github.com/inge4pres/terraform@v0.7.5-0.20160930053151-bd083f84f376/builtin/providers/aws/resource_aws_cloudfront_distribution_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "math/rand" 6 "os" 7 "testing" 8 "time" 9 10 "github.com/aws/aws-sdk-go/aws" 11 "github.com/aws/aws-sdk-go/service/cloudfront" 12 "github.com/hashicorp/terraform/helper/acctest" 13 "github.com/hashicorp/terraform/helper/resource" 14 "github.com/hashicorp/terraform/terraform" 15 ) 16 17 // TestAccAWSCloudFrontDistribution_S3Origin runs an 18 // aws_cloudfront_distribution acceptance test with a single S3 origin. 19 // 20 // If you are testing manually and can't wait for deletion, set the 21 // TF_TEST_CLOUDFRONT_RETAIN environment variable. 22 func TestAccAWSCloudFrontDistribution_S3Origin(t *testing.T) { 23 resource.Test(t, resource.TestCase{ 24 PreCheck: func() { testAccPreCheck(t) }, 25 Providers: testAccProviders, 26 CheckDestroy: testAccCheckCloudFrontDistributionDestroy, 27 Steps: []resource.TestStep{ 28 resource.TestStep{ 29 Config: testAccAWSCloudFrontDistributionS3Config, 30 Check: resource.ComposeTestCheckFunc( 31 testAccCheckCloudFrontDistributionExistence( 32 "aws_cloudfront_distribution.s3_distribution", 33 ), 34 resource.TestCheckResourceAttr( 35 "aws_cloudfront_distribution.s3_distribution", 36 "hosted_zone_id", 37 "Z2FDTNDATAQYW2", 38 ), 39 ), 40 }, 41 }, 42 }) 43 } 44 45 func TestAccAWSCloudFrontDistribution_S3OriginWithTags(t *testing.T) { 46 ri := acctest.RandInt() 47 preConfig := fmt.Sprintf(testAccAWSCloudFrontDistributionS3ConfigWithTags, ri, testAccAWSCloudFrontDistributionRetainConfig()) 48 postConfig := fmt.Sprintf(testAccAWSCloudFrontDistributionS3ConfigWithTagsUpdated, ri, testAccAWSCloudFrontDistributionRetainConfig()) 49 50 resource.Test(t, resource.TestCase{ 51 PreCheck: func() { testAccPreCheck(t) }, 52 Providers: testAccProviders, 53 CheckDestroy: testAccCheckCloudFrontDistributionDestroy, 54 Steps: []resource.TestStep{ 55 { 56 Config: preConfig, 57 Check: resource.ComposeTestCheckFunc( 58 testAccCheckCloudFrontDistributionExistence( 59 "aws_cloudfront_distribution.s3_distribution", 60 ), 61 resource.TestCheckResourceAttr( 62 "aws_cloudfront_distribution.s3_distribution", "tags.%", "2"), 63 resource.TestCheckResourceAttr( 64 "aws_cloudfront_distribution.s3_distribution", "tags.environment", "production"), 65 resource.TestCheckResourceAttr( 66 "aws_cloudfront_distribution.s3_distribution", "tags.account", "main"), 67 ), 68 }, 69 { 70 Config: postConfig, 71 Check: resource.ComposeTestCheckFunc( 72 testAccCheckCloudFrontDistributionExistence( 73 "aws_cloudfront_distribution.s3_distribution", 74 ), 75 resource.TestCheckResourceAttr( 76 "aws_cloudfront_distribution.s3_distribution", "tags.%", "1"), 77 resource.TestCheckResourceAttr( 78 "aws_cloudfront_distribution.s3_distribution", "tags.environment", "dev"), 79 ), 80 }, 81 }, 82 }) 83 } 84 85 // TestAccAWSCloudFrontDistribution_customOriginruns an 86 // aws_cloudfront_distribution acceptance test with a single custom origin. 87 // 88 // If you are testing manually and can't wait for deletion, set the 89 // TF_TEST_CLOUDFRONT_RETAIN environment variable. 