From d06654dc9c96c951c669748c1f6492b3e176baab Mon Sep 17 00:00:00 2001 From: James Miller Date: Mon, 2 Sep 2024 12:10:59 +0100 Subject: [PATCH] Fastly config for mobile backend --- mobile-backend.tf | 7 +++ modules/mobile-backend/main.tf | 74 +++++++++++++++++++++++++++++ modules/mobile-backend/outputs.tf | 0 modules/mobile-backend/provider.tf | 9 ++++ modules/mobile-backend/variables.tf | 11 +++++ 5 files changed, 101 insertions(+) create mode 100644 mobile-backend.tf create mode 100644 modules/mobile-backend/main.tf create mode 100644 modules/mobile-backend/outputs.tf create mode 100644 modules/mobile-backend/provider.tf create mode 100644 modules/mobile-backend/variables.tf diff --git a/mobile-backend.tf b/mobile-backend.tf new file mode 100644 index 0000000..62b39d5 --- /dev/null +++ b/mobile-backend.tf @@ -0,0 +1,7 @@ +module "mobile-backend-integration" { + source = "./modules/mobile-backend" + + environment = "integration" + hostname = "app.integration.publishing.service.gov.uk" + origin_hostname = "govuk-app-remote-config-integration.s3.eu-west-1.amazonaws.com" +} diff --git a/modules/mobile-backend/main.tf b/modules/mobile-backend/main.tf new file mode 100644 index 0000000..a386e2e --- /dev/null +++ b/modules/mobile-backend/main.tf @@ -0,0 +1,74 @@ +locals { + strip_headers = [ + "x-amz-id-2", + "x-amz-meta-server-side-encryption", + "x-amz-request-id", + "x-amz-version-id", + "x-amz-server-side-encryption" + ] + # headers to add + ttl = "300s" # 5 minutes + cache_control = "max-age=300, public, immutable" + access_control_allow_origin = "*" +} + +resource "fastly_service_vcl" "mobile_backend_service" { + name = "Mobile backend - ${title(var.environment)}" + http3 = true + + domain { + name = var.hostname + } + + backend { + name = "Mobile backend config bucket - ${var.environment}" + address = var.origin_hostname + port = 443 + + connect_timeout = 1000 + first_byte_timeout = 15000 + max_conn = 200 + between_bytes_timeout = 10000 + + ssl_check_cert = true + ssl_ciphers = "ECDHE-RSA-AES256-GCM-SHA384" + ssl_cert_hostname = var.origin_hostname + ssl_sni_hostname = var.origin_hostname + min_tls_version = "1.2" + } + + dynamic "header" { + for_each = local.strip_headers + content { + destination = "http.${header.value}" + name = "Remove ${header.value}" + action = "delete" + type = "cache" + } + } + + header { + destination = "ttl" + name = "Add ttl header" + action = "set" + type = "response" + source = local.ttl + } + + header { + destination = "http.Cache-Control" + name = "Add Cache-Control header" + action = "set" + type = "response" + source = local.cache_control + } + + header { + destination = "http.Access-Control-Allow-Origin" + name = "Add Access-Control-Allow-Origin header" + action = "set" + type = "response" + source = local.access_control_allow_origin + } + +} diff --git a/modules/mobile-backend/outputs.tf b/modules/mobile-backend/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/modules/mobile-backend/provider.tf b/modules/mobile-backend/provider.tf new file mode 100644 index 0000000..88b34fd --- /dev/null +++ b/modules/mobile-backend/provider.tf @@ -0,0 +1,9 @@ +terraform { + required_version = "~> 1.7" + required_providers { + fastly = { + source = "fastly/fastly" + version = ">= 5.11.0" + } + } +} diff --git a/modules/mobile-backend/variables.tf b/modules/mobile-backend/variables.tf new file mode 100644 index 0000000..4c7d2b8 --- /dev/null +++ b/modules/mobile-backend/variables.tf @@ -0,0 +1,11 @@ +variable "environment" { + type = string +} + +variable "hostname" { + type = string +} + +variable "origin_hostname" { + type = string +}