diff --git a/examples/existing-ditribution/README.md b/examples/existing-ditribution/README.md index 7634a2d..8267b29 100644 --- a/examples/existing-ditribution/README.md +++ b/examples/existing-ditribution/README.md @@ -13,6 +13,8 @@ To quickly run the example for testing purposes, you can: 3. Run `terraform plan`. 4. Run `terraform apply`. +The domain-related resources and variables are commented out for simplicity but you can uncomment them or use just them as a reference. + ### Using in production This is a simplified example. Use it as a reference but make sure to **adjust the code to your needs and security practices** before deploying it to production environments. diff --git a/examples/existing-ditribution/fingerprint.tf b/examples/existing-ditribution/fingerprint.tf index f8866c5..153c976 100644 --- a/examples/existing-ditribution/fingerprint.tf +++ b/examples/existing-ditribution/fingerprint.tf @@ -1,5 +1,5 @@ module "fingerprint_cloudfront_integration" { - source = "fingerprintjs/fingerprint-cloudfront-proxy-integration/aws" + source = "../.." fpjs_agent_download_path = var.fpjs_agent_download_path fpjs_get_result_path = var.fpjs_get_result_path diff --git a/examples/existing-ditribution/main.tf b/examples/existing-ditribution/main.tf index 01f44fc..3905807 100644 --- a/examples/existing-ditribution/main.tf +++ b/examples/existing-ditribution/main.tf @@ -1,12 +1,22 @@ -# Example CloudFront Distribution. DO NOT USE AS-IS, and make sure to follow best practices before releasing to the production. + +locals { + # TODO: When adapting this example, replace this with your actual website origin (directly or through a `terraform.tfvars` file) + website_origin_domain_name = "yourwebsite.com" + # TODO: When adapting this example, replace this with the path segment you want for your proxy integration (directly or through a `terraform.tfvars` file) + # Avoid ad blocker triggers like "fingerprint", "track", etc., a random value is the best choice + fpjs_behavior_path = "metrics" +} + +# Example CloudFront Distribution. +# DO NOT USE AS-IS, Make sure to adjust the code to your needs and security practices before releasing to production. resource "aws_cloudfront_distribution" "main_website_distribution" { enabled = true is_ipv6_enabled = true - comment = "CloudFront distribution for ${var.website_origin_domain_name}" + comment = "CloudFront distribution for ${local.website_origin_domain_name}" default_root_object = "index.html" origin { - domain_name = var.website_origin_domain_name + domain_name = local.website_origin_domain_name origin_id = "your-website" custom_origin_config { @@ -41,13 +51,6 @@ resource "aws_cloudfront_distribution" "main_website_distribution" { } } - aliases = [var.website_domain] - - viewer_certificate { - acm_certificate_arn = var.certificate_arn - ssl_support_method = "sni-only" - } - #region Fingerprint CloudFront Integration start origin { domain_name = module.fingerprint_cloudfront_integration.fpjs_origin_name @@ -65,7 +68,7 @@ resource "aws_cloudfront_distribution" "main_website_distribution" { } ordered_cache_behavior { - path_pattern = "${var.fpjs_behavior_path}/*" + path_pattern = "${local.fpjs_behavior_path}/*" allowed_methods = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"] cached_methods = ["GET", "HEAD"] @@ -82,18 +85,34 @@ resource "aws_cloudfront_distribution" "main_website_distribution" { } } #endregion -} - - -resource "aws_route53_record" "apex_domain" { - zone_id = var.domain_zone_id - name = var.website_domain - type = "A" - alias { - name = aws_cloudfront_distribution.main_website_distribution.domain_name - zone_id = aws_cloudfront_distribution.main_website_distribution.hosted_zone_id - evaluate_target_health = false + viewer_certificate { + cloudfront_default_certificate = true } + + # You can serve the distribution from your own domain + # - Uncomment the `aliases` and `viewer_certificate` below + # - Uncomment the 'aws_route53_record' below + # - Uncomment the DNS-related variables in `variables.tf` + # - Define the referenced variables in a `terraform.tfvars` file + # - Remove the default `viewer_certificate` above + + # aliases = [var.website_domain] + # viewer_certificate { + # acm_certificate_arn = var.certificate_arn + # ssl_support_method = "sni-only" + # } } +# resource "aws_route53_record" "apex_domain" { +# zone_id = var.domain_zone_id +# name = var.website_domain +# type = "A" + +# alias { +# name = aws_cloudfront_distribution.main_website_distribution.domain_name +# zone_id = aws_cloudfront_distribution.main_website_distribution.hosted_zone_id +# evaluate_target_health = false +# } +# } + diff --git a/examples/existing-ditribution/terraform.tfvars.example b/examples/existing-ditribution/terraform.tfvars.example index 257f4f3..7c51ef8 100644 --- a/examples/existing-ditribution/terraform.tfvars.example +++ b/examples/existing-ditribution/terraform.tfvars.example @@ -1,8 +1,8 @@ fpjs_shared_secret = "YOUR_PROXY_SECRET_CREATED_IN_FINGERPRINT_DASHBOARD" fpjs_agent_download_path = "463N7" fpjs_get_result_path = "r35U17" -fpjs_behavior_path = "fpj5" -domain_zone_id = "ZONE_ID_OF_YOUR_DOMAIN_IN_AWS" -website_domain = "yourwebsite.com" -website_origin_domain_name = "your-website-origin.s3.amazonaws.com" -certificate_arn = "ARN_OF_THE_CERTIFICATE_OF_YOUR_DOMAIN_IN_AWS" +# fpjs_behavior_path = "fpj5" +# domain_zone_id = "ZONE_ID_OF_YOUR_DOMAIN_IN_AWS" +# website_domain = "yourwebsite.com" +# website_origin_domain_name = "your-website-origin.s3.amazonaws.com" +# certificate_arn = "ARN_OF_THE_CERTIFICATE_OF_YOUR_DOMAIN_IN_AWS" diff --git a/examples/existing-ditribution/variables.tf b/examples/existing-ditribution/variables.tf index 8b7812e..c410c5b 100644 --- a/examples/existing-ditribution/variables.tf +++ b/examples/existing-ditribution/variables.tf @@ -4,42 +4,50 @@ variable "fpjs_shared_secret" { type = string } -variable "fpjs_behavior_path" { - // https://dev.fingerprint.com/docs/cloudfront-proxy-integration-v2#step-2-create-path-variables - description = "All Fingeprint requests will be proxied through this path segment" - type = string -} - variable "fpjs_agent_download_path" { // https://dev.fingerprint.com/docs/cloudfront-proxy-integration-v2#step-2-create-path-variables description = "The Fingerprint agent download will be proxied through this path segment" type = string + default = "agent" } variable "fpjs_get_result_path" { // https://dev.fingerprint.com/docs/cloudfront-proxy-integration-v2#step-2-create-path-variables description = "The Fingerprint identification request will be proxied through this path segment" type = string + default = "result" } -variable "website_domain" { - description = "The domain for your existing CloudFront distribution, like `yourwebsite.com`" - type = string -} +/** + * The following variables are only relevant for this example. + * - They are not required for the module itself + * - They are optional, uncomment them out if you want to adapt the example including adding a domain for the CloudFront distribution + */ -variable "website_origin_domain_name" { - description = "The main origin of your distribution pointing to your website, like `yourwebsite.s3.amazonaws.com`" - type = string -} +# variable "fpjs_behavior_path" { +# // https://dev.fingerprint.com/docs/cloudfront-proxy-integration-v2#step-2-create-path-variables +# description = "All Fingeprint requests will be proxied through this path segment" +# type = string +# } -variable "domain_zone_id" { - description = "Zone ID of the domain for your existing CloudFront distribution" - type = string -} +# variable "website_domain" { +# description = "The domain for your existing CloudFront distribution, like `yourwebsite.com`" +# type = string +# } -variable "certificate_arn" { - description = "ARN of the domain certificate for your website" - type = string -} +# variable "website_origin_domain_name" { +# description = "The main origin of your distribution pointing to your website, like `yourwebsite.s3.amazonaws.com`" +# type = string +# } + +# variable "domain_zone_id" { +# description = "Zone ID of the domain for your existing CloudFront distribution" +# type = string +# } + +# variable "certificate_arn" { +# description = "ARN of the domain certificate for your website" +# type = string +# } diff --git a/examples/standalone-distribution/README.md b/examples/standalone-distribution/README.md index d47460e..3a31817 100644 --- a/examples/standalone-distribution/README.md +++ b/examples/standalone-distribution/README.md @@ -13,6 +13,8 @@ To quickly run the example for testing purposes, you can: 3. Run `terraform plan`. 4. Run `terraform apply`. +The domain-related resources and variables are commented out for simplicity but you can uncomment them or use just them as a reference. + ### Using in production This is a simplified example. Use it as a reference but make sure to **adjust the code to your needs and security practices** before deploying it to production environments. diff --git a/examples/standalone-distribution/cloudfront_distribution.tf b/examples/standalone-distribution/cloudfront_distribution.tf index 523c61d..d15afac 100644 --- a/examples/standalone-distribution/cloudfront_distribution.tf +++ b/examples/standalone-distribution/cloudfront_distribution.tf @@ -1,4 +1,5 @@ -# Example CloudFront Distribution. DO NOT USE AS-IS, and make sure to follow best practices before releasing to the production. +# Example CloudFront Distribution. +# DO NOT USE AS-IS, Make sure to adjust the code to your needs and security practices before releasing to production. resource "aws_cloudfront_distribution" "fpjs_cloudfront_distribution" { comment = "Fingerprint proxy integration distribution (created via Terraform)" @@ -47,26 +48,28 @@ resource "aws_cloudfront_distribution" "fpjs_cloudfront_distribution" { } } - aliases = [var.proxy_subdomain_domain] viewer_certificate { - acm_certificate_arn = var.certificate_arn - ssl_support_method = "sni-only" + cloudfront_default_certificate = true } - # If don't want to serve the distribution from a subdomain for now, use the default certificate instead - # (comment out `viewer_certificate` and `aliases` above and use the `viewer_certificate` below) + # You can serve the distribution from a subdomain of your website + # - Uncomment the `aliases` and `viewer_certificate` below + # - Uncomment the 'aws_route53_record' below + # - Uncomment the variables in `variables.tf` + # - Define the referenced variables in a `terraform.tfvars` file + # - Remove the default `viewer_certificate` above + # aliases = [var.proxy_subdomain_domain] # viewer_certificate { - # cloudfront_default_certificate = true + # acm_certificate_arn = var.certificate_arn + # ssl_support_method = "sni-only" # } } -# You can make the distribution available on a subdomain of your website -# (comment this out if you don't want to do that for now) -resource "aws_route53_record" "cloudfront_terraform_new_distribution_record" { - zone_id = var.domain_zone_id - name = var.proxy_subdomain_domain - type = "CNAME" - ttl = 300 - records = [aws_cloudfront_distribution.fpjs_cloudfront_distribution.domain_name] -} +# resource "aws_route53_record" "cloudfront_terraform_new_distribution_record" { +# zone_id = var.domain_zone_id +# name = var.proxy_subdomain_domain +# type = "CNAME" +# ttl = 300 +# records = [aws_cloudfront_distribution.fpjs_cloudfront_distribution.domain_name] +# } diff --git a/examples/standalone-distribution/fingerprint.tf b/examples/standalone-distribution/fingerprint.tf index f8866c5..153c976 100644 --- a/examples/standalone-distribution/fingerprint.tf +++ b/examples/standalone-distribution/fingerprint.tf @@ -1,5 +1,5 @@ module "fingerprint_cloudfront_integration" { - source = "fingerprintjs/fingerprint-cloudfront-proxy-integration/aws" + source = "../.." fpjs_agent_download_path = var.fpjs_agent_download_path fpjs_get_result_path = var.fpjs_get_result_path diff --git a/examples/standalone-distribution/terraform.tfvars.example b/examples/standalone-distribution/terraform.tfvars.example index 2882954..3c0bb76 100644 --- a/examples/standalone-distribution/terraform.tfvars.example +++ b/examples/standalone-distribution/terraform.tfvars.example @@ -1,6 +1,6 @@ fpjs_shared_secret = "YOUR_PROXY_SECRET_CREATED_IN_FINGERPRINT_DASHBOARD" fpjs_agent_download_path = "463N7" fpjs_get_result_path = "r35U17" -domain_zone_id = "ZONE_ID_OF_YOUR_DOMAIN_IN_AWS" -proxy_subdomain_domain = "metrics.yourwebsite.com" -certificate_arn = "ARN_OF_THE_CERTIFICATE_OF_YOUR_DOMAIN_IN_AWS" +# domain_zone_id = "ZONE_ID_OF_YOUR_DOMAIN_IN_AWS" +# proxy_subdomain_domain = "metrics.yourwebsite.com" +# certificate_arn = "ARN_OF_THE_CERTIFICATE_OF_YOUR_DOMAIN_IN_AWS" diff --git a/examples/standalone-distribution/variables.tf b/examples/standalone-distribution/variables.tf index ddd38fb..8e921e5 100644 --- a/examples/standalone-distribution/variables.tf +++ b/examples/standalone-distribution/variables.tf @@ -8,26 +8,33 @@ variable "fpjs_agent_download_path" { // https://dev.fingerprint.com/docs/cloudfront-proxy-integration-v2#step-2-create-path-variables description = "The Fingerprint agent download will be proxied through this path" type = string + default = "agent" } variable "fpjs_get_result_path" { // https://dev.fingerprint.com/docs/cloudfront-proxy-integration-v2#step-2-create-path-variables description = "The Fingerprint identification request will be proxied through this path" type = string + default = "result" } -variable "proxy_subdomain_domain" { - description = "The subdomain for the CloudFront distribution, including the root domain of your website, for example `metrics.yourwebsite.com`" - type = string -} +/** + * The following variables are only relevant for this example. + * - They are not requiered for the module itself + * - They are optional, uncomment them out if you want adapt the example including adding a subdomain for the CloudFront distribution + */ +# variable "proxy_subdomain_domain" { +# description = "The subdomain for the CloudFront distribution, including the root domain of your website, for example `metrics.yourwebsite.com`" +# type = string +# } -variable "domain_zone_id" { - description = "Zone ID of the domain for the CloudFront distribution" - type = string -} +# variable "domain_zone_id" { +# description = "Zone ID of the domain for the CloudFront distribution" +# type = string +# } -variable "certificate_arn" { - description = "ARN of the domain certificate for the CloudFront distribution" - type = string -} +# variable "certificate_arn" { +# description = "ARN of the domain certificate for the CloudFront distribution" +# type = string +# }