Set cookies passing to none (#2045)

bcgov · Jul 23, 2024 · 049dd70 · 049dd70
1 parent 3834657
commit 049dd70
Showing 1 changed file with 11 additions and 64 deletions.
diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf
@@ -33,15 +33,6 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_client" {
   is_ipv6_enabled = true
   comment         = "geofencing"
 
-  //	- logging should probably be in a central location (centralized-logging account?) - in an aggregated/shared bucket and perhaps also synced into a bucket within the account where the aws-login app is deployed
-  //	- prefix should follow SEA convention like <account>/<region>/<service name> eg. 12345678/ca-central-1/cloudfront
-  //
-  //  logging_config {
-  //    include_cookies = false
-  //    bucket          = "<mylogs>.s3.amazonaws.com"
-  //    prefix          = "geofencing"
-  //  }
-
   default_cache_behavior {
     allowed_methods = [
       "DELETE",
@@ -60,7 +51,7 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_client" {
       headers      = ["Origin", "Authorization"]
 
       cookies {
-        forward = "all"
+        forward = "none"
       }
     }
 
@@ -188,15 +179,6 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_server" {
   is_ipv6_enabled = true
   comment         = "geofencing"
 
-  //	- logging should probably be in a central location (centralized-logging account?) - in an aggregated/shared bucket and perhaps also synced into a bucket within the account where the aws-login app is deployed
-  //	- prefix should follow SEA convention like <account>/<region>/<service name> eg. 12345678/ca-central-1/cloudfront
-  //
-  //  logging_config {
-  //    include_cookies = false
-  //    bucket          = "<mylogs>.s3.amazonaws.com"
-  //    prefix          = "geofencing"
-  //  }
-
   default_cache_behavior {
     allowed_methods = [
       "DELETE",
@@ -215,7 +197,7 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_server" {
       headers      = ["Origin"]
 
       cookies {
-        forward = "all"
+        forward = "none"
       }
     }
 
@@ -296,15 +278,6 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_nginx" {
   is_ipv6_enabled = true
   comment         = "geofencing"
 
-  //	- logging should probably be in a central location (centralized-logging account?) - in an aggregated/shared bucket and perhaps also synced into a bucket within the account where the aws-login app is deployed
-  //	- prefix should follow SEA convention like <account>/<region>/<service name> eg. 12345678/ca-central-1/cloudfront
-  //
-  //  logging_config {
-  //    include_cookies = false
-  //    bucket          = "<mylogs>.s3.amazonaws.com"
-  //    prefix          = "geofencing"
-  //  }
-
   default_cache_behavior {
     allowed_methods = [
       "DELETE",
@@ -323,7 +296,7 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_nginx" {
       headers      = ["Origin", "Authorization", "X-API-KEY", "apikey"]
 
       cookies {
-        forward = "all"
+        forward = "none"
       }
     }
 
@@ -385,7 +358,7 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_nginx" {
       headers      = ["Origin", "Authorization", "X-API-KEY", "apikey"]
 
       cookies {
-        forward = "all"
+        forward = "none"
       }
     }
 
@@ -440,14 +413,6 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_gov_client" {
   is_ipv6_enabled = true
   comment         = "geofencing"
 
-  //	- logging should probably be in a central location (centralized-logging account?) - in an aggregated/shared bucket and perhaps also synced into a bucket within the account where the aws-login app is deployed
-  //	- prefix should follow SEA convention like <account>/<region>/<service name> eg. 12345678/ca-central-1/cloudfront
-  //
-  //  logging_config {
-  //    include_cookies = false
-  //    bucket          = "<mylogs>.s3.amazonaws.com"
-  //    prefix          = "geofencing"
-  //  }
 
   default_cache_behavior {
     allowed_methods = [
@@ -467,7 +432,7 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_gov_client" {
       headers      = ["Origin", "Authorization"]
 
       cookies {
-        forward = "all"
+        forward = "none"
       }
     }
 
@@ -547,15 +512,6 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_gov_api" {
   is_ipv6_enabled = true
   comment         = "geofencing"
 
-  //	- logging should probably be in a central location (centralized-logging account?) - in an aggregated/shared bucket and perhaps also synced into a bucket within the account where the aws-login app is deployed
-  //	- prefix should follow SEA convention like <account>/<region>/<service name> eg. 12345678/ca-central-1/cloudfront
-  //
-  //  logging_config {
-  //    include_cookies = false
-  //    bucket          = "<mylogs>.s3.amazonaws.com"
-  //    prefix          = "geofencing"
-  //  }
-
   default_cache_behavior {
     allowed_methods = [
       "DELETE",
@@ -576,7 +532,7 @@ resource "aws_cloudfront_distribution" "wfnews_geofencing_gov_api" {
       headers      = ["Origin", "Authorization"]
 
       cookies {
-        forward = "all"
+        forward = "none"
       }
     }
 
@@ -687,15 +643,6 @@ resource "aws_cloudfront_distribution" "wfss_pointid_api" {
   enabled         = true
   is_ipv6_enabled = true
 
-  //	- logging should probably be in a central location (centralized-logging account?) - in an aggregated/shared bucket and perhaps also synced into a bucket within the account where the aws-login app is deployed
-  //	- prefix should follow SEA convention like <account>/<region>/<service name> eg. 12345678/ca-central-1/cloudfront
-  //
-  //  logging_config {
-  //    include_cookies = false
-  //    bucket          = "<mylogs>.s3.amazonaws.com"
-  //    prefix          = "geofencing"
-  //  }
-
   default_cache_behavior {
     allowed_methods = [
       "DELETE",
@@ -716,7 +663,7 @@ resource "aws_cloudfront_distribution" "wfss_pointid_api" {
       headers      = ["Origin"]
 
       cookies {
-        forward = "all"
+        forward = "none"
       }
     }
 
@@ -815,7 +762,7 @@ resource "aws_cloudfront_distribution" "wfone_notifications_api" {
       headers      = ["Origin"]
 
       cookies {
-        forward = "all"
+        forward = "none"
       }
     }
 
@@ -892,7 +839,7 @@ resource "aws_cloudfront_distribution" "wfnews_redirect_receiver" {
       headers      = ["Origin", "Authorization", "X-API-KEY", "apikey"]
 
       cookies {
-        forward = "all"
+        forward = "none"
       }
     }
 
@@ -959,7 +906,7 @@ resource "aws_cloudfront_distribution" "wfnews_openmaps_cache" {
       headers      = ["Origin", "Authorization"]
 
       cookies {
-        forward = "all"
+        forward = "none"
       }
     }
 
@@ -1026,7 +973,7 @@ resource "aws_cloudfront_distribution" "wfnews_services6_cache" {
       headers      = ["Origin", "Authorization"]
 
       cookies {
-        forward = "all"
+        forward = "none"
       }
     }