90 func TestAccAWSCloudFrontDistribution_customOrigin(t *testing.T) { 91 resource.Test(t, resource.TestCase{ 92 PreCheck: func() { testAccPreCheck(t) }, 93 Providers: testAccProviders, 94 CheckDestroy: testAccCheckCloudFrontDistributionDestroy, 95 Steps: []resource.TestStep{ 96 resource.TestStep{ 97 Config: testAccAWSCloudFrontDistributionCustomConfig, 98 Check: resource.ComposeTestCheckFunc( 99 testAccCheckCloudFrontDistributionExistence( 100 "aws_cloudfront_distribution.custom_distribution", 101 ), 102 ), 103 }, 104 }, 105 }) 106 } 107 108 // TestAccAWSCloudFrontDistribution_multiOrigin runs an 109 // aws_cloudfront_distribution acceptance test with multiple origins. 110 // 111 // If you are testing manually and can't wait for deletion, set the 112 // TF_TEST_CLOUDFRONT_RETAIN environment variable. 113 func TestAccAWSCloudFrontDistribution_multiOrigin(t *testing.T) { 114 resource.Test(t, resource.TestCase{ 115 PreCheck: func() { testAccPreCheck(t) }, 116 Providers: testAccProviders, 117 CheckDestroy: testAccCheckCloudFrontDistributionDestroy, 118 Steps: []resource.TestStep{ 119 resource.TestStep{ 120 Config: testAccAWSCloudFrontDistributionMultiOriginConfig, 121 Check: resource.ComposeTestCheckFunc( 122 testAccCheckCloudFrontDistributionExistence( 123 "aws_cloudfront_distribution.multi_origin_distribution", 124 ), 125 ), 126 }, 127 }, 128 }) 129 } 130 131 // TestAccAWSCloudFrontDistribution_noOptionalItemsConfig runs an 132 // aws_cloudfront_distribution acceptance test with no optional items set. 133 // 134 // If you are testing manually and can't wait for deletion, set the 135 // TF_TEST_CLOUDFRONT_RETAIN environment variable. 136 func TestAccAWSCloudFrontDistribution_noOptionalItemsConfig(t *testing.T) { 137 resource.Test(t, resource.TestCase{ 138 PreCheck: func() { testAccPreCheck(t) }, 139 Providers: testAccProviders, 140 CheckDestroy: testAccCheckCloudFrontDistributionDestroy, 141 Steps: []resource.TestStep{ 142 resource.TestStep{ 143 Config: testAccAWSCloudFrontDistributionNoOptionalItemsConfig, 144 Check: resource.ComposeTestCheckFunc( 145 testAccCheckCloudFrontDistributionExistence( 146 "aws_cloudfront_distribution.no_optional_items", 147 ), 148 ), 149 }, 150 }, 151 }) 152 } 153 154 // TestAccAWSCloudFrontDistribution_HTTP11Config runs an 155 // aws_cloudfront_distribution acceptance test with the HTTP version set to 156 // 1.1. 157 // 158 // If you are testing manually and can't wait for deletion, set the 159 // TF_TEST_CLOUDFRONT_RETAIN environment variable. 160 func TestAccAWSCloudFrontDistribution_HTTP11Config(t *testing.T) { 161 resource.Test(t, resource.TestCase{ 162 PreCheck: func() { testAccPreCheck(t) }, 163 Providers: testAccProviders, 164 CheckDestroy: testAccCheckCloudFrontDistributionDestroy, 165 Steps: []resource.TestStep{ 166 resource.TestStep{ 167 Config: testAccAWSCloudFrontDistributionHTTP11Config, 168 Check: resource.ComposeTestCheckFunc( 169 testAccCheckCloudFrontDistributionExistence( 170 "aws_cloudfront_distribution.http_1_1", 171 ), 172 ), 173 }, 174 }, 175 }) 176 } 177 178 func TestAccAWSCloudFrontDistribution_noCustomErrorResponseConfig(t *testing.T) { 179 resource.Test(t, resource.TestCase{ 180 PreCheck: func() { testAccPreCheck(t) }, 181 Providers: testAccProviders, 182 CheckDestroy: testAccCheckCloudFrontDistributionDestroy, 183 Steps: []resource.TestStep{ 184 resource.TestStep{ 185 Config: testAccAWSCloudFrontDistributionNoCustomErroResponseInfo, 186 Check: resource.ComposeTestCheckFunc( 187 testAccCheckCloudFrontDistributionExistence( 188 "aws_cloudfront_distribution.no_custom_error_responses", 189 ), 190 ), 191 }, 192 }, 193 }) 194 } 195 196 func testAccCheckCloudFrontDistributionDestroy(s *terraform.State) error { 197 for k, rs := range s.RootModule().Resources { 198 if rs.Type != "aws_cloudfront_distribution" { 199 continue 200 } 201 dist, err := testAccAuxCloudFrontGetDistributionConfig(s, k) 202 if err == nil { 203 if _, ok := os.LookupEnv("TF_TEST_CLOUDFRONT_RETAIN"); ok { 204 if *dist.DistributionConfig.Enabled != false { 205 return fmt.Errorf("CloudFront distribution should be disabled") 206 } 207 return nil 208 } 209 return fmt.Errorf("CloudFront distribution did not destroy") 210 } 211 } 212 return nil 213 } 214 215 func testAccCheckCloudFrontDistributionExistence(cloudFrontResource string) resource.TestCheckFunc { 216 return func(s *terraform.State) error { 217 _, err := testAccAuxCloudFrontGetDistributionConfig(s, cloudFrontResource) 218 219 return err 220 } 221 } 222 223 func testAccAuxCloudFrontGetDistributionConfig(s *terraform.State, cloudFrontResource string) (*cloudfront.Distribution, error) { 224 cf, ok := s.RootModule().Resources[cloudFrontResource] 225 if !ok { 226 return nil, fmt.Errorf("Not found: %s", cloudFrontResource) 227 } 228 229 if cf.Primary.ID == "" { 230 return nil, fmt.Errorf("No Id is set") 231 } 232 233 cloudfrontconn := testAccProvider.Meta().(*AWSClient).cloudfrontconn 234 235 req := &cloudfront.GetDistributionInput{ 236 Id: aws.String(cf.Primary.ID), 237 } 238 239 res, err := cloudfrontconn.GetDistribution(req) 240 if err != nil { 241 return nil, fmt.Errorf("Error retrieving CloudFront distribution: %s", err) 242 } 243 244 return res.Distribution, nil 245 } 246 247 func testAccAWSCloudFrontDistributionRetainConfig() string { 248 if _, ok := os.LookupEnv("TF_TEST_CLOUDFRONT_RETAIN"); ok { 249 return "retain_on_delete = true" 250 } 251 return "" 252 } 253 254 var testAccAWSCloudFrontDistributionS3Config = fmt.Sprintf(` 255 variable rand_id { 256 default = %d 257 } 258 259 resource "aws_s3_bucket" "s3_bucket" { 260 bucket = "mybucket.${var.rand_id}.s3.amazonaws.com" 261 acl = "public-read" 262 } 263 264 resource "aws_cloudfront_distribution" "s3_distribution" { 265 origin { 266 domain_name = "${aws_s3_bucket.s3_bucket.id}" 267 origin_id = "myS3Origin" 268 } 269 enabled = true 270 default_root_object = "index.html" 271 logging_config { 272 include_cookies = false 273 bucket = "mylogs.${var.rand_id}.s3.amazonaws.com" 274 prefix = "myprefix" 275 } 276 aliases = [ "mysite.${var.rand_id}.example.com", "yoursite.${var.rand_id}.example.com" ] 277 default_cache_behavior { 278 allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] 279 cached_methods = [ "GET", "HEAD" ] 280 target_origin_id = "myS3Origin" 281 forwarded_values { 282 query_string = false 283 cookies { 284 forward = "none" 285 } 286 } 287 viewer_protocol_policy = "allow-all" 288 min_ttl = 0 289 default_ttl = 3600 290 max_ttl = 86400 291 } 292 price_class = "PriceClass_200" 293 restrictions { 294 geo_restriction { 295 restriction_type = "whitelist" 296 locations = [ "US", "CA", "GB", "DE" ] 297 } 298 } 299 viewer_certificate { 300 cloudfront_default_certificate = true 301 } 302 %s 303 } 304 `, rand.New(rand.NewSource(time.Now().UnixNano())).Int(), testAccAWSCloudFrontDistributionRetainConfig()) 305 306 var testAccAWSCloudFrontDistributionS3ConfigWithTags = ` 307 variable rand_id { 308 default = %d 309 } 310 311 resource "aws_s3_bucket" "s3_bucket" { 312 bucket = "mybucket.${var.rand_id}.s3.amazonaws.com" 313 acl = "public-read" 314 } 315 316 resource "aws_cloudfront_distribution" "s3_distribution" { 317 origin { 318 domain_name = "${aws_s3_bucket.s3_bucket.id}" 319 origin_id = "myS3Origin" 320 } 321 enabled = true 322 default_root_object = "index.html" 323 aliases = [ "mysite.${var.rand_id}.example.com", "yoursite.${var.rand_id}.example.com" ] 324 default_cache_behavior { 325 allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] 326 cached_methods = [ "GET", "HEAD" ] 327 target_origin_id = "myS3Origin" 328 forwarded_values { 329 query_string = false 330 cookies { 331 forward = "none" 332 } 333 } 334 viewer_protocol_policy = "allow-all" 335 min_ttl = 0 336 default_ttl = 3600 337 max_ttl = 86400 338 } 339 price_class = "PriceClass_200" 340 restrictions { 341 geo_restriction { 342 restriction_type = "whitelist" 343 locations = [ "US", "CA", "GB", "DE" ] 344 } 345 } 346 viewer_certificate { 347 cloudfront_default_certificate = true 348 } 349 tags { 350 environment = "production" 351 account = "main" 352 } 353 %s 354 } 355 ` 356 357 var testAccAWSCloudFrontDistributionS3ConfigWithTagsUpdated = ` 358 variable rand_id { 359 default = %d 360 } 361 362 resource "aws_s3_bucket" "s3_bucket" { 363 bucket = "mybucket.${var.rand_id}.s3.amazonaws.com" 364 acl = "public-read" 365 } 366 367 resource "aws_cloudfront_distribution" "s3_distribution" { 368 origin { 369 domain_name = "${aws_s3_bucket.s3_bucket.id}" 370 origin_id = "myS3Origin" 371 } 372 enabled = true 373 default_root_object = "index.html" 374 aliases = [ "mysite.${var.rand_id}.example.com", "yoursite.${var.rand_id}.example.com" ] 375 default_cache_behavior { 376 allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] 377 cached_methods = [ "GET", "HEAD" ] 378 target_origin_id = "myS3Origin" 379 forwarded_values { 380 query_string = false 381 cookies { 382 forward = "none" 383 } 384 } 385 viewer_protocol_policy = "allow-all" 386 min_ttl = 0 387 default_ttl = 3600 388 max_ttl = 86400 389 } 390 price_class = "PriceClass_200" 391 restrictions { 392 geo_restriction { 393 restriction_type = "whitelist" 394 locations = [ "US", "CA", "GB", "DE" ] 395 } 396 } 397 viewer_certificate { 398 cloudfront_default_certificate = true 399 } 400 tags { 401 environment = "dev" 402 } 403 %s 404 } 405 ` 406 407 var testAccAWSCloudFrontDistributionCustomConfig = fmt.Sprintf(` 408 variable rand_id { 409 default = %d 410 } 411 412 resource "aws_cloudfront_distribution" "custom_distribution" { 413 origin { 414 domain_name = "www.example.com" 415 origin_id = "myCustomOrigin" 416 custom_origin_config { 417 http_port = 80 418 https_port = 443 419 origin_protocol_policy = "http-only" 420 origin_ssl_protocols = [ "SSLv3", "TLSv1" ] 421 } 422 } 423 enabled = true 424 comment = "Some comment" 425 default_root_object = "index.html" 426 logging_config { 427 include_cookies = false 428 bucket = "mylogs.${var.rand_id}.s3.amazonaws.com" 429 prefix = "myprefix" 430 } 431 aliases = [ "mysite.${var.rand_id}.example.com", "*.yoursite.