Terraform-provider-aws: How do I use Restrict Viewer Access

Created on 3 Sep 2019  路  3Comments  路  Source: hashicorp/terraform-provider-aws

Hello there,

I'm facing some issues when using the "Restrict Viewer Access (Use Signed URLs)" property for CloudFront. What's the most appropriate way to use it?

The documentation (here https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html didnt give me anything relevant regarding this issue)

This is one of my distribution resources:


resource "aws_cloudfront_distribution" "root_distribution" {

  origin {
    domain_name                 = "alb-default-2-xxxxxxxxxxx.us-east-1.elb.amazonaws.com"
    origin_id                   = "${var.root_origin_id}"
    custom_origin_config {
      http_port                 = 80
      https_port                = 443
      origin_read_timeout       = 30
      origin_keepalive_timeout  = 5
      origin_protocol_policy    = "match-viewer"
      origin_ssl_protocols      = ["TLSv1", "TLSv1.1", "TLSv1.2"]
    }
  }

  enabled                       = true
  is_ipv6_enabled               = true
  comment                       = "Terraform generated cloudfront distribution for hotmart.com"
  aliases                       = [xxxxxxxxxxxxx.com]


  price_class                   = "${terraform.workspace == "production" ? "PriceClass_All" : "PriceClass_100" }"

  viewer_certificate {
    acm_certificate_arn = "${terraform.workspace == "production" ?
    "arn:aws:acm:us-east-1:xxxxxxcertificate/23518869-37da-4c0c-9bbf-6xxxxx5" :
    "arn:aws:acm:us-east-1:xxxxxxxcertificate/d27d080c-4e4a-42f8-870b-dxxxxx
  }

  restrictions {
    "geo_restriction" {
      restriction_type = "none"
    }
  }

  default_cache_behavior {
    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "${var.root_origin_id}"
    compress = true
    viewer_protocol_policy = "redirect-to-https"
    min_ttl                = 0
    default_ttl            = 3600
    max_ttl                = 86400

    forwarded_values {
      headers = ["*"]
      query_string = true

      cookies {
        forward = "all"
      }
    }
  }

From the AWS side, this is somewhat I want to use:

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesRestrictViewerAccess

needs-triage question serviccloudfront
Source
picture diegoduarte-hotmart
👍3

Most helpful comment

although undocumented, this is the way to do it:

trusted_signers = ["self"]

picture rob-at-airwalk on 27 Sep 2019
👍16

All 3 comments

I've got this same issue

rob-at-airwalk picture rob-at-airwalk on 18 Sep 2019

I have got the same question. The documentation doesnot speack about that attribute at all. Can anyone please suggest something on this?

santoshdahal12 picture santoshdahal12 on 27 Sep 2019

although undocumented, this is the way to do it:

trusted_signers = ["self"]

rob-at-airwalk picture rob-at-airwalk on 27 Sep 2019
👍16
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gothrek22 picture gothrek22  路  3Comments
hashibot picture hashibot  路  3Comments
hashibot picture hashibot  路  3Comments
hashibot picture hashibot  路  3Comments
dvishniakov picture dvishniakov  路  3Comments