From cd8ae65b98599fad07252f884171003e15471414 Mon Sep 17 00:00:00 2001 From: Denis Cornehl Date: Fri, 23 May 2025 08:42:09 +0200 Subject: [PATCH] enable origin shield for docs.rs webserver --- terraform/docs-rs/cloudfront.tf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/terraform/docs-rs/cloudfront.tf b/terraform/docs-rs/cloudfront.tf index 6a8bd991a..f3507b7a1 100644 --- a/terraform/docs-rs/cloudfront.tf +++ b/terraform/docs-rs/cloudfront.tf @@ -110,6 +110,15 @@ resource "aws_cloudfront_distribution" "webapp" { origin_ssl_protocols = ["TLSv1.2"] } + origin_shield { + enabled = true + # the docs.rs webserver is in `us-west-1` but origin shield + # isn't available there. + # So we enable it in `us-west-2` instead, following the documentation. + # https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html + origin_shield_region = "us-west-2" + } + custom_header { name = "X-Origin-Auth" value = random_password.origin_auth.result