data "akamai_property_rules_template" "template-update" { | |||||
template_file = abspath("${path.root}/property-snippets/main.json") | |||||
variables { | |||||
name = "secure" | |||||
value = "${var.secure}" | |||||
type = "bool" | |||||
} | |||||
variables { | |||||
name = "origin" | |||||
value = "${var.origin}" | |||||
type = "string" | |||||
} | |||||
variables { | |||||
name = "cpcodeId" | |||||
value = "${var.cpcodeId}" | |||||
type = "number" | |||||
} | |||||
variables { | |||||
name = "cpcodeName" | |||||
value = "${var.cpcodeName}" | |||||
type = "string" | |||||
} | |||||
} | |||||
resource "akamai_property" "ion_premier" { | |||||
name = "${var.UserID}-${var.program}" | |||||
product_id = "prd_SPM" | |||||
contract_id = "ctr_${var.contract_id}" | |||||
group_id = "grp_${var.group_id}" | |||||
hostnames { | |||||
cname_from = "${var.UserID}${var.program}.${var.hostname}" | |||||
cname_to = var.edge_hostname | |||||
cert_provisioning_type = "CPS_MANAGED" | |||||
} | |||||
rule_format = "latest" | |||||
rules = data.akamai_property_rules_template.template-update.json | |||||
} | |||||
output "property_id" { | |||||
value = "${akamai_property.ion_premier.id}" | |||||
} | |||||
output "property_version" { | |||||
value = "${akamai_property.ion_premier.latest_version}" | |||||
} | |||||
resource "akamai_property_activation" "activation_staging" { | |||||
property_id = "${akamai_property.ion_premier.id}" | |||||
version = "${akamai_property.ion_premier.latest_version}" | |||||
network = "${var.network}" | |||||
contact = ["${var.email}"] | |||||
note = "Automatic deployment for CLI Lab" | |||||
auto_acknowledge_rule_warnings = true | |||||
} |
{ | |||||
"rules": { | |||||
"name": "default", | |||||
"children": [ | |||||
"#include:augment_insights.json", | |||||
"#include:accelerate_delivery.json", | |||||
"#include:increase_availability.json", | |||||
"#include:minimize_payload.json", | |||||
"#include:offload_origin.json", | |||||
"#include:strengthen_security.json" | |||||
], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "origin", | |||||
"options": { | |||||
"cacheKeyHostname": "REQUEST_HOST_HEADER", | |||||
"compress": true, | |||||
"enableTrueClientIp": true, | |||||
"forwardHostHeader": "REQUEST_HOST_HEADER", | |||||
"httpPort": 80, | |||||
"httpsPort": 443, | |||||
"originCertificate": "", | |||||
"originSni": true, | |||||
"originType": "CUSTOMER", | |||||
"ports": "", | |||||
"trueClientIpClientSetting": false, | |||||
"trueClientIpHeader": "True-Client-IP", | |||||
"verificationMode": "PLATFORM_SETTINGS", | |||||
"hostname": "${env.origin}" | |||||
} | |||||
} | |||||
], | |||||
"options": { | |||||
"is_secure": "${env.secure}" | |||||
}, | |||||
"comments": "The behaviors in the Default Rule apply to all requests for the property hostnames unless another rule overrides the Default Rule settings." | |||||
} | |||||
} |
variable "edgerc" { | |||||
type = string | |||||
default = "~/.edgerc" | |||||
} | |||||
variable "section" { | |||||
type = string | |||||
default = "default" | |||||
} | |||||
variable "UserID" { | |||||
type = string | |||||
} | |||||
variable "contract_id" { | |||||
type = string | |||||
default = "W-KXID8R" | |||||
} | |||||
variable "group_id" { | |||||
type = string | |||||
default = "240742" | |||||
} | |||||
variable "origin" { | |||||
type = string | |||||
default = "juiceshopdevops.akaorigin.com" | |||||
} | |||||
variable "cpcodeId" { | |||||
type = number | |||||
default = 1519758 | |||||
} | |||||
variable "cpcodeName" { | |||||
type = string | |||||
default = "CLILabs" | |||||
} | |||||
variable "secure" { | |||||
type = bool | |||||
default = true | |||||
} | |||||
variable "network" { | |||||
default = "STAGING" | |||||
} | |||||
variable "hostname" { | |||||
type = string | |||||
default = "akaudevops.com" | |||||
} | |||||
variable "edge_hostname" { | |||||
type = string | |||||
default = "akaudevops.com.edgekey.net" | |||||
} | |||||
variable "program" { | |||||
type = string | |||||
default = "clilab" | |||||
} | |||||
variable "email" