resource "aws_cloudfront_origin_access_control" "s3_oac" {
  name                              = "s3_oac_${random_string.bucket_random.result}"
  description                       = "S3 OAC Policy"
  origin_access_control_origin_type = "s3"
  signing_behavior                  = "always"
  signing_protocol                  = "sigv4"
}

data "aws_s3_bucket" "source_bucket" {
  bucket = aws_s3_bucket.source.bucket
}

resource "aws_cloudfront_distribution" "cf_dist" {
  origin {
    domain_name              = data.aws_s3_bucket.source_bucket.bucket_regional_domain_name
    origin_access_control_id = aws_cloudfront_origin_access_control.s3_oac.id
    origin_id                = local.us_s3_origin_id
  }

  enabled             = true #콘텐츠에 대한 최종 사용자 요청을 수락하도록 배포가 활성화되어 있는지 여부입니다
  is_ipv6_enabled     = false
  comment             = "CloudFront For S3, ALB"
  default_root_object = "index.html"

  default_cache_behavior { #S3 behavior
    cache_policy_id  = "658327ea-f89d-4fab-a63d-7e88639e58f6" #CachingOptimized
    target_origin_id = local.us_s3_origin_id

    allowed_methods = ["GET", "HEAD"]
    cached_methods  = ["GET", "HEAD"]

    compress = true
    viewer_protocol_policy = "redirect-to-https"
    }
  price_class = "PriceClass_All"
  restrictions { #국가 제한
    geo_restriction {
      restriction_type = "none"
      locations        = []
    }
  }
  viewer_certificate { #인증서 HTTPS를 사용하여 객체를 요청하도록 한다
    cloudfront_default_certificate = true
  }
}