This change adds a CloudFront distribution for rss.wellcomecollection.org so that we can continue to serve content from that URL. We are using a CloudFront Function to rewrite URLs.
Requests come to https://rss.wellcomecollection.org/stories, the CloudFront distribution described in this PR will direct them to a behaviour which points them at the content app ALB origin, but rewrites requests for /stories to /rss and returns 404s for all other requests to rss.wellcomecollection.org.
# aws_cloudfront_distribution.wc_org will be created
+ resource "aws_cloudfront_distribution" "wc_org" {
+ aliases = [
+ "rss.wellcomecollection.org",
]
+ arn = (known after apply)
+ caller_reference = (known after apply)
+ continuous_deployment_policy_id = (known after apply)
+ domain_name = (known after apply)
+ enabled = true
+ etag = (known after apply)
+ hosted_zone_id = (known after apply)
+ http_version = "http2"
+ id = (known after apply)
+ in_progress_validation_batches = (known after apply)
+ is_ipv6_enabled = true
+ last_modified_time = (known after apply)
+ price_class = "PriceClass_All"
+ retain_on_delete = false
+ staging = false
+ status = (known after apply)
+ tags_all = {
+ "Department" = "Digital Platform"
+ "Division" = "Culture and Society"
+ "TerraformConfigurationURL" = "https://github.com/wellcomecollection/wellcomecollection.org/tree/main/cache"
+ "Use" = "Front-end CloudFront distributions"
}
+ trusted_key_groups = (known after apply)
+ trusted_signers = (known after apply)
+ wait_for_deployment = true
+ default_cache_behavior {
+ allowed_methods = [
+ "GET",
+ "HEAD",
]
+ cache_policy_id = "b2c915f6-c889-4d69-84c1-0986bcf82901"
+ cached_methods = [
+ "GET",
+ "HEAD",
]
+ compress = false
+ default_ttl = (known after apply)
+ max_ttl = (known after apply)
+ min_ttl = 0
+ origin_request_policy_id = "7d466a9a-b53c-43ab-babb-6f3e66ca5caf"
+ response_headers_policy_id = "6a3b328f-7d56-48ed-872d-6616b7dc7a71"
+ target_origin_id = "origin"
+ trusted_key_groups = (known after apply)
+ trusted_signers = (known after apply)
+ viewer_protocol_policy = "redirect-to-https"
+ function_association {
+ event_type = "viewer-request"
+ function_arn = (known after apply)
}
}
+ logging_config {
+ bucket = "wellcomecollection-experience-cloudfront-logs.s3.amazonaws.com"
+ include_cookies = false
+ prefix = "rss.wellcomecollection.org/"
}
+ origin {
# At least one attribute in this block is (or was) sensitive,
# so its contents will not be displayed.
}
+ restrictions {
+ geo_restriction {
+ locations = (known after apply)
+ restriction_type = "none"
}
}
+ viewer_certificate {
+ acm_certificate_arn = "arn:aws:acm:us-east-1:130871440101:certificate/bb840c52-56bb-4bf8-86f8-59e7deaf9c98"
+ minimum_protocol_version = "TLSv1.2_2018"
+ ssl_support_method = "sni-only"
}
}
# aws_cloudfront_function.rss_url_rewrite will be created
+ resource "aws_cloudfront_function" "rss_url_rewrite" {
+ arn = (known after apply)
+ code = <<-EOT
// eslint-disable-next-line no-unused-vars
function handler(event) {
const request = event.request;
const uri = request.uri;
if (uri === '/stories') {
request.uri = '/visit-us';
return request;
} else {
return {
statusCode: 404,
};
}
}
EOT
+ comment = "Rewrites /stories to /rss for rss.wellcomecollection.org"
+ etag = (known after apply)
+ id = (known after apply)
+ live_stage_etag = (known after apply)
+ name = "rss-url-rewrite"
+ publish = true
+ runtime = "cloudfront-js-2.0"
+ status = (known after apply)
}
Plan: 2 to add, 0 to change, 0 to destroy.
How to test
Terraform this change, and manually configure to test with rss-stage.wellcomecollection.org. If this succeeds we can update the CNAME record for rss.wellcomecollection.org.
How can we measure success?
No more infrastructure on Vercel.
Have we considered potential risks?
We could break the existing RSS implementation during deployment, but this is not a high priority feature.
What does this change?
This change adds a CloudFront distribution for
rss.wellcomecollection.org
so that we can continue to serve content from that URL. We are using a CloudFront Function to rewrite URLs.Requests come to https://rss.wellcomecollection.org/stories, the CloudFront distribution described in this PR will direct them to a behaviour which points them at the content app ALB origin, but rewrites requests for /stories to /rss and returns 404s for all other requests to
rss.wellcomecollection.org
.Follows: https://github.com/wellcomecollection/wellcomecollection.org/pull/10982, which implements the RSS endpoint on the content app.
terraform plan
How to test
Terraform this change, and manually configure to test with
rss-stage.wellcomecollection.org
. If this succeeds we can update the CNAME record forrss.wellcomecollection.org
.How can we measure success?
No more infrastructure on Vercel.
Have we considered potential risks?
We could break the existing RSS implementation during deployment, but this is not a high priority feature.