From 187dad43cc1c6bce1e9cf18d1bf10fbf36d56431 Mon Sep 17 00:00:00 2001 From: Juraj Uhlar Date: Wed, 14 Aug 2024 17:42:45 +0200 Subject: [PATCH 1/5] chore: simplify standalone distribution example --- .../cloudfront_distribution.tf | 35 +++++++++---------- examples/standalone-distribution/variables.tf | 24 ++++++------- 2 files changed, 29 insertions(+), 30 deletions(-) diff --git a/examples/standalone-distribution/cloudfront_distribution.tf b/examples/standalone-distribution/cloudfront_distribution.tf index 523c61d..4044484 100644 --- a/examples/standalone-distribution/cloudfront_distribution.tf +++ b/examples/standalone-distribution/cloudfront_distribution.tf @@ -47,26 +47,25 @@ resource "aws_cloudfront_distribution" "fpjs_cloudfront_distribution" { } } - aliases = [var.proxy_subdomain_domain] - viewer_certificate { - acm_certificate_arn = var.certificate_arn - ssl_support_method = "sni-only" - } - - # If don't want to serve the distribution from a subdomain for now, use the default certificate instead - # (comment out `viewer_certificate` and `aliases` above and use the `viewer_certificate` below) - + # You can make the distribution available on a subdomain of your website + # Uncomment the following and define the referenced variables + # aliases = [var.proxy_subdomain_domain] # viewer_certificate { - # cloudfront_default_certificate = true + # acm_certificate_arn = var.certificate_arn + # ssl_support_method = "sni-only" # } + + + viewer_certificate { + cloudfront_default_certificate = true + } } # You can make the distribution available on a subdomain of your website -# (comment this out if you don't want to do that for now) -resource "aws_route53_record" "cloudfront_terraform_new_distribution_record" { - zone_id = var.domain_zone_id - name = var.proxy_subdomain_domain - type = "CNAME" - ttl = 300 - records = [aws_cloudfront_distribution.fpjs_cloudfront_distribution.domain_name] -} +# resource "aws_route53_record" "cloudfront_terraform_new_distribution_record" { +# zone_id = var.domain_zone_id +# name = var.proxy_subdomain_domain +# type = "CNAME" +# ttl = 300 +# records = [aws_cloudfront_distribution.fpjs_cloudfront_distribution.domain_name] +# } diff --git a/examples/standalone-distribution/variables.tf b/examples/standalone-distribution/variables.tf index ddd38fb..cbb68e2 100644 --- a/examples/standalone-distribution/variables.tf +++ b/examples/standalone-distribution/variables.tf @@ -16,18 +16,18 @@ variable "fpjs_get_result_path" { type = string } -variable "proxy_subdomain_domain" { - description = "The subdomain for the CloudFront distribution, including the root domain of your website, for example `metrics.yourwebsite.com`" - type = string -} +# variable "proxy_subdomain_domain" { +# description = "The subdomain for the CloudFront distribution, including the root domain of your website, for example `metrics.yourwebsite.com`" +# type = string +# } -variable "domain_zone_id" { - description = "Zone ID of the domain for the CloudFront distribution" - type = string -} +# variable "domain_zone_id" { +# description = "Zone ID of the domain for the CloudFront distribution" +# type = string +# } -variable "certificate_arn" { - description = "ARN of the domain certificate for the CloudFront distribution" - type = string -} +# variable "certificate_arn" { +# description = "ARN of the domain certificate for the CloudFront distribution" +# type = string +# } From dcfc8e69058ec1a73679e2bafbd2e7190c8ab42a Mon Sep 17 00:00:00 2001 From: Juraj Uhlar Date: Thu, 15 Aug 2024 06:44:42 +0200 Subject: [PATCH 2/5] chore: improve comments for standalone distribution example --- .../cloudfront_distribution.tf | 15 +++++++++------ examples/standalone-distribution/variables.tf | 7 ++++++- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/examples/standalone-distribution/cloudfront_distribution.tf b/examples/standalone-distribution/cloudfront_distribution.tf index 4044484..b6d2a17 100644 --- a/examples/standalone-distribution/cloudfront_distribution.tf +++ b/examples/standalone-distribution/cloudfront_distribution.tf @@ -47,21 +47,24 @@ resource "aws_cloudfront_distribution" "fpjs_cloudfront_distribution" { } } + viewer_certificate { + cloudfront_default_certificate = true + } + # You can make the distribution available on a subdomain of your website - # Uncomment the following and define the referenced variables + # - Uncomment the following and define the referenced variables in a `terraform.tfvars` file + # - Remove the default viewer certificate above + # aliases = [var.proxy_subdomain_domain] # viewer_certificate { # acm_certificate_arn = var.certificate_arn # ssl_support_method = "sni-only" # } - - - viewer_certificate { - cloudfront_default_certificate = true - } } # You can make the distribution available on a subdomain of your website +# - Uncomment the following and define the referenced variables in a `terraform.tfvars` file + # resource "aws_route53_record" "cloudfront_terraform_new_distribution_record" { # zone_id = var.domain_zone_id # name = var.proxy_subdomain_domain diff --git a/examples/standalone-distribution/variables.tf b/examples/standalone-distribution/variables.tf index cbb68e2..165084c 100644 --- a/examples/standalone-distribution/variables.tf +++ b/examples/standalone-distribution/variables.tf @@ -16,12 +16,17 @@ variable "fpjs_get_result_path" { type = string } +/** + * The following variables are only relevant for this example. + * - They are not relevant to the module itself + * - They are optional, uncomment them out if you want to add a subdomain for the CloudFront distribution + */ + # variable "proxy_subdomain_domain" { # description = "The subdomain for the CloudFront distribution, including the root domain of your website, for example `metrics.yourwebsite.com`" # type = string # } - # variable "domain_zone_id" { # description = "Zone ID of the domain for the CloudFront distribution" # type = string From 417f328dec882dad4abc1464a186edad3101dc3c Mon Sep 17 00:00:00 2001 From: Juraj Uhlar Date: Thu, 15 Aug 2024 07:33:44 +0200 Subject: [PATCH 3/5] chore: update existing distribution example --- examples/existing-ditribution/README.md | 2 + examples/existing-ditribution/main.tf | 63 ++++++++++++------- .../terraform.tfvars.example | 10 +-- examples/existing-ditribution/variables.tf | 52 ++++++++------- examples/standalone-distribution/README.md | 2 + .../cloudfront_distribution.tf | 15 ++--- .../terraform.tfvars.example | 6 +- examples/standalone-distribution/variables.tf | 6 +- 8 files changed, 95 insertions(+), 61 deletions(-) diff --git a/examples/existing-ditribution/README.md b/examples/existing-ditribution/README.md index 7634a2d..94ee472 100644 --- a/examples/existing-ditribution/README.md +++ b/examples/existing-ditribution/README.md @@ -13,6 +13,8 @@ To quickly run the example for testing purposes, you can: 3. Run `terraform plan`. 4. Run `terraform apply`. +The domain-related resources and variables are commented out for simplicity but you uncomment them or use just them as a reference. + ### Using in production This is a simplified example. Use it as a reference but make sure to **adjust the code to your needs and security practices** before deploying it to production environments. diff --git a/examples/existing-ditribution/main.tf b/examples/existing-ditribution/main.tf index 01f44fc..b73a567 100644 --- a/examples/existing-ditribution/main.tf +++ b/examples/existing-ditribution/main.tf @@ -1,12 +1,22 @@ -# Example CloudFront Distribution. DO NOT USE AS-IS, and make sure to follow best practices before releasing to the production. + +locals { + # TODO: When adapting this example, replace this with your actual website origin (directly or through a `terraform.tfvars` file) + website_origin_domain_name = "yourwebsite.com" + # TODO: When adapting this example, replace this with the path segment you want for your proxy integration (directly or through a `terraform.tfvars` file) + # Avoid ad blocker triggers like "fingerprint", "track", etc., random value is best + fpjs_behavior_path = "metrics" +} + +# Example CloudFront Distribution. +# DO NOT USE AS-IS, Make sure to adjust the code to your needs and security practices before releasing to production. resource "aws_cloudfront_distribution" "main_website_distribution" { enabled = true is_ipv6_enabled = true - comment = "CloudFront distribution for ${var.website_origin_domain_name}" + comment = "CloudFront distribution for ${local.website_origin_domain_name}" default_root_object = "index.html" origin { - domain_name = var.website_origin_domain_name + domain_name = local.website_origin_domain_name origin_id = "your-website" custom_origin_config { @@ -41,13 +51,6 @@ resource "aws_cloudfront_distribution" "main_website_distribution" { } } - aliases = [var.website_domain] - - viewer_certificate { - acm_certificate_arn = var.certificate_arn - ssl_support_method = "sni-only" - } - #region Fingerprint CloudFront Integration start origin { domain_name = module.fingerprint_cloudfront_integration.fpjs_origin_name @@ -65,7 +68,7 @@ resource "aws_cloudfront_distribution" "main_website_distribution" { } ordered_cache_behavior { - path_pattern = "${var.fpjs_behavior_path}/*" + path_pattern = "${local.fpjs_behavior_path}/*" allowed_methods = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"] cached_methods = ["GET", "HEAD"] @@ -82,18 +85,34 @@ resource "aws_cloudfront_distribution" "main_website_distribution" { } } #endregion -} - - -resource "aws_route53_record" "apex_domain" { - zone_id = var.domain_zone_id - name = var.website_domain - type = "A" - alias { - name = aws_cloudfront_distribution.main_website_distribution.domain_name - zone_id = aws_cloudfront_distribution.main_website_distribution.hosted_zone_id - evaluate_target_health = false + viewer_certificate { + cloudfront_default_certificate = true } + + # You can serve the distribution from your own domain + # - Uncomment the `aliases` and `viewer_certificate` below + # - Uncomment the 'aws_route53_record' below + # - Uncomment the DNS-related variables in `variables.tf` + # - Define the referenced variables in a `terraform.tfvars` file + # - Remove the default `viewer_certificate` above + + # aliases = [var.website_domain] + # viewer_certificate { + # acm_certificate_arn = var.certificate_arn + # ssl_support_method = "sni-only" + # } } +# resource "aws_route53_record" "apex_domain" { +# zone_id = var.domain_zone_id +# name = var.website_domain +# type = "A" + +# alias { +# name = aws_cloudfront_distribution.main_website_distribution.domain_name +# zone_id = aws_cloudfront_distribution.main_website_distribution.hosted_zone_id +# evaluate_target_health = false +# } +# } + diff --git a/examples/existing-ditribution/terraform.tfvars.example b/examples/existing-ditribution/terraform.tfvars.example index 257f4f3..7c51ef8 100644 --- a/examples/existing-ditribution/terraform.tfvars.example +++ b/examples/existing-ditribution/terraform.tfvars.example @@ -1,8 +1,8 @@ fpjs_shared_secret = "YOUR_PROXY_SECRET_CREATED_IN_FINGERPRINT_DASHBOARD" fpjs_agent_download_path = "463N7" fpjs_get_result_path = "r35U17" -fpjs_behavior_path = "fpj5" -domain_zone_id = "ZONE_ID_OF_YOUR_DOMAIN_IN_AWS" -website_domain = "yourwebsite.com" -website_origin_domain_name = "your-website-origin.s3.amazonaws.com" -certificate_arn = "ARN_OF_THE_CERTIFICATE_OF_YOUR_DOMAIN_IN_AWS" +# fpjs_behavior_path = "fpj5" +# domain_zone_id = "ZONE_ID_OF_YOUR_DOMAIN_IN_AWS" +# website_domain = "yourwebsite.com" +# website_origin_domain_name = "your-website-origin.s3.amazonaws.com" +# certificate_arn = "ARN_OF_THE_CERTIFICATE_OF_YOUR_DOMAIN_IN_AWS" diff --git a/examples/existing-ditribution/variables.tf b/examples/existing-ditribution/variables.tf index 8b7812e..c410c5b 100644 --- a/examples/existing-ditribution/variables.tf +++ b/examples/existing-ditribution/variables.tf @@ -4,42 +4,50 @@ variable "fpjs_shared_secret" { type = string } -variable "fpjs_behavior_path" { - // https://dev.fingerprint.com/docs/cloudfront-proxy-integration-v2#step-2-create-path-variables - description = "All Fingeprint requests will be proxied through this path segment" - type = string -} - variable "fpjs_agent_download_path" { // https://dev.fingerprint.com/docs/cloudfront-proxy-integration-v2#step-2-create-path-variables description = "The Fingerprint agent download will be proxied through this path segment" type = string + default = "agent" } variable "fpjs_get_result_path" { // https://dev.fingerprint.com/docs/cloudfront-proxy-integration-v2#step-2-create-path-variables description = "The Fingerprint identification request will be proxied through this path segment" type = string + default = "result" } -variable "website_domain" { - description = "The domain for your existing CloudFront distribution, like `yourwebsite.com`" - type = string -} +/** + * The following variables are only relevant for this example. + * - They are not required for the module itself + * - They are optional, uncomment them out if you want to adapt the example including adding a domain for the CloudFront distribution + */ -variable "website_origin_domain_name" { - description = "The main origin of your distribution pointing to your website, like `yourwebsite.s3.amazonaws.com`" - type = string -} +# variable "fpjs_behavior_path" { +# // https://dev.fingerprint.com/docs/cloudfront-proxy-integration-v2#step-2-create-path-variables +# description = "All Fingeprint requests will be proxied through this path segment" +# type = string +# } -variable "domain_zone_id" { - description = "Zone ID of the domain for your existing