fleet/infrastructure/loadtesting/terraform/template/cloudfront.tf.disabled

module "cloudfront-software-installers" {
  source            = "github.com/fleetdm/fleet-terraform/addons/cloudfront-software-installers?ref=tf-mod-addon-cloudfront-software-installers-v1.0.0"
  customer          = terraform.workspace
  s3_bucket         = aws_s3_bucket.software_installers.id
  s3_kms_key_id     = aws_kms_key.software_installers.id
  public_key        = data.aws_kms_secrets.cloudfront.plaintext["public_key"]
  private_key       = data.aws_kms_secrets.cloudfront.plaintext["private_key"]
  enable_logging    = true
  logging_s3_bucket = module.logging_alb.log_s3_bucket_id
}

data "aws_kms_secrets" "cloudfront" {
  secret {
    name    = "public_key"
    key_id  = aws_kms_key.customer_data_key.id
    payload = file("${path.module}/resources/${terraform.workspace}/${local.cloudfront_key_basename}.pem.encrypted")
  }
  secret {
    name    = "private_key"
    key_id  = aws_kms_key.customer_data_key.id
    payload = file("${path.module}/resources/${terraform.workspace}/${local.cloudfront_key_basename}.key.encrypted")
  }
}
Loadtesting - Enable Cloudfront (#31073) # Added - Added kms.tf to support encrypting keys, specifically cloudfront keys. - Added template/cloudfront.tf.disabled for use in enabling cloudfront.- Modified ecs-iam.tf to support log-alb.tf, cloudfront.tf policies that are injected into `local.extra_execution_iam_policies` and `local.iam`. - Added log-alb.tf to enable logging alb, required by cloudfront.tf. # Changed - Modified ecs.tf to support adding of additional secrets from `local.secrets`. - Modified firehose.tf to support provider required updates for deprecated resource configurations. - Modified init.tf to support `> v5.0` of `hashicorp/aws` provider. - Modified locals.tf to add `extra_execution_iam_policies`, `iam`, `software_installers_kms_policy`, `extra_secrets`, secrets, and `cloudfront_key_basename`, to support cloudfront. - Modified readme.md with instructions on how to enable cloudfront.tf - Modified redis.tf to support provider required updates for deprecated resource configurations - Modified s3.tf to support kms keys and add kms iam. - Modified terraform version in .github/workflows/tfvalidate.yml - 1.9.0 -> 1.10.4 2025-07-21 20:41:06 +00:00			`module "cloudfront-software-installers" {`
			`source = "github.com/fleetdm/fleet-terraform/addons/cloudfront-software-installers?ref=tf-mod-addon-cloudfront-software-installers-v1.0.0"`
			`customer = terraform.workspace`
			`s3_bucket = aws_s3_bucket.software_installers.id`
			`s3_kms_key_id = aws_kms_key.software_installers.id`
			`public_key = data.aws_kms_secrets.cloudfront.plaintext["public_key"]`
			`private_key = data.aws_kms_secrets.cloudfront.plaintext["private_key"]`
			`enable_logging = true`
			`logging_s3_bucket = module.logging_alb.log_s3_bucket_id`
			`}`

			`data "aws_kms_secrets" "cloudfront" {`
			`secret {`
			`name = "public_key"`
			`key_id = aws_kms_key.customer_data_key.id`
			`payload = file("${path.module}/resources/${terraform.workspace}/${local.cloudfront_key_basename}.pem.encrypted")`
			`}`
			`secret {`
			`name = "private_key"`
			`key_id = aws_kms_key.customer_data_key.id`
			`payload = file("${path.module}/resources/${terraform.workspace}/${local.cloudfront_key_basename}.key.encrypted")`
			`}`
			`}`