Skip to content

Commit 2fedaa3

Browse files
mweineltmweinelt
committed
terraform: configure authn for fastly<->releases
This happens in preparation for enabling requester pays on the S3 bucket.
1 parent 6d666f0 commit 2fedaa3

File tree

4 files changed

+20
-4
lines changed

4 files changed

+20
-4
lines changed

terraform/cache.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -220,11 +220,11 @@ resource "fastly_service_vcl" "cache" {
220220
name = "Authenticate S3 requests"
221221
type = "miss"
222222
priority = 100
223-
content = templatefile("${path.module}/cache/s3-authn.vcl", {
223+
content = templatefile("${path.module}/s3-authn.vcl", {
224224
aws_region = aws_s3_bucket.cache.region
225225
backend_domain = aws_s3_bucket.cache.bucket_domain_name
226-
access_key = local.cache-iam.key
227-
secret_key = local.cache-iam.secret
226+
access_key = local.fastly-iam.key
227+
secret_key = local.fastly-iam.secret
228228
})
229229
}
230230

terraform/locals.tf

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,9 @@ locals {
44
# TLS v1.2, protocols HTTP/1.1 and HTTP/2
55
fastly_tls12_sni_configuration_id = "5PXBTa6c01Xoh54ylNwmVA"
66

7-
cache-iam = data.terraform_remote_state.terraform-iam.outputs.cache
7+
# Used for authenticating fastly against S3 buckets
8+
fastly-iam = data.terraform_remote_state.terraform-iam.outputs.cache
9+
810
fastlylogs = data.terraform_remote_state.terraform-iam.outputs.fastlylogs
911

1012
# fastlylogs = {

terraform/releases.tf

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -181,6 +181,20 @@ resource "fastly_service_vcl" "releases" {
181181
status = 404
182182
}
183183

184+
# Authenticate Fastly<->S3 requests. See Fastly documentation:
185+
# https://docs.fastly.com/en/guides/amazon-s3#using-an-amazon-s3-private-bucket
186+
snippet {
187+
name = "Authenticate S3 requests"
188+
type = "miss"
189+
priority = 100
190+
content = templatefile("${path.module}/s3-authn.vcl", {
191+
aws_region = aws_s3_bucket.releases.region
192+
backend_domain = aws_s3_bucket.releases.bucket_domain_name
193+
access_key = local.fastly-iam.key
194+
secret_key = local.fastly-iam.secret
195+
})
196+
}
197+
184198
snippet {
185199
content = "set req.url = querystring.remove(req.url);"
186200
name = "Remove all query strings"

terraform/cache/s3-authn.vcl renamed to terraform/s3-authn.vcl

File renamed without changes.

0 commit comments

Comments
 (0)