${var.rand_id}.example.com" ] 432 default_cache_behavior { 433 allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] 434 cached_methods = [ "GET", "HEAD" ] 435 target_origin_id = "myCustomOrigin" 436 smooth_streaming = false 437 forwarded_values { 438 query_string = false 439 cookies { 440 forward = "all" 441 } 442 } 443 viewer_protocol_policy = "allow-all" 444 min_ttl = 0 445 default_ttl = 3600 446 max_ttl = 86400 447 } 448 price_class = "PriceClass_200" 449 restrictions { 450 geo_restriction { 451 restriction_type = "whitelist" 452 locations = [ "US", "CA", "GB", "DE" ] 453 } 454 } 455 viewer_certificate { 456 cloudfront_default_certificate = true 457 } 458 %s 459 } 460 `, rand.New(rand.NewSource(time.Now().UnixNano())).Int(), testAccAWSCloudFrontDistributionRetainConfig()) 461 462 var testAccAWSCloudFrontDistributionMultiOriginConfig = fmt.Sprintf(` 463 variable rand_id { 464 default = %d 465 } 466 467 resource "aws_s3_bucket" "s3_bucket" { 468 bucket = "mybucket.${var.rand_id}.s3.amazonaws.com" 469 acl = "public-read" 470 } 471 472 resource "aws_cloudfront_distribution" "multi_origin_distribution" { 473 origin { 474 domain_name = "${aws_s3_bucket.s3_bucket.id}" 475 origin_id = "myS3Origin" 476 } 477 origin { 478 domain_name = "www.example.com" 479 origin_id = "myCustomOrigin" 480 custom_origin_config { 481 http_port = 80 482 https_port = 443 483 origin_protocol_policy = "http-only" 484 origin_ssl_protocols = [ "SSLv3", "TLSv1" ] 485 } 486 } 487 enabled = true 488 comment = "Some comment" 489 default_root_object = "index.html" 490 logging_config { 491 include_cookies = false 492 bucket = "mylogs.${var.rand_id}.s3.amazonaws.com" 493 prefix = "myprefix" 494 } 495 aliases = [ "mysite.${var.rand_id}.example.com", "*.yoursite.${var.rand_id}.example.com" ] 496 default_cache_behavior { 497 allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] 498 cached_methods = [ "GET", "HEAD" ] 499 target_origin_id = "myS3Origin" 500 smooth_streaming = true 501 forwarded_values { 502 query_string = false 503 cookies { 504 forward = "all" 505 } 506 } 507 min_ttl = 100 508 default_ttl = 100 509 max_ttl = 100 510 viewer_protocol_policy = "allow-all" 511 } 512 cache_behavior { 513 allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] 514 cached_methods = [ "GET", "HEAD" ] 515 target_origin_id = "myS3Origin" 516 forwarded_values { 517 query_string = true 518 cookies { 519 forward = "none" 520 } 521 } 522 min_ttl = 50 523 default_ttl = 50 524 max_ttl = 50 525 viewer_protocol_policy = "allow-all" 526 path_pattern = "images1/*.jpg" 527 } 528 cache_behavior { 529 allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] 530 cached_methods = [ "GET", "HEAD" ] 531 target_origin_id = "myCustomOrigin" 532 forwarded_values { 533 query_string = true 534 cookies { 535 forward = "none" 536 } 537 } 538 min_ttl = 50 539 default_ttl = 50 540 max_ttl = 50 541 viewer_protocol_policy = "allow-all" 542 path_pattern = "images2/*.jpg" 543 } 544 price_class = "PriceClass_All" 545 custom_error_response { 546 error_code = 404 547 response_page_path = "/error-pages/404.html" 548 response_code = 200 549 error_caching_min_ttl = 30 550 } 551 restrictions { 552 geo_restriction { 553 restriction_type = "none" 554 } 555 } 556 viewer_certificate { 557 cloudfront_default_certificate = true 558 } 559 %s 560 } 561 `, rand.New(rand.NewSource(time.Now().UnixNano())).Int(), testAccAWSCloudFrontDistributionRetainConfig()) 562 563 var testAccAWSCloudFrontDistributionNoCustomErroResponseInfo = fmt.Sprintf(` 564 variable rand_id { 565 default = %d 566 } 567 568 resource "aws_cloudfront_distribution" "no_custom_error_responses" { 569 origin { 570 domain_name = "www.example.com" 571 origin_id = "myCustomOrigin" 572 custom_origin_config { 573 http_port = 80 574 https_port = 443 575 