{"id":2318,"date":"2025-03-24T08:47:42","date_gmt":"2025-03-23T23:47:42","guid":{"rendered":"https:\/\/dexall.co.jp\/articles\/?p=2318"},"modified":"2025-03-24T08:48:05","modified_gmt":"2025-03-23T23:48:05","slug":"%e3%80%90%e4%bf%9d%e5%ad%98%e7%89%88%e3%80%91terraform%e3%81%a7cloudfront%e3%82%92%e6%a7%8b%e7%af%89%e3%81%99%e3%82%8b%e5%ae%8c%e5%85%a8%e3%82%ac%e3%82%a4%e3%83%892024-%e3%80%9c%e8%a8%ad%e5%ae%9a","status":"publish","type":"post","link":"https:\/\/dexall.co.jp\/articles\/?p=2318","title":{"rendered":"\u3010\u4fdd\u5b58\u7248\u3011Terraform\u3067CloudFront\u3092\u69cb\u7bc9\u3059\u308b\u5b8c\u5168\u30ac\u30a4\u30c92024 \u301c\u8a2d\u5b9a\u4f8b\u3068\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b020\u9078\u301c"},"content":{"rendered":"\n<div class=\"toc\"><br \/>\n<b>Warning<\/b>:  Undefined array key \"is_admin\" in <b>\/home\/xs392991\/dexall.co.jp\/public_html\/articles\/wp-content\/themes\/sango-theme\/library\/gutenberg\/dist\/classes\/Toc.php<\/b> on line <b>116<\/b><br \/>\n<br \/>\n<b>Warning<\/b>:  Undefined array key \"is_category_top\" in <b>\/home\/xs392991\/dexall.co.jp\/public_html\/articles\/wp-content\/themes\/sango-theme\/library\/gutenberg\/dist\/classes\/Toc.php<\/b> on line <b>121<\/b><br \/>\n<br \/>\n<b>Warning<\/b>:  Undefined array key \"is_top\" in <b>\/home\/xs392991\/dexall.co.jp\/public_html\/articles\/wp-content\/themes\/sango-theme\/library\/gutenberg\/dist\/classes\/Toc.php<\/b> on line <b>128<\/b><br \/>\n    <div id=\"toc_container\" class=\"sgb-toc--bullets js-smooth-scroll\" data-dialog-title=\"\u76ee\u6b21\">\n      <p class=\"toc_title\">\u76ee\u6b21 <\/p>\n      <ul class=\"toc_list\">  <li class=\"first\">    <a href=\"#i-0\">Terraform\u3067CloudFront\u3092\u69cb\u7bc9\u3059\u308b\u57fa\u790e\u77e5\u8b58<\/a>    <ul class=\"menu_level_1\">      <li class=\"first\">        <a href=\"#i-1\">CloudFront\u3068Terraform\u306e\u95a2\u4fc2\u6027\u3092\u7406\u89e3\u3057\u3088\u3046<\/a>      <\/li>      <li class=\"last\">        <a href=\"#i-2\">Terraform\u7ba1\u7406\u306e\u30e1\u30ea\u30c3\u30c83\u3064\u3068\u6ce8\u610f\u70b92\u3064<\/a>      <\/li>    <\/ul>  <\/li>  <li>    <a href=\"#i-3\">Terraform\u306b\u3088\u308b\u30af\u30e9\u30a6\u30c9\u30d5\u30ed\u30f3\u30c8\u69cb\u7bc9\u624b\u9806<\/a>    <ul class=\"menu_level_1\">      <li class=\"first\">        <a href=\"#i-4\">\u57fa\u672c\u7684\u306a\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u8a2d\u5b9a\u306e\u66f8\u304d\u65b9<\/a>      <\/li>      <li>        <a href=\"#i-5\">\u30aa\u30ea\u30b8\u30f3\u306e\u8a2d\u5b9a\u65b9\u6cd5\u3068\u6700\u9069\u306a\u8a2d\u5b9a\u5024<\/a>      <\/li>      <li class=\"last\">        <a href=\"#i-6\">\u30ad\u30e3\u30c3\u30b7\u30e5\u52d5\u4f5c\u306e\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u65b9\u6cd5<\/a>      <\/li>    <\/ul>  <\/li>  <li>    <a href=\"#i-7\">\u5b9f\u8df5\u7684\u306aTerraform\u8a2d\u5b9a\u4f8b\u3068\u89e3\u8aac<\/a>    <ul class=\"menu_level_1\">      <li class=\"first\">        <a href=\"#i-8\">S3\u30d0\u30b1\u30c3\u30c8\u3092\u30aa\u30ea\u30b8\u30f3\u306b\u3057\u305f\u9759\u7684Web\u30b5\u30a4\u30c8\u306e\u69cb\u7bc9<\/a>      <\/li>      <li>        <a href=\"#i-9\">ALB\u3092\u30aa\u30ea\u30b8\u30f3\u306b\u3057\u305f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u914d\u4fe1<\/a>      <\/li>      <li class=\"last\">        <a href=\"#i-10\">WAF\u3068\u306e\u9023\u643a\u3067\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5f37\u5316<\/a>      <\/li>    <\/ul>  <\/li>  <li>    <a href=\"#i-11\">CloudFront\u306e\u904b\u7528\u7ba1\u7406\u3092Terraform\u3067\u52b9\u7387\u5316<\/a>    <ul class=\"menu_level_1\">      <li class=\"first\">        <a href=\"#i-12\">\u8a3c\u660e\u66f8\u306e\u81ea\u52d5\u66f4\u65b0\u306e\u5b9f\u88c5\u65b9\u6cd5<\/a>      <\/li>      <li>        <a href=\"#i-13\">GitHubActions\u3067\u306e\u81ea\u52d5\u30c7\u30d7\u30ed\u30a4\u8a2d\u5b9a<\/a>      <\/li>      <li class=\"last\">        <a href=\"#i-14\">\u672c\u756a\u74b0\u5883\u3068\u958b\u767a\u74b0\u5883\u306e\u8a2d\u5b9a\u5206\u96e2<\/a>      <\/li>    <\/ul>  <\/li>  <li class=\"last\">    <a href=\"#i-15\">\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u3068\u89e3\u6c7a\u7b5620\u9078<\/a>    <ul class=\"menu_level_1\">      <li class=\"first\">        <a href=\"#i-16\">\u30c7\u30d7\u30ed\u30a4\u6642\u306b\u3088\u304f\u3042\u308b\u30a8\u30e9\u30fc\u3068\u5bfe\u51e6\u6cd5<\/a>      <\/li>      <li>        <a href=\"#i-17\">\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u6700\u9069\u5316\u306e\u305f\u3081\u306e\u30c1\u30a7\u30c3\u30af\u30dd\u30a4\u30f3\u30c8<\/a>      <\/li>      <li>        <a href=\"#i-18\">\u30b3\u30b9\u30c8\u6700\u9069\u5316\u306e\u305f\u3081\u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9<\/a>      <\/li>      <li class=\"last\">        <a href=\"#i-19\">\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u306e\u305f\u3081\u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9<\/a>      <\/li>    <\/ul>  <\/li><\/ul>\n      <a href=\"#\" class=\"sgb-toc-button