terraform: configure authn for fastly<->releases

This happens in preparation for enabling requester pays on the S3 bucket.
NixOS · May 15, 2024 · 497ee05 · 497ee05
1 parent 6d666f0
commit 497ee05
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/terraform/cache.tf b/terraform/cache.tf
@@ -220,7 +220,7 @@ resource "fastly_service_vcl" "cache" {
     name     = "Authenticate S3 requests"
     type     = "miss"
     priority = 100
-    content = templatefile("${path.module}/cache/s3-authn.vcl", {
+    content = templatefile("${path.module}/s3-authn.vcl", {
       aws_region     = aws_s3_bucket.cache.region
       backend_domain = aws_s3_bucket.cache.bucket_domain_name
       access_key     = local.cache-iam.key

diff --git a/terraform/releases.tf b/terraform/releases.tf
@@ -181,6 +181,20 @@ resource "fastly_service_vcl" "releases" {
     status          = 404
   }
 
+  # Authenticate Fastly<->S3 requests. See Fastly documentation:
+  # https://docs.fastly.com/en/guides/amazon-s3#using-an-amazon-s3-private-bucket
+  snippet {
+    name     = "Authenticate S3 requests"
+    type     = "miss"
+    priority = 100
+    content = templatefile("${path.module}/s3-authn.vcl", {
+      aws_region     = aws_s3_bucket.releases.region
+      backend_domain = aws_s3_bucket.releases.bucket_domain_name
+      access_key     = local.cache-iam.key
+      secret_key     = local.cache-iam.secret
+    })
+  }
+
   snippet {
     content  = "set req.url = querystring.remove(req.url);"
     name     = "Remove all query strings"

diff --git a/terraform/cache/s3-authn.vcl → terraform/s3-authn.vcl b/terraform/cache/s3-authn.vcl → terraform/s3-authn.vcl