origin_protocol_policy = "http-only" 576 origin_ssl_protocols = [ "SSLv3", "TLSv1" ] 577 } 578 } 579 enabled = true 580 comment = "Some comment" 581 default_cache_behavior { 582 allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] 583 cached_methods = [ "GET", "HEAD" ] 584 target_origin_id = "myCustomOrigin" 585 smooth_streaming = false 586 forwarded_values { 587 query_string = false 588 cookies { 589 forward = "all" 590 } 591 } 592 viewer_protocol_policy = "allow-all" 593 min_ttl = 0 594 default_ttl = 3600 595 max_ttl = 86400 596 } 597 custom_error_response { 598 error_code = 404 599 error_caching_min_ttl = 30 600 } 601 restrictions { 602 geo_restriction { 603 restriction_type = "whitelist" 604 locations = [ "US", "CA", "GB", "DE" ] 605 } 606 } 607 viewer_certificate { 608 cloudfront_default_certificate = true 609 } 610 %s 611 } 612 `, rand.New(rand.NewSource(time.Now().UnixNano())).Int(), testAccAWSCloudFrontDistributionRetainConfig()) 613 614 var testAccAWSCloudFrontDistributionNoOptionalItemsConfig = fmt.Sprintf(` 615 variable rand_id { 616 default = %d 617 } 618 619 resource "aws_cloudfront_distribution" "no_optional_items" { 620 origin { 621 domain_name = "www.example.com" 622 origin_id = "myCustomOrigin" 623 custom_origin_config { 624 http_port = 80 625 https_port = 443 626 origin_protocol_policy = "http-only" 627 origin_ssl_protocols = [ "SSLv3", "TLSv1" ] 628 } 629 } 630 enabled = true 631 comment = "Some comment" 632 default_cache_behavior { 633 allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] 634 cached_methods = [ "GET", "HEAD" ] 635 target_origin_id = "myCustomOrigin" 636 smooth_streaming = false 637 forwarded_values { 638 query_string = false 639 cookies { 640 forward = "all" 641 } 642 } 643 viewer_protocol_policy = "allow-all" 644 min_ttl = 0 645 default_ttl = 3600 646 max_ttl = 86400 647 } 648 restrictions { 649 geo_restriction { 650 restriction_type = "whitelist" 651 locations = [ "US", "CA", "GB", "DE" ] 652 } 653 } 654 viewer_certificate { 655 cloudfront_default_certificate = true 656 } 657 %s 658 } 659 `, rand.New(rand.NewSource(time.Now().UnixNano())).Int(), testAccAWSCloudFrontDistributionRetainConfig()) 660 661 var testAccAWSCloudFrontDistributionHTTP11Config = fmt.Sprintf(` 662 variable rand_id { 663 default = %d 664 } 665 666 resource "aws_cloudfront_distribution" "http_1_1" { 667 origin { 668 domain_name = "www.example.com" 669 origin_id = "myCustomOrigin" 670 custom_origin_config { 671 http_port = 80 672 https_port = 443 673 origin_protocol_policy = "http-only" 674 origin_ssl_protocols = [ "SSLv3", "TLSv1" ] 675 } 676 } 677 enabled = true 678 comment = "Some comment" 679 default_cache_behavior { 680 allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] 681 cached_methods = [ "GET", "HEAD" ] 682 target_origin_id = "myCustomOrigin" 683 smooth_streaming = false 684 forwarded_values { 685 query_string = false 686 cookies { 687 forward = "all" 688 } 689 } 690 viewer_protocol_policy = "allow-all" 691 min_ttl = 0 692 default_ttl = 3600 693 max_ttl = 86400 694 } 695 http_version = "http1.1" 696 restrictions { 697 geo_restriction { 698 restriction_type = "whitelist" 699 locations = [ "US", "CA", "GB", "DE" ] 700 } 701 } 702 viewer_certificate { 703 cloudfront_default_certificate = true 704 } 705 %s 706 } 707 `, rand.New(rand.NewSource(time.Now().UnixNano())).Int(), testAccAWSCloudFrontDistributionRetainConfig())