js-toc-button\" rel=\"nofollow\" data-open-dialog=\"true\"><i class=\"fa fa-list\"><\/i><span class=\"sgb-toc-button__text\">\u76ee\u6b21\u3078<\/span><\/a>\n    <\/div><\/div><h2 class=\"wp-block-heading\" id=\"i-0\">Terraform\u3067CloudFront\u3092\u69cb\u7bc9\u3059\u308b\u57fa\u790e\u77e5\u8b58<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-1\">CloudFront\u3068Terraform\u306e\u95a2\u4fc2\u6027\u3092\u7406\u89e3\u3057\u3088\u3046<\/h3>\n\n\n\n<p>Amazon CloudFront\u306f\u3001AWS\u304c\u63d0\u4f9b\u3059\u308bCDN\uff08Content Delivery Network\uff09\u30b5\u30fc\u30d3\u30b9\u3067\u3059\u3002Terraform\u306f\u3053\u306eCloudFront\u306e\u69cb\u6210\u3092\u30b3\u30fc\u30c9\u3068\u3057\u3066\u7ba1\u7406\u3067\u304d\u308b\u5f37\u529b\u306a\u30c4\u30fc\u30eb\u3067\u3059\u3002<\/p>\n\n\n\n<p>CloudFront\u306e\u4e3b\u8981\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3068Terraform\u30ea\u30bd\u30fc\u30b9\u306e\u5bfe\u5fdc\uff1a<\/p>\n\n\n<div id=\"id-07c233e8-33fd-49ce-b258-6cc1e419bc66\">\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>CloudFront\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8<\/th><th>Terraform\u30ea\u30bd\u30fc\u30b9<\/th><th>\u8aac\u660e<\/th><\/tr><\/thead><tbody><tr><td>Distribution<\/td><td>aws_cloudfront_distribution<\/td><td>CDN\u306e\u57fa\u672c\u8a2d\u5b9a\u3092\u5b9a\u7fa9<\/td><\/tr><tr><td>Origin<\/td><td>origin \u30d6\u30ed\u30c3\u30af<\/td><td>\u30b3\u30f3\u30c6\u30f3\u30c4\u306e\u914d\u4fe1\u5143\u3092\u8a2d\u5b9a<\/td><\/tr><tr><td>Behavior<\/td><td>ordered_cache_behavior \u30d6\u30ed\u30c3\u30af<\/td><td>URL\u30d1\u30b9\u3054\u3068\u306e\u632f\u308b\u821e\u3044\u3092\u5b9a\u7fa9<\/td><\/tr><tr><td>Function<\/td><td>aws_cloudfront_function<\/td><td>\u30a8\u30c3\u30b8\u3067\u306e\u8efd\u91cf\u306a\u51e6\u7406\u3092\u5b9f\u88c5<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\" id=\"i-2\">Terraform\u7ba1\u7406\u306e\u30e1\u30ea\u30c3\u30c83\u3064\u3068\u6ce8\u610f\u70b92\u3064<\/h3>\n\n\n\n<p><strong>\u30e1\u30ea\u30c3\u30c81\uff1a\u30a4\u30f3\u30d5\u30e9\u306e\u30b3\u30fc\u30c9\u5316\uff08IaC\uff09<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u8a2d\u5b9a\u306e\u4e00\u5143\u7ba1\u7406\u304c\u53ef\u80fd<\/li>\n\n\n\n<li>\u30d0\u30fc\u30b8\u30e7\u30f3\u7ba1\u7406\u30b7\u30b9\u30c6\u30e0\u3068\u306e\u9023\u643a<\/li>\n\n\n\n<li>\u30b3\u30fc\u30c9\u30ec\u30d3\u30e5\u30fc\u306b\u3088\u308b\u54c1\u8cea\u62c5\u4fdd<\/li>\n<\/ul>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># CloudFront Distribution\u306e\u57fa\u672c\u7684\u306a\u5b9a\u7fa9\u4f8b\nresource \"aws_cloudfront_distribution\" \"example\" {\n  origin {\n    domain_name = aws_s3_bucket.example.bucket_regional_domain_name\n    origin_id   = \"S3-${aws_s3_bucket.example.id}\"\n\n    s3_origin_config {\n      origin_access_identity = aws_cloudfront_origin_access_identity.example.cloudfront_access_identity_path\n    }\n  }\n\n  enabled             = true\n  is_ipv6_enabled    = true\n  default_root_object = \"index.html\"\n\n  # \u4ed6\u306e\u8a2d\u5b9a...\n}<\/pre>\n\n\n\n<p><strong>\u30e1\u30ea\u30c3\u30c82\uff1a\u74b0\u5883\u306e\u8907\u88fd\u304c\u5bb9\u6613<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u958b\u767a\u74b0\u5883\u3068\u672c\u756a\u74b0\u5883\u306e\u4e00\u8cab\u6027\u78ba\u4fdd<\/li>\n\n\n\n<li>\u30de\u30eb\u30c1\u30ea\u30fc\u30b8\u30e7\u30f3\u5c55\u958b\u306e\u52b9\u7387\u5316<\/li>\n\n\n\n<li>\u30c7\u30a3\u30b6\u30b9\u30bf\u30ea\u30ab\u30d0\u30ea\u5bfe\u7b56\u306e\u5b9f\u88c5<\/li>\n<\/ul>\n\n\n\n<p><strong>\u30e1\u30ea\u30c3\u30c83\uff1a\u81ea\u52d5\u5316\u3068\u306e\u89aa\u548c\u6027<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CI\/CD\u30d1\u30a4\u30d7\u30e9\u30a4\u30f3\u3068\u306e\u7d71\u5408<\/li>\n\n\n\n<li>\u81ea\u52d5\u30c6\u30b9\u30c8\u306e\u5b9f\u88c5<\/li>\n\n\n\n<li>\u30c7\u30d7\u30ed\u30a4\u306e\u6a19\u6e96\u5316<\/li>\n<\/ul>\n\n\n\n<p><strong>\u6ce8\u610f\u70b91\uff1a\u72b6\u614b\u7ba1\u7406\u306e\u91cd\u8981\u6027<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>tfstate\u30d5\u30a1\u30a4\u30eb\u306e\u9069\u5207\u306a\u7ba1\u7406\u304c\u5fc5\u9808<\/li>\n\n\n\n<li>\u30ea\u30e2\u30fc\u30c8\u30b9\u30c6\u30fc\u30c8\uff08S3+DynamoDB\uff09\u306e\u5229\u7528\u63a8\u5968<\/li>\n\n\n\n<li>\u72b6\u614b\u30ed\u30c3\u30af\u306b\u3088\u308b\u540c\u6642\u5b9f\u884c\u5236\u5fa1<\/li>\n<\/ul>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u8a2d\u5b9a\u4f8b\nterraform {\n  backend \"s3\" {\n    bucket         = \"terraform-state-bucket\"\n    key            = \"cloudfront\/terraform.tfstate\"\n    region         = \"ap-northeast-1\"\n    dynamodb_table = \"terraform-state-lock\"\n    encrypt        = true\n  }\n}<\/pre>\n\n\n\n<p><strong>\u6ce8\u610f\u70b92\uff1a\u7121\u52b9\u5316\uff08Invalidation\uff09\u306e\u8003\u616e<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u30ad\u30e3\u30c3\u30b7\u30e5\u7121\u52b9\u5316\u306e\u9069\u5207\u306a\u5b9f\u88c5<\/li>\n\n\n\n<li>\u30b3\u30b9\u30c8\u7ba1\u7406\u306e\u5fc5\u8981\u6027<\/li>\n\n\n\n<li>\u30c7\u30d7\u30ed\u30a4\u6226\u7565\u3068\u306e\u6574\u5408\u6027<\/li>\n<\/ul>\n\n\n\n<p>\u3053\u306e\u3088\u3046\u306b\u3001Terraform\u3067CloudFront\u3092\u7ba1\u7406\u3059\u308b\u3053\u3068\u3067\u3001\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u7ba1\u7406\u3092\u52b9\u7387\u5316\u3067\u304d\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u9069\u5207\u306a\u72b6\u614b\u7ba1\u7406\u3068\u904b\u7528\u6226\u7565\u306e\u691c\u8a0e\u304c\u91cd\u8981\u3067\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"i-3\">Terraform\u306b\u3088\u308b\u30af\u30e9\u30a6\u30c9\u30d5\u30ed\u30f3\u30c8\u69cb\u7bc9\u624b\u9806<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-4\">\u57fa\u672c\u7684\u306a\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u8a2d\u5b9a\u306e\u66f8\u304d\u65b9<\/h3>\n\n\n\n<p>CloudFront\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u306e\u57fa\u672c\u8a2d\u5b9a\u306b\u306f\u3001\u4ee5\u4e0b\u306e\u8981\u7d20\u304c\u542b\u307e\u308c\u307e\u3059\uff1a<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">resource \"aws_cloudfront_distribution\" \"main\" {\n  # \u57fa\u672c\u8a2d\u5b9a\n  enabled             = true\n  is_ipv6_enabled    = true\n  comment            = \"My CloudFront Distribution\"\n  default_root_object = \"index.html\"\n\n  # \u4fa1\u683c\u30af\u30e9\u30b9\u306e\u9078\u629e\uff08\u30b3\u30b9\u30c8\u6700\u9069\u5316\uff09\n  price_class = \"PriceClass_200\"  # \u30a2\u30b8\u30a2\u30fb\u30e8\u30fc\u30ed\u30c3\u30d1\u30fb\u5317\u7c73\u3092\u30ab\u30d0\u30fc\n\n  # \u30a2\u30af\u30bb\u30b9\u5236\u9650\n  restrictions {\n    geo_restriction {\n      restriction_type = \"whitelist\"\n      locations        = [\"JP\", \"US\"]  # \u65e5\u672c\u3068\u30a2\u30e1\u30ea\u30ab\u306e\u307f\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\n    }\n  }\n\n  # \u30d3\u30e5\u30fc\u30ef\u30fc\u8a3c\u660e\u66f8\u306e\u8a2d\u5b9a\n  viewer_certificate {\n    acm_certificate_arn      = aws_acm_certificate.cert.arn\n    ssl_support_method       = \"sni-only\"\n    minimum_protocol_version = \"TLSv1.2_2021\"\n  }\n}<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-5\">\u30aa\u30ea\u30b8\u30f3\u306e\u8a2d\u5b9a\u65b9\u6cd5\u3068\u6700\u9069\u306a\u8a2d\u5b9a\u5024<\/h3>\n\n\n\n<p>\u30aa\u30ea\u30b8\u30f3\u30bf\u30a4\u30d7\u3054\u3068\u306e\u6700\u9069\u306a\u8a2d\u5b9a\uff1a<\/p>\n\n\n\n<p><strong>1. S3\u30d0\u30b1\u30c3\u30c8\u3092\u30aa\u30ea\u30b8\u30f3\u3068\u3059\u308b\u5834\u5408<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">resource \"aws_cloudfront_distribution\" \"s3_distribution\" {\n  origin {\n    domain_name = aws_s3_bucket.website.bucket_regional_domain_name\n    origin_id   = \"S3-${aws_s3_bucket.website.id}\"\n\n    s3_origin_config {\n      origin_access_identity = aws_cloudfront_origin_access_identity.oai.cloudfront_access_identity_path\n    }\n\n    # \u30aa\u30ea\u30b8\u30f3\u30b7\u30fc\u30eb\u30c9\u306e\u8a2d\u5b9a\uff08\u30aa\u30d7\u30b7\u30e7\u30f3\uff09\n    origin_shield {\n      enabled              = true\n      origin_shield_region = \"ap-northeast-1\"\n    }\n  }\n}<\/pre>\n\n\n\n<p><strong>2. ALB\u3092\u30aa\u30ea\u30b8\u30f3\u3068\u3059\u308b\u5834\u5408<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">resource \"aws_cloudfront_distribution\" \"alb_distribution\" {\n  origin {\n    domain_name = aws_lb.example.dns_name\n    origin_id   = \"ALB-${aws_lb.example.name}\"\n\n    custom_origin_config {\n      http_port              = 80\n      https_port             = 443\n      origin_protocol_policy = \"https-only\"\n      origin_ssl_protocols   = [\"TLSv1.2\"]\n    }\n\n    custom_header {\n      name  = \"X-Origin-Verify\"\n      value = var.origin_custom_header  # \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5f37\u5316\n    }\n  }\n}<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-6\">\u30ad\u30e3\u30c3\u30b7\u30e5\u52d5\u4f5c\u306e\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u65b9\u6cd5<\/h3>\n\n\n\n<p>\u30ad\u30e3\u30c3\u30b7\u30e5\u8a2d\u5b9a\u306f\u3001\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u3068\u30b3\u30b9\u30c8\u306b\u76f4\u63a5\u5f71\u97ff\u3092\u4e0e\u3048\u307e\u3059\uff1a<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">resource \"aws_cloudfront_distribution\" \"web_app\" {\n  # \u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u30ad\u30e3\u30c3\u30b7\u30e5\u52d5\u4f5c\n  default_cache_behavior {\n    allowed_methods  = [\"DELETE\", \"GET\", \"HEAD\", \"OPTIONS\", \"PATCH\", \"POST\", \"PUT\"]\n    cached_methods   = [\"GET\", \"HEAD\"]\n    target_origin_id = local.origin_id\n\n    # \u30ad\u30e3\u30c3\u30b7\u30e5\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a\n    cache_policy_id = aws_cloudfront_cache_policy.example.id\n\n    # \u30aa\u30ea\u30b8\u30f3\u30ea\u30af\u30a8\u30b9\u30c8\u30dd\u30ea\u30b7\u30fc\n    origin_request_policy_id = aws_cloudfront_origin_request_policy.example.id\n\n    # \u30ec\u30b9\u30dd\u30f3\u30b9\u30d8\u30c3\u30c0\u30fc\u30dd\u30ea\u30b7\u30fc\n    response_headers_policy_id = aws_cloudfront_response_headers_policy.example.id\n\n    