Skip to content

Commit

Permalink
terraform: configure authn for fastly<->releases
Browse files Browse the repository at this point in the history
This happens in preparation for enabling requester pays on the S3 bucket.
  • Loading branch information
mweinelt committed May 15, 2024
1 parent 6d666f0 commit 2fedaa3
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 4 deletions.
6 changes: 3 additions & 3 deletions terraform/cache.tf
Original file line number Diff line number Diff line change
Expand Up @@ -220,11 +220,11 @@ resource "fastly_service_vcl" "cache" {
name = "Authenticate S3 requests"
type = "miss"
priority = 100
content = templatefile("${path.module}/cache/s3-authn.vcl", {
content = templatefile("${path.module}/s3-authn.vcl", {
aws_region = aws_s3_bucket.cache.region
backend_domain = aws_s3_bucket.cache.bucket_domain_name
access_key = local.cache-iam.key
secret_key = local.cache-iam.secret
access_key = local.fastly-iam.key
secret_key = local.fastly-iam.secret
})
}

Expand Down
4 changes: 3 additions & 1 deletion terraform/locals.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ locals {
# TLS v1.2, protocols HTTP/1.1 and HTTP/2
fastly_tls12_sni_configuration_id = "5PXBTa6c01Xoh54ylNwmVA"

cache-iam = data.terraform_remote_state.terraform-iam.outputs.cache
# Used for authenticating fastly against S3 buckets
fastly-iam = data.terraform_remote_state.terraform-iam.outputs.cache

fastlylogs = data.terraform_remote_state.terraform-iam.outputs.fastlylogs

# fastlylogs = {
Expand Down
14 changes: 14 additions & 0 deletions terraform/releases.tf
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,20 @@ resource "fastly_service_vcl" "releases" {
status = 404
}

# Authenticate Fastly<->S3 requests. See Fastly documentation:
# https://docs.fastly.com/en/guides/amazon-s3#using-an-amazon-s3-private-bucket
snippet {
name = "Authenticate S3 requests"
type = "miss"
priority = 100
content = templatefile("${path.module}/s3-authn.vcl", {
aws_region = aws_s3_bucket.releases.region
backend_domain = aws_s3_bucket.releases.bucket_domain_name
access_key = local.fastly-iam.key
secret_key = local.fastly-iam.secret
})
}

snippet {
content = "set req.url = querystring.remove(req.url);"
name = "Remove all query strings"
Expand Down
File renamed without changes.

0 comments on commit 2fedaa3

Please sign in to comment.