feat: Replaced custom cache policy with managed policy to disable cache. (FYST-1527) (#18)

Author: jamesiarmes

README.md

@@ -13,7 +13,7 @@ to match your desired configuration. For example, to create a new distribution
 
 ```hcl
 module "cloudfront_waf" {
-  source = "github.com/codeforamerica/tofu-modules-aws-cloudfront-waf?ref=1.4.0"
+  source = "github.com/codeforamerica/tofu-modules-aws-cloudfront-waf?ref=1.6.0"
 
   project     = "my-project"
   environment = "dev"

data.tf

@@ -1,8 +1,12 @@
-data "aws_cloudfront_origin_request_policy" "managed_cors" {
+data "aws_cloudfront_cache_policy" "policy" {
+  name = "Managed-CachingDisabled"
+}
+
+data "aws_cloudfront_origin_request_policy" "policy" {
   name = "Managed-${var.request_policy}"
 }
 
-data "aws_cloudfront_response_headers_policy" "managed_cors" {
+data "aws_cloudfront_response_headers_policy" "policy" {
   name = "Managed-SimpleCORS"
 }
 

main.tf

@@ -1,29 +1,3 @@
-resource "aws_cloudfront_cache_policy" "waf_passthrough" {
-  name        = "${var.project}-${var.environment}-waf-passthrough"
-  comment     = "We don't really care about caching, we just want to pass traffic to the WAF."
-  default_ttl = 1
-  max_ttl     = 1
-  min_ttl     = 1
-
-  parameters_in_cache_key_and_forwarded_to_origin {
-    enable_accept_encoding_brotli = true
-    enable_accept_encoding_gzip   = true
-
-    cookies_config {
-      cookie_behavior = "all"
-    }
-    headers_config {
-      header_behavior = "whitelist"
-      headers {
-        items = ["Host"]
-      }
-    }
-    query_strings_config {
-      query_string_behavior = "all"
-    }
-  }
-}
-
 resource "aws_cloudfront_distribution" "waf" {
   enabled         = true
   comment         = "Pass traffic through WAF before sending to the origin."
@@ -64,7 +38,6 @@ resource "aws_cloudfront_distribution" "waf" {
   }
 
   default_cache_behavior {
-    cache_policy_id  = aws_cloudfront_cache_policy.waf_passthrough.id
     allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
     cached_methods   = ["GET", "HEAD"]
     target_origin_id = local.origin_domain
@@ -73,8 +46,9 @@ resource "aws_cloudfront_distribution" "waf" {
     max_ttl          = 0
     min_ttl          = 0
 
-    origin_request_policy_id   = data.aws_cloudfront_origin_request_policy.managed_cors.id
-    response_headers_policy_id = data.aws_cloudfront_response_headers_policy.managed_cors.id
+    cache_policy_id            = data.aws_cloudfront_cache_policy.policy.id
+    origin_request_policy_id   = data.aws_cloudfront_origin_request_policy.policy.id
+    response_headers_policy_id = data.aws_cloudfront_response_headers_policy.policy.id
 
     viewer_protocol_policy = "redirect-to-https"
   }