viewer_protocol_policy = \"redirect-to-https\"\n    min_ttl                = 0\n    default_ttl            = 3600\n    max_ttl                = 86400\n  }\n\n  # \u30d1\u30b9\u30d1\u30bf\u30fc\u30f3\u5225\u306e\u30ad\u30e3\u30c3\u30b7\u30e5\u52d5\u4f5c\n  ordered_cache_behavior {\n    path_pattern     = \"\/api\/*\"\n    allowed_methods  = [\"GET\", \"HEAD\", \"OPTIONS\"]\n    cached_methods   = [\"GET\", \"HEAD\"]\n    target_origin_id = local.api_origin_id\n\n    forwarded_values {\n      query_string = true\n      headers      = [\"Authorization\"]\n\n      cookies {\n        forward = \"whitelist\"\n        whitelisted_names = [\"session-id\"]\n      }\n    }\n\n    viewer_protocol_policy = \"https-only\"\n    min_ttl                = 0\n    default_ttl            = 0  # API\u306f\u30ad\u30e3\u30c3\u30b7\u30e5\u3057\u306a\u3044\n    max_ttl                = 0\n  }\n}<\/pre>\n\n\n\n<p>\u52b9\u679c\u7684\u306a\u30ad\u30e3\u30c3\u30b7\u30e5\u8a2d\u5b9a\u306e\u30dd\u30a4\u30f3\u30c8\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u9759\u7684\u30b3\u30f3\u30c6\u30f3\u30c4\u306f\u9577\u3081\u306eTTL\u8a2d\u5b9a<\/li>\n\n\n\n<li>\u52d5\u7684\u30b3\u30f3\u30c6\u30f3\u30c4\u306f\u9069\u5207\u306a\u30d8\u30c3\u30c0\u30fc\u8ee2\u9001\u8a2d\u5b9a<\/li>\n\n\n\n<li>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8981\u4ef6\u306b\u5fdc\u3058\u305fCookie\u306e\u7ba1\u7406<\/li>\n\n\n\n<li>\u30ad\u30e3\u30c3\u30b7\u30e5\u30ad\u30fc\u306e\u6700\u9069\u5316\u306b\u3088\u308b\u30d2\u30c3\u30c8\u7387\u5411\u4e0a<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"i-7\">\u5b9f\u8df5\u7684\u306aTerraform\u8a2d\u5b9a\u4f8b\u3068\u89e3\u8aac<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-8\">S3\u30d0\u30b1\u30c3\u30c8\u3092\u30aa\u30ea\u30b8\u30f3\u306b\u3057\u305f\u9759\u7684Web\u30b5\u30a4\u30c8\u306e\u69cb\u7bc9<\/h3>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># S3\u30d0\u30b1\u30c3\u30c8\u306e\u4f5c\u6210\nresource \"aws_s3_bucket\" \"website\" {\n  bucket = \"example-static-website\"\n}\n\nresource \"aws_s3_bucket_public_access_block\" \"website\" {\n  bucket = aws_s3_bucket.website.id\n  block_public_acls   = true\n  block_public_policy = true\n  ignore_public_acls  = true\n  restrict_public_buckets = true\n}\n\n# CloudFront OAI\u306e\u4f5c\u6210\nresource \"aws_cloudfront_origin_access_identity\" \"oai\" {\n  comment = \"OAI for ${aws_s3_bucket.website.bucket}\"\n}\n\n# S3\u30d0\u30b1\u30c3\u30c8\u30dd\u30ea\u30b7\u30fc\nresource \"aws_s3_bucket_policy\" \"website\" {\n  bucket = aws_s3_bucket.website.id\n  policy = jsonencode({\n    Version = \"2012-10-17\"\n    Statement = [\n      {\n        Sid       = \"AllowCloudFrontOAI\"\n        Effect    = \"Allow\"\n        Principal = {\n          AWS = aws_cloudfront_origin_access_identity.oai.iam_arn\n        }\n        Action   = \"s3:GetObject\"\n        Resource = \"${aws_s3_bucket.website.arn}\/*\"\n      }\n    ]\n  })\n}\n\n# CloudFront Distribution\nresource \"aws_cloudfront_distribution\" \"website\" {\n  origin {\n    domain_name = aws_s3_bucket.website.bucket_regional_domain_name\n    origin_id   = \"S3-${aws_s3_bucket.website.bucket}\"\n\n    s3_origin_config {\n      origin_access_identity = aws_cloudfront_origin_access_identity.oai.cloudfront_access_identity_path\n    }\n  }\n\n  enabled             = true\n  is_ipv6_enabled    = true\n  default_root_object = \"index.html\"\n\n  custom_error_response {\n    error_code         = 404\n    response_code      = 200\n    response_page_path = \"\/index.html\"  # SPA\u306e\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u5bfe\u5fdc\n  }\n\n  default_cache_behavior {\n    allowed_methods  = [\"GET\", \"HEAD\", \"OPTIONS\"]\n    cached_methods   = [\"GET\", \"HEAD\"]\n    target_origin_id = \"S3-${aws_s3_bucket.website.bucket}\"\n\n    forwarded_values {\n      query_string = false\n      cookies {\n        forward = \"none\"\n      }\n    }\n\n    viewer_protocol_policy = \"redirect-to-https\"\n    min_ttl                = 0\n    default_ttl            = 3600\n    max_ttl                = 86400\n    compress               = true\n  }\n\n  price_class = \"PriceClass_200\"\n\n  restrictions {\n    geo_restriction {\n      restriction_type = \"none\"\n    }\n  }\n\n  viewer_certificate {\n    cloudfront_default_certificate = true\n  }\n}<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-9\">ALB\u3092\u30aa\u30ea\u30b8\u30f3\u306b\u3057\u305f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u914d\u4fe1<\/h3>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u306e\u8a2d\u5b9a\nresource \"aws_security_group\" \"alb\" {\n  name        = \"allow-cloudfront-only\"\n  description = \"Allow inbound traffic from CloudFront only\"\n  vpc_id      = var.vpc_id\n\n  ingress {\n    from_port   = 443\n    to_port     = 443\n    protocol    = \"tcp\"\n    cidr_blocks = data.aws_ip_ranges.cloudfront.cidr_blocks\n  }\n}\n\n# ALB\u306e\u8a2d\u5b9a\nresource \"aws_lb\" \"app\" {\n  name               = \"app-alb\"\n  internal           = false\n  load_balancer_type = \"application\"\n  security_groups    = [aws_security_group.alb.id]\n  subnets           = var.public_subnet_ids\n}\n\n# CloudFront Distribution\nresource \"aws_cloudfront_distribution\" \"app\" {\n  origin {\n    domain_name = aws_lb.app.dns_name\n    origin_id   = \"ALB-${aws_lb.app.name}\"\n\n    custom_origin_config {\n      http_port              = 80\n      https_port             = 443\n      origin_protocol_policy = \"https-only\"\n      origin_ssl_protocols   = [\"TLSv1.2\"]\n    }\n\n    custom_header {\n      name  = \"X-Custom-Header\"\n      value = random_password.origin_secret.result\n    }\n  }\n\n  enabled = true\n\n  default_cache_behavior {\n    allowed_methods  = [\"DELETE\", \"GET\", \"HEAD\", \"OPTIONS\", \"PATCH\", \"POST\", \"PUT\"]\n    cached_methods   = [\"GET\", \"HEAD\"]\n    target_origin_id = \"ALB-${aws_lb.app.name}\"\n\n    forwarded_values {\n      query_string = true\n      headers      = [\"Host\", \"Authorization\"]\n\n      cookies {\n        forward = \"all\"\n      }\n    }\n\n    viewer_protocol_policy = \"redirect-to-https\"\n    min_ttl                = 0\n    default_ttl            = 0\n    max_ttl                = 0\n  }\n}<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-10\">WAF\u3068\u306e\u9023\u643a\u3067\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5f37\u5316<\/h3>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># WAF IP\u30ec\u30fc\u30c8\u30ea\u30df\u30c3\u30c6\u30a3\u30f3\u30b0\u30eb\u30fc\u30eb\nresource \"aws_wafv2_web_acl\" \"cloudfront\" {\n  name        = \"cloudfront-waf\"\n  description = \"WAF rules for CloudFront\"\n  scope       = \"CLOUDFRONT\"\n\n  default_action {\n    allow {}\n  }\n\n  rule {\n    name     = \"RateLimit\"\n    priority = 1\n\n    override_action {\n      none {}\n    }\n\n    statement {\n      rate_based_statement {\n        limit              = 2000\n        aggregate_key_type = \"IP\"\n      }\n    }\n\n    visibility_config {\n      cloudwatch_metrics_enabled = true\n      metric_name               = \"RateLimitMetric\"\n      sampled_requests_enabled  = true\n    }\n  }\n\n  rule {\n    name     = \"BlockBadBots\"\n    priority = 2\n\n    override_action {\n      none {}\n    }\n\n    statement {\n      byte_match_statement {\n        field_to_match {\n          single_header {\n            name = \"user-agent\"\n          }\n        }\n        positional_constraint = \"CONTAINS\"\n        search_string        = \"BadBot\"\n        text_transformation {\n          priority = 1\n          type     = \"NONE\"\n        }\n      }\n    }\n\n    visibility_config {\n      cloudwatch_metrics_enabled = true\n      metric_name               = \"BlockBadBotsMetric\"\n      sampled_requests_enabled  = true\n    }\n  }\n\n  visibility_config {\n    cloudwatch_metrics_enabled = true\n    metric_name               = \"CloudFrontWAFMetric\"\n    sampled_requests_enabled  = true\n  }\n}\n\n# CloudFront\u3068WAF\u306e\u9023\u643a\nresource \"aws_cloudfront_distribution\" \"protected\" {\n  # ... \u4ed6\u306e\u8a2d\u5b9a ...\n\n  web_acl_id = aws_wafv2_web_acl.cloudfront.id\n\n  # ... \u4ed6\u306e\u8a2d\u5b9a ...\n}<\/pre>\n\n\n\n<p>\u3053\u308c\u3089\u306e\u8a2d\u5b9a\u4f8b\u306f\u3001\u5b9f\u969b\u306e\u672c\u756a\u74b0\u5883\u3067\u4f7f\u7528\u3067\u304d\u308b\u5b9f\u8df5\u7684\u306a\u3082\u306e\u3067\u3059\u3002\u5fc5\u8981\u306b\u5fdc\u3058\u3066\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u3057\u3066\u4f7f\u7528\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"i-11\">CloudFront\u306e\u904b\u7528\u7ba1\u7406\u3092Terraform\u3067\u52b9\u7387\u5316<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-12\">\u8a3c\u660e\u66f8\u306e\u81ea\u52d5\u66f4\u65b0\u306e\u5b9f\u88c5\u65b9\u6cd5<\/h3>\n\n\n\n<p>ACM\u8a3c\u660e\u66f8\u306e\u81ea\u52d5\u66f4\u65b0\u3092Terraform\u3067\u5b9f\u88c5\u3059\u308b\u4e3b\u306a\u30dd\u30a4\u30f3\u30c8\uff1a<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u8a2d\u5b9a\nprovider \"aws\" {\n  alias  = \"virginia\"\n  region = \"us-east-1\"  # CloudFront\u7528\u8a3c\u660e\u66f8\u306f\u30d0\u30fc\u30b8\u30cb\u30a2\u30ea\u30fc\u30b8\u30e7\u30f3\u304c\u5fc5\u9808\n}\n\n# ACM\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\nresource \"aws_acm_certificate\" \"main\" {\n  provider          = aws.virginia\n  domain_name       = \"example.com\"\n  validation_method = \"DNS\"\n\n  subject_alternative_names = [\"*.example.com\"]\n\n  lifecycle {\n    create_before_destroy = true  # \u8a3c\u660e\u66f8\u306e\u81ea\u52d5\u66f4\u65b0\u3092\u6709\u52b9\u5316\n  }\n\n  tags = {\n    Name = \"cloudfront-cert\"\n  }\n}\n\n# Route 53\u3067\u306eDNS\u691c\u8a3c\u30ec\u30b3\u30fc\u30c9\nresource \"aws_route53_record\" \"cert_validation\" {\n  provider = aws.virginia\n  for_each = {\n    for dvo in aws_acm_certificate.main.domain_validation_options : dvo.domain_name =&gt; {\n      name   = dvo.resource_record_name\n      record = dvo.resource_record_value\n      type   = dvo.resource_record_type\n    }\n  }\n\n  allow_overwrite = true\n  