markups

Author: BenRamchandani

README.md

@@ -241,6 +241,8 @@ CloudFront distributions with HTTPS aliases require valid SSL certificates to cr
 If you're creating the distributions without valid SSL certificates (for example, so that you can give DLUHC all the records in one go)
 then set `domain = null` for each distribution to create without aliases.
 
+The production Delta website has an origin read timeout above the standard quota limit of 60 seconds, so request an increase through the console if you're using that.
+
 ```sh
 terraform apply -target module.public_albs -target module.cloudfront_distributions
 ```

terraform/modules/api_cloudfront/variables.tf

@@ -54,7 +54,3 @@ variable "apply_aws_shield" {
 variable "swagger_s3_log_expiration_days" {
   type = number
 }
-
-variable "error_page_bucket_domain" {
-  type = string
-}

terraform/modules/cloudfront_distribution/variables.tf

@@ -50,7 +50,3 @@ variable "function_associations" {
   type    = list(object({ event_type = string, function_arn = string }))
   default = []
 }
-
-variable "error_page_bucket_domain" {
-  type = string
-}

terraform/modules/cloudfront_distributions/main.tf

@@ -59,8 +59,6 @@ module "delta_cloudfront" {
   cloudfront_domain              = var.delta.domain
   is_ipv6_enabled                = var.delta.ip_allowlist == null
   geo_restriction_countries      = var.delta.geo_restriction_countries
-  geo_restriction_enabled        = var.delta.disable_geo_restriction != true
-  environment                    = var.environment
   apply_aws_shield               = var.apply_aws_shield
   origin_read_timeout            = var.delta.origin_read_timeout
 }
@@ -94,7 +92,6 @@ module "keycloak_cloudfront" {
   geo_restriction_countries      = var.keycloak.geo_restriction_countries
   apply_aws_shield               = var.apply_aws_shield
   function_associations          = [{ event_type = "viewer-request", function_arn = aws_cloudfront_function.keycloak_request.arn }]
-  error_page_bucket_domain       = module.swagger_bucket.bucket_regional_domain_name
 }
 
 module "cpm_cloudfront" {

terraform/modules/website_cloudfront/variables.tf

@@ -48,6 +48,6 @@ variable "apply_aws_shield" {
 
 variable "origin_read_timeout" {
   type        = number
-  description = "Read timeout for the website origin"
+  description = "Read timeout for the website origin in seconds. Note that the default quota limit for this is 60, to increase above that request a quota increase first."
   default     = 60
 }

terraform/production/main.tf

@@ -232,7 +232,7 @@ module "cloudfront_distributions" {
     }
     ip_allowlist              = local.cloudfront_ip_allowlists.delta_website
     geo_restriction_countries = ["GB", "IE"]
-    origin_read_timeout       = 180
+    origin_read_timeout       = 180 # Required quota increase
   }
   api = {
     alb = module.public_albs.delta_api