publicdata/j40-cejst-2
1
0
Fork 0
mirror of https://github.com/DOI-DO/j40-cejst-2.git synced 2025-02-23 01:54:18 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
j40-cejst-2/infrastructure/resources-cloudfront.yml

85 lines
3 KiB
YAML
Raw Permalink Normal View History

Fargate Serverless Workers for Census Data Enrichment and Tile Generation (#230) * add basic infrastructure * add cloudfront distribution * WIP checkpoint * add ecs cluster * add conditions and route53 dns entry to cloudfront * WIP checkin * Added a raw execution mode for demo/testing * Add pre-defined Task for ogr2ogr * Tweak Task Definition name * Mostly working except for logging error * Add additional logging permissions * Succesfully executed ogr2ogr in fargate. S3 permissions needs to be addresses * Add multipart permissions * Add a few more actions * Put IAM Policy on the correct resource * Deploy lambda and update events * fix iam permissions 🤦🏻‍♂️ * Add reference to Tippecanoe container * Clean up to only use named actions * Refactor resources to include support for tippecanoe * Make a more interesting GDAL command * Pull all ECS variables into environment file; successful test of running tippecanoe container * Support pre/post commands * Refactor codebase and enable linting * Implement many-to-many enrichment between USDS CSV files and Census zipped shapefiles * Change the GDAL image to one with the built-in drivers * Add some additional fixes to support the enrichment use case * Clean up old hello-world example * Expand the README to include ways to execute the lambdas * Validate scheduled lambda execution and then comment out Co-authored-by: Tim Zwolak <timothypage@gmail.com>
2021-06-30 08:29:01 -05:00
Resources:
S3DataBucketPolicyCDN:
Type: AWS::S3::BucketPolicy
Properties:
Bucket:
Ref: DataBucket
PolicyDocument:
Statement:
- Effect: "Allow"
Action:
- "s3:GetObject"
Resource:
Fn::Join:
- ""
- - "arn:aws:s3:::"
- Ref: DataBucket
- "/*"
Principal: "*"
DataBucketCachePolicy:
Type: AWS::CloudFront::CachePolicy
Properties:
CachePolicyConfig:
Name: ${self:provider.stage}-${self:service}-cloudfront-cache-policy
Comment: CloudFront Cache Policy for justice40 data harvester
DefaultTTL: "86400" # one day, only if Origin does _not_ send `Cache-Control` or `Expires` headers
MaxTTL: "31536000" # one year, used to validate when origin sends `Cache-Control` or `Expires` headers
MinTTL: "1" # one second
ParametersInCacheKeyAndForwardedToOrigin:
EnableAcceptEncodingGzip: false
EnableAcceptEncodingBrotli: false
CookiesConfig:
CookieBehavior: none
HeadersConfig:
HeaderBehavior: none
QueryStringsConfig:
QueryStringBehavior: none
DataDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- Id: DataBucket
DomainName:
# e.g. j40-sit-justice40-data-harvester-data.s3-website-us-east-1.amazonaws.com
Fn::Join:
- ""
- - ${self:custom.namespaceShort}-
- ${self:provider.stage}-
- ${self:service}-
- data
- ".s3-website-"
- Ref: AWS::Region
- ".amazonaws.com"
CustomOriginConfig:
HTTPPort: '80'
HTTPSPort: '443'
OriginProtocolPolicy: http-only
OriginSSLProtocols: [ "TLSv1", "TLSv1.1", "TLSv1.2" ]
OriginCustomHeaders:
- HeaderName: Origin # if the `Origin` header isn't present, S3 won't send CORS headers, this forces CORS to always be included
HeaderValue: geoplatform.gov # this doesn't need to be anything specific, since Allow-Origin: * is our CORS policy, it just has to have a value
Enabled: true
HttpVersion: http2
Comment: CDN for justice40 data bucket
Aliases:
- ${self:custom.environment.HOSTED_ZONE_SUBDOMAIN}.${self:custom.environment.HOSTED_ZONE_DOMAIN}
PriceClass: PriceClass_All
DefaultCacheBehavior:
AllowedMethods: [HEAD, GET, OPTIONS]
CachedMethods: [HEAD, GET]
CachePolicyId:
Ref: DataBucketCachePolicy
MinTTL: '0'
DefaultTTL: '0'
TargetOriginId: DataBucket
ViewerProtocolPolicy: redirect-to-https
CustomErrorResponses: []
ViewerCertificate:
AcmCertificateArn: ${self:custom.environment.CLOUDFRONT_CERTIFICATE_ARN}
SslSupportMethod: sni-only
Reference in a new issue Copy permalink