin_request_policy" {
Expand Down Expand Up @@ -142,11 +142,6 @@ resource "aws_cloudfront_response_headers_policy" "response_headers_policy" {
}
}

provider "aws" {
alias = "global"
region = "us-east-1"
}

resource "aws_cloudfront_distribution" "distribution" {
provider = aws.global
price_class = "PriceClass_100"
Expand Down
5 changes: 5 additions & 0 deletions modules/opennext-cloudfront/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,8 @@ terraform {
}
}
}

provider "aws" {
alias = "global"
region = "us-east-1"
}

0 comments on commit 78711e8

Please sign in to comment.