Automated Cloud Front (CS) distribution

[galenatjpl]

The shared services CloudFront distribution should point to:

• API Gateway for REST API calls
  • for shared service REST endpoints
  • for venue REST endpoints
• and httpd for websites (UI calls)
  • for shared service UIs
  • for venue UIs

The above connections should be dynamically created/modified by the below methodology, upon bootstrap of Management Console. This is one-time setup.

There is a Lambda on Shared Services that scans (poll-based) the Secrets Manager for each venue account. If it finds any changes for the URLs, it will update CloudFront and also API Gateway.

Example: Management Console in Venue A deploys, and updates their URL in the shared services Secrets Manager.

Security on the venue-side should be locked down. E.g. only requests from cloudfront from SS account can access.

• [ ] API GW needs SG policy
• [ ] Load Balancer in front of httpd needs to be locked down

[galenatjpl]

@jonathansmolenski please fill out the description of this ticket, with what the details of this plan are. We can meet about it also if you want to brainstorm more about this.