name            = each.value.name\n  records         = [each.value.record]\n  ttl             = 60\n  type            = each.value.type\n  zone_id         = data.aws_route53_zone.main.zone_id\n}\n\n# \u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u5b8c\u4e86\u3092\u5f85\u6a5f\nresource \"aws_acm_certificate_validation\" \"cert\" {\n  provider                = aws.virginia\n  certificate_arn         = aws_acm_certificate.main.arn\n  validation_record_fqdns = [for record in aws_route53_record.cert_validation : record.fqdn]\n}\n\n# CloudFront\u306b\u8a3c\u660e\u66f8\u3092\u95a2\u9023\u4ed8\u3051\nresource \"aws_cloudfront_distribution\" \"main\" {\n  viewer_certificate {\n    acm_certificate_arn      = aws_acm_certificate.main.arn\n    minimum_protocol_version = \"TLSv1.2_2021\"\n    ssl_support_method       = \"sni-only\"\n  }\n  # \u305d\u306e\u4ed6\u306e\u8a2d\u5b9a...\n}<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-13\">GitHubActions\u3067\u306e\u81ea\u52d5\u30c7\u30d7\u30ed\u30a4\u8a2d\u5b9a<\/h3>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">name: 'Terraform CloudFront Deploy'\n\non:\n  push:\n    branches: [ main ]\n    paths:\n      - 'terraform\/**'\n  pull_request:\n    branches: [ main ]\n    paths:\n      - 'terraform\/**'\n\njobs:\n  terraform:\n    name: 'Terraform'\n    runs-on: ubuntu-latest\n\n    env:\n      AWS_DEFAULT_REGION: ap-northeast-1\n      TF_WORKSPACE: production\n\n    defaults:\n      run:\n        working-directory: .\/terraform\n\n    steps:\n    - name: Checkout\n      uses: actions\/checkout@v3\n\n    - name: Setup Terraform\n      uses: hashicorp\/setup-terraform@v2\n      with:\n        terraform_version: 1.5.0\n\n    - name: Configure AWS Credentials\n      uses: aws-actions\/configure-aws-credentials@v2\n      with:\n        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}\n        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}\n        aws-region: ap-northeast-1\n\n    - name: Terraform Format\n      run: terraform fmt -check\n\n    - name: Terraform Init\n      run: |\n        terraform init \\\n          -backend-config=\"bucket=${{ secrets.TF_STATE_BUCKET }}\" \\\n          -backend-config=\"key=cloudfront\/terraform.tfstate\"\n\n    - name: Terraform Plan\n      if: github.event_name == 'pull_request'\n      run: terraform plan -no-color\n      continue-on-error: true\n\n    - name: Terraform Apply\n      if: github.ref == 'refs\/heads\/main' &amp;&amp; github.event_name == 'push'\n      run: terraform apply -auto-approve\n\n    - name: Invalidate CloudFront\n      if: success() &amp;&amp; github.event_name == 'push'\n      run: |\n        aws cloudfront create-invalidation \\\n          --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} \\\n          --paths \"\/*\"<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-14\">\u672c\u756a\u74b0\u5883\u3068\u958b\u767a\u74b0\u5883\u306e\u8a2d\u5b9a\u5206\u96e2<\/h3>\n\n\n\n<p>\u8a2d\u5b9a\u5206\u96e2\u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\uff1a<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># modules\/cloudfront\/main.tf\nlocals {\n  common_tags = {\n    Environment = var.environment\n    ManagedBy   = \"terraform\"\n    Project     = var.project_name\n  }\n}\n\nmodule \"cloudfront\" {\n  source = \".\/modules\/cloudfront\"\n\n  environment = terraform.workspace\n\n  distribution_config = {\n    price_class     = local.env_configs[terraform.workspace].price_class\n    waf_enabled     = local.env_configs[terraform.workspace].waf_enabled\n    logging_enabled = local.env_configs[terraform.workspace].logging_enabled\n  }\n\n  origin_config = {\n    domain_name = local.env_configs[terraform.workspace].origin_domain\n    custom_headers = local.env_configs[terraform.workspace].origin_headers\n  }\n\n  cache_behavior = {\n    min_ttl     = local.env_configs[terraform.workspace].cache_ttl.min\n    default_ttl = local.env_configs[terraform.workspace].cache_ttl.default\n    max_ttl     = local.env_configs[terraform.workspace].cache_ttl.max\n  }\n\n  tags = local.common_tags\n}\n\n# environments\/prod\/main.tf\nlocals {\n  env_configs = {\n    prod = {\n      price_class     = \"PriceClass_200\"\n      waf_enabled     = true\n      logging_enabled = true\n      origin_domain   = \"api.example.com\"\n      origin_headers  = {\n        \"X-Environment\" = \"production\"\n      }\n      cache_ttl = {\n        min     = 0\n        default = 3600\n        max     = 86400\n      }\n    }\n    dev = {\n      price_class     = \"PriceClass_100\"\n      waf_enabled     = false\n      logging_enabled = true\n      origin_domain   = \"dev-api.example.com\"\n      origin_headers  = {\n        \"X-Environment\" = \"development\"\n      }\n      cache_ttl = {\n        min     = 0\n        default = 0\n        max     = 0\n      }\n    }\n  }\n}\n\n# \u30ef\u30fc\u30af\u30b9\u30da\u30fc\u30b9\u5225\u306e\u72b6\u614b\u7ba1\u7406\nterraform {\n  backend \"s3\" {\n    bucket         = \"terraform-state\"\n    key            = \"cloudfront\/terraform.tfstate\"\n    region         = \"ap-northeast-1\"\n    dynamodb_table = \"terraform-locks\"\n    encrypt        = true\n  }\n}<\/pre>\n\n\n\n<p>\u4e3b\u306a\u5229\u70b9\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u8a3c\u660e\u66f8\u306e\u81ea\u52d5\u66f4\u65b0\u306b\u3088\u308b\u53ef\u7528\u6027\u78ba\u4fdd<\/li>\n\n\n\n<li>GitHubActions\u306b\u3088\u308b\u5b89\u5168\u306aCI\/CD<\/li>\n\n\n\n<li>\u74b0\u5883\u3054\u3068\u306e\u8a2d\u5b9a\u7ba1\u7406\u306e\u4e00\u5143\u5316<\/li>\n\n\n\n<li>\u30a4\u30f3\u30d5\u30e9\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u7ba1\u7406\u3068\u30ed\u30fc\u30eb\u30d0\u30c3\u30af\u6a5f\u80fd<\/li>\n\n\n\n<li>\u30b3\u30b9\u30c8\u6700\u9069\u5316\u306e\u305f\u3081\u306e\u74b0\u5883\u5225\u8a2d\u5b9a<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"i-15\">\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u3068\u89e3\u6c7a\u7b5620\u9078<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-16\">\u30c7\u30d7\u30ed\u30a4\u6642\u306b\u3088\u304f\u3042\u308b\u30a8\u30e9\u30fc\u3068\u5bfe\u51e6\u6cd5<\/h3>\n\n\n\n<p><strong>1. \u8a3c\u660e\u66f8\u95a2\u9023\u306e\u30a8\u30e9\u30fc<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u30a8\u30e9\u30fc: Error creating CloudFront Distribution: InvalidViewerCertificate\n# \u539f\u56e0: ACM\u8a3c\u660e\u66f8\u304cus-east-1\u30ea\u30fc\u30b8\u30e7\u30f3\u306b\u306a\u3044\n\nprovider \"aws\" {\n  alias  = \"virginia\"\n  region = \"us-east-1\"\n}\n\nresource \"aws_acm_certificate\" \"cert\" {\n  provider = aws.virginia  # \u5fc5\u305a\u30d0\u30fc\u30b8\u30cb\u30a2\u30ea\u30fc\u30b8\u30e7\u30f3\u3092\u6307\u5b9a\n  # ...\n}<\/pre>\n\n\n\n<p><strong>2. OAI\u306e\u6a29\u9650\u30a8\u30e9\u30fc<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># S3\u30d0\u30b1\u30c3\u30c8\u30dd\u30ea\u30b7\u30fc\u306e\u4fee\u6b63\nresource \"aws_s3_bucket_policy\" \"website\" {\n  bucket = aws_s3_bucket.website.id\n  policy = jsonencode({\n    Version = \"2012-10-17\"\n    Statement = [\n      {\n        Sid       = \"AllowCloudFrontOAI\"\n        Effect    = \"Allow\"\n        Principal = {\n          AWS = aws_cloudfront_origin_access_identity.oai.iam_arn\n        }\n        Action   = \"s3:GetObject\"\n        Resource = \"${aws_s3_bucket.website.arn}\/*\"\n      }\n    ]\n  })\n}<\/pre>\n\n\n\n<p><strong>3. tfstate\u306e\u7af6\u5408<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u72b6\u614b\u30d5\u30a1\u30a4\u30eb\u306e\u30ed\u30c3\u30af\u8a2d\u5b9a\nterraform {\n  backend \"s3\" {\n    bucket         = \"terraform-state\"\n    key            = \"cloudfront\/terraform.tfstate\"\n    region         = \"ap-northeast-1\"\n    dynamodb_table = \"terraform-locks\"  # \u5fc5\u305a\u30ed\u30c3\u30af\u30c6\u30fc\u30d6\u30eb\u3092\u6307\u5b9a\n    encrypt        = true\n  }\n}<\/pre>\n\n\n\n<p><strong>4. \u7121\u52b9\u5316\u30a8\u30e9\u30fc<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u7121\u52b9\u5316\u306e\u9069\u5207\u306a\u5b9f\u88c5\nresource \"null_resource\" \"invalidation\" {\n  triggers = {\n    distribution_id = aws_cloudfront_distribution.main.id\n  }\n\n  provisioner \"local-exec\" {\n    command = &lt;&lt;EOF\n      aws cloudfront create-invalidation \\\n        --distribution-id ${aws_cloudfront_distribution.main.id} \\\n        --paths \"\/*\"\n    EOF\n  }\n}<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-17\">\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u6700\u9069\u5316\u306e\u305f\u3081\u306e\u30c1\u30a7\u30c3\u30af\u30dd\u30a4\u30f3\u30c8<\/h3>\n\n\n\n<p><strong>1. \u30aa\u30ea\u30b8\u30f3\u30b7\u30fc\u30eb\u30c9\u306e\u8a2d\u5b9a<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">resource \"aws_cloudfront_distribution\" \"optimized\" {\n  origin {\n    domain_name = aws_s3_bucket.origin.bucket_regional_domain_name\n    origin_id   = local.origin_id\n\n    origin_shield {\n      enabled              = true\n      origin_shield_region = \"ap-northeast-1\"  # \u6700\u3082\u8fd1\u3044\u30ea\u30fc\u30b8\u30e7\u30f3\n    }\n  }\n}<\/pre>\n\n\n\n<p><strong>2. \u5727\u7e2e\u8a2d\u5b9a\u306e\u6700\u9069\u5316<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">resource \"aws_cloudfront_distribution\" \"optimized\" {\n  default_cache_behavior {\n    compress = true\n\n    forwarded_values {\n      query_string = false\n      headers      = [\"Origin\", \"Access-Control-Request-Headers\", \"Access-Control-Request-Method\"]\n    }\n  }\n}<\/pre>\n\n\n\n<p><strong>3. \u30ad\u30e3\u30c3\u30b7\u30e5\u8a2d\u5b9a\u306e\u6700\u9069\u5316<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">resource \"aws_cloudfront_cache_policy\" \"optimized\" {\n  name        = \"optimized-caching\"\n  min_ttl     = 1\n  default_ttl = 86400    # 24\u6642\u9593\n  max_ttl     = 31536000 # 1\u5e74\n\n  parameters_in_cache_key_and_forwarded_to_origin {\n    cookies_config {\n      cookie_behavior = \"none\"\n    }\n    headers_config {\n      header_behavior = \"whitelist\"\n      headers {\n        items = [\"Origin\", \"Access-Control-Request-Headers\", \"Access-Control-Request-Method\"]\n      }\n    }\n    query_strings_config {\n      query_string_behavior = \"none\"\n    }\n  }\n}<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-18\">\u30b3\u30b9\u30c8\u6700\u9069\u5316\u306e\u305f\u3081\u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9<\/h3>\n\n\n\n<p><strong>1. \u4fa1\u683c\u30af\u30e9\u30b9\u306e\u6700\u9069\u5316<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">resource \"aws_cloudfront_distribution\" \"cost_optimized\" {\n  price_class = \"PriceClass_200\"  # \u30a2\u30b8\u30a2\u30fb\u30e8\u30fc\u30ed\u30c3\u30d1\u30fb\u5317\u7c73\u306e\u307f\n}<\/pre>\n\n\n\n<p><strong>2. \u30ad\u30e3\u30c3\u30b7\u30e5\u30d2\u30c3\u30c8\u7387\u306e\u76e3\u8996<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">resource \"aws_cloudwatch_metric_alarm\" \"cache_hit\" {\n  alarm_name          = \"cloudfront-cache-hit-rate\"\n  comparison_operator = \"LessThanThreshold\"\n  evaluation_periods  = \"2\"\n  metric_name         = \"CacheHitRate\"\n  namespace           = \"AWS\/CloudFront\"\n  period             = \"300\"\n  statistic          = \"Average\"\n  threshold          = \"90\"\n  alarm_description  = \"CloudFront\u306e\u30ad\u30e3\u30c3\u30b7\u30e5\u30d2\u30c3\u30c8\u7387\u304c90%\u3092\u4e0b\u56de\u3063\u3066\u3044\u307e\u3059\"\n\n  dimensions = {\n    DistributionId = aws_cloudfront_distribution.main.id\n  }\n}<\/pre>\n\n\n\n<p><strong>3. \u4e0d\u8981\u306a\u30ea\u30fc\u30b8\u30e7\u30f3\u306e\u30d6\u30ed\u30c3\u30af<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">resource \"aws_cloudfront_distribution\" \"cost_optimized\" {\n  restrictions {\n    geo_restriction {\n      restriction_type = \"whitelist\"\n      locations        = [\"JP\", \"US\", \"CA\"]  # \u5fc5\u8981\u306a\u30ea\u30fc\u30b8\u30e7\u30f3\u306e\u307f\u8a31\u53ef\n    }\n  }\n}<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-19\">\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u306e\u305f\u3081\u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30c7\u30d0\u30c3\u30b0\u7528\u30d8\u30c3\u30c0\u30fc\u306e\u8a2d\u5b9a<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">resource \"aws_cloudfront_distribution\" \"debug\" {\n  default_cache_behavior {\n    response_headers_policy_id = aws_cloudfront_response_headers_policy.debug.id\n  }\n}\n\nresource \"aws_cloudfront_response_headers_policy\" \"debug\" {\n  name = \"debug-headers\"\n\n  custom_headers_config {\n    items {\n      header   = \"X-Cache-Debug\"\n      override = true\n      value    = \"true\"\n    }\n    items {\n      header   = \"X-Edge-Location\"\n      override = true\n      value    = \"true\"\n    }\n  }\n}<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>\u30a8\u30e9\u30fc\u30da\u30fc\u30b8\u306e\u30ab\u30b9\u30bf\u30de\u30a4\u30ba<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">resource \"aws_cloudfront_distribution\" \"debug\" {\n  custom_error_response {\n    error_code            = 403\n    response_code         = 200\n    response_page_path    = \"\/error\/403.html\"\n    error_caching_min_ttl = 300\n  }\n\n  custom_error_response {\n    error_code            = 404\n    response_code         = 200\n    response_page_path    = \"\/error\/404.html\"\n    error_caching_min_ttl = 300\n  }\n}<\/pre>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>\u30ed\u30b0\u8a2d\u5b9a\u306e\u6700\u9069\u5316<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">resource \"aws_cloudfront_distribution\" \"logging\" {\n  logging_config {\n    include_cookies = true\n    bucket         = \"${aws_s3_bucket.logs.bucket_domain_name}\"\n    prefix         = \"cloudfront\/\"\n  }\n}\n\nresource \"aws_s3_bucket\" \"logs\" {\n  bucket = \"cloudfront-logs-${data.aws_caller_identity.current.account_id}\"\n}\n\nresource \"aws_s3_bucket_lifecycle_rule\" \"logs\" {\n  bucket = aws_s3_bucket.logs.id\n\n  expiration {\n    days = 90  # 90\u65e5\u5f8c\u306b\u81ea\u52d5\u524a\u9664\n  }\n}<\/pre>\n\n\n\n<p>\u3053\u308c\u3089\u306e\u8a2d\u5b9a\u3068\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u3092\u5b9f\u88c5\u3059\u308b\u3053\u3068\u3067\u3001\u591a\u304f\u306e\u4e00\u822c\u7684\u306a\u554f\u984c\u3092\u9632\u304e\u3001\u52b9\u7387\u7684\u306a\u904b\u7528\u304c\u53ef\u80fd\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Warning: Undefined array key &#8220;is_admin&#8221; in \/home\/xs392991\/dexall.co.jp\/public_html\/articles\/wp-content\/themes\/ &#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":{"0":"post-2318","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-aws","7":"nothumb"},"_links":{"self":[{"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/posts\/2318","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2318"}],"version-history":[{"count":1,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/posts\/2318\/revisions"}],"predecessor-version":[{"id":2319,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/posts\/2318\/revisions\/2319"}],"wp:attachment":[{"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}