CloudFront distribution" - type = string -} +# variable "website_domain" { +# description = "The domain for your existing CloudFront distribution, like `yourwebsite.com`" +# type = string +# } -variable "certificate_arn" { - description = "ARN of the domain certificate for your website" - type = string -} +# variable "website_origin_domain_name" { +# description = "The main origin of your distribution pointing to your website, like `yourwebsite.s3.amazonaws.com`" +# type = string +# } + +# variable "domain_zone_id" { +# description = "Zone ID of the domain for your existing CloudFront distribution" +# type = string +# } + +# variable "certificate_arn" { +# description = "ARN of the domain certificate for your website" +# type = string +# } diff --git a/examples/standalone-distribution/README.md b/examples/standalone-distribution/README.md index d47460e..b9efa3d 100644 --- a/examples/standalone-distribution/README.md +++ b/examples/standalone-distribution/README.md @@ -13,6 +13,8 @@ To quickly run the example for testing purposes, you can: 3. Run `terraform plan`. 4. Run `terraform apply`. +The domain-related resources and variables are commented out for simplicity but you uncomment them or use just them as a reference. + ### Using in production This is a simplified example. Use it as a reference but make sure to **adjust the code to your needs and security practices** before deploying it to production environments. diff --git a/examples/standalone-distribution/cloudfront_distribution.tf b/examples/standalone-distribution/cloudfront_distribution.tf index b6d2a17..d15afac 100644 --- a/examples/standalone-distribution/cloudfront_distribution.tf +++ b/examples/standalone-distribution/cloudfront_distribution.tf @@ -1,4 +1,5 @@ -# Example CloudFront Distribution. DO NOT USE AS-IS, and make sure to follow best practices before releasing to the production. +# Example CloudFront Distribution. +# DO NOT USE AS-IS, Make sure to adjust the code to your needs and security practices before releasing to production. resource "aws_cloudfront_distribution" "fpjs_cloudfront_distribution" { comment = "Fingerprint proxy integration distribution (created via Terraform)" @@ -51,9 +52,12 @@ resource "aws_cloudfront_distribution" "fpjs_cloudfront_distribution" { cloudfront_default_certificate = true } - # You can make the distribution available on a subdomain of your website - # - Uncomment the following and define the referenced variables in a `terraform.tfvars` file - # - Remove the default viewer certificate above + # You can serve the distribution from a subdomain of your website + # - Uncomment the `aliases` and `viewer_certificate` below + # - Uncomment the 'aws_route53_record' below + # - Uncomment the variables in `variables.tf` + # - Define the referenced variables in a `terraform.tfvars` file + # - Remove the default `viewer_certificate` above # aliases = [var.proxy_subdomain_domain] # viewer_certificate { @@ -62,9 +66,6 @@ resource "aws_cloudfront_distribution" "fpjs_cloudfront_distribution" { # } } -# You can make the distribution available on a subdomain of your website -# - Uncomment the following and define the referenced variables in a `terraform.tfvars` file - # resource "aws_route53_record" "cloudfront_terraform_new_distribution_record" { # zone_id = var.domain_zone_id # name = var.proxy_subdomain_domain diff --git a/examples/standalone-distribution/terraform.tfvars.example b/examples/standalone-distribution/terraform.tfvars.example index 2882954..3c0bb76 100644 --- a/examples/standalone-distribution/terraform.tfvars.example +++ b/examples/standalone-distribution/terraform.tfvars.example @@ -1,6 +1,6 @@ fpjs_shared_secret = "YOUR_PROXY_SECRET_CREATED_IN_FINGERPRINT_DASHBOARD" fpjs_agent_download_path = "463N7" fpjs_get_result_path = "r35U17" -domain_zone_id = "ZONE_ID_OF_YOUR_DOMAIN_IN_AWS" -proxy_subdomain_domain = "metrics.yourwebsite.com" -certificate_arn = "ARN_OF_THE_CERTIFICATE_OF_YOUR_DOMAIN_IN_AWS" +# domain_zone_id = "ZONE_ID_OF_YOUR_DOMAIN_IN_AWS" +# proxy_subdomain_domain = "metrics.yourwebsite.com" +# certificate_arn = "ARN_OF_THE_CERTIFICATE_OF_YOUR_DOMAIN_IN_AWS" diff --git a/examples/standalone-distribution/variables.tf b/examples/standalone-distribution/variables.tf index 165084c..8e921e5 100644 --- a/examples/standalone-distribution/variables.tf +++ b/examples/standalone-distribution/variables.tf @@ -8,18 +8,20 @@ variable "fpjs_agent_download_path" { // https://dev.fingerprint.com/docs/cloudfront-proxy-integration-v2#step-2-create-path-variables description = "The Fingerprint agent download will be proxied through this path" type = string + default = "agent" } variable "fpjs_get_result_path" { // https://dev.fingerprint.com/docs/cloudfront-proxy-integration-v2#step-2-create-path-variables description = "The Fingerprint identification request will be proxied through this path" type = string + default = "result" } /** * The following variables are only relevant for this example. - * - They are not relevant to the module itself - * - They are optional, uncomment them out if you want to add a subdomain for the CloudFront distribution + * - They are not requiered for the module itself + * - They are optional, uncomment them out if you want adapt the example including adding a subdomain for the CloudFront distribution */ # variable "proxy_subdomain_domain" { From 44a0532a09aecff1b9f4f33af72f10d4b09be859 Mon Sep 17 00:00:00 2001 From: Juraj Uhlar Date: Thu, 15 Aug 2024 07:51:20 +0200 Subject: [PATCH 4/5] chore: use relative path --- examples/existing-ditribution/fingerprint.tf | 2 +- examples/standalone-distribution/fingerprint.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/existing-ditribution/fingerprint.tf b/examples/existing-ditribution/fingerprint.tf index f8866c5..153c976 100644 --- a/examples/existing-ditribution/fingerprint.tf +++ b/examples/existing-ditribution/fingerprint.tf @@ -1,5 +1,5 @@ module "fingerprint_cloudfront_integration" { - source = "fingerprintjs/fingerprint-cloudfront-proxy-integration/aws" + source = "../.." fpjs_agent_download_path = var.fpjs_agent_download_path fpjs_get_result_path = var.fpjs_get_result_path diff --git a/examples/standalone-distribution/fingerprint.tf b/examples/standalone-distribution/fingerprint.tf index f8866c5..153c976 100644 --- a/examples/standalone-distribution/fingerprint.tf +++ b/examples/standalone-distribution/fingerprint.tf @@ -1,5 +1,5 @@ module "fingerprint_cloudfront_integration" { - source = "fingerprintjs/fingerprint-cloudfront-proxy-integration/aws" + source = "../.." fpjs_agent_download_path = var.fpjs_agent_download_path fpjs_get_result_path = var.fpjs_get_result_path From 6d7d8abe1b13ea1973b2111aa95095b79f3178b6 Mon Sep 17 00:00:00 2001 From: Juraj Uhlar Date: Fri, 16 Aug 2024 08:08:28 +0200 Subject: [PATCH 5/5] chore: review fixes --- examples/existing-ditribution/README.md | 2 +- examples/existing-ditribution/main.tf | 2 +- examples/standalone-distribution/README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/existing-ditribution/README.md b/examples/existing-ditribution/README.md index 94ee472..8267b29 100644 --- a/examples/existing-ditribution/README.md +++ b/examples/existing-ditribution/README.md @@ -13,7 +13,7 @@ To quickly run the example for testing purposes, you can: 3. Run `terraform plan`. 4. Run `terraform apply`. -The domain-related resources and variables are commented out for simplicity but you uncomment them or use just them as a reference. +The domain-related resources and variables are commented out for simplicity but you can uncomment them or use just them as a reference. ### Using in production diff --git a/examples/existing-ditribution/main.tf b/examples/existing-ditribution/main.tf index b73a567..3905807 100644 --- a/examples/existing-ditribution/main.tf +++ b/examples/existing-ditribution/main.tf @@ -3,7 +3,7 @@ locals { # TODO: When adapting this example, replace this with your actual website origin (directly or through a `terraform.tfvars` file) website_origin_domain_name = "yourwebsite.com" # TODO: When adapting this example, replace this with the path segment you want for your proxy integration (directly or through a `terraform.tfvars` file) - # Avoid ad blocker triggers like "fingerprint", "track", etc., random value is best + # Avoid ad blocker triggers like "fingerprint", "track", etc., a random value is the best choice fpjs_behavior_path = "metrics" } diff --git a/examples/standalone-distribution/README.md b/examples/standalone-distribution/README.md index b9efa3d..3a31817 100644 --- a/examples/standalone-distribution/README.md +++ b/examples/standalone-distribution/README.md @@ -13,7 +13,7 @@ To quickly run the example for testing purposes, you can: 3. Run `terraform plan`. 4. Run `terraform apply`. -The domain-related resources and variables are commented out for simplicity but you uncomment them or use just them as a reference. +The domain-related resources and variables are commented out for simplicity but you can uncomment them or use just them as a reference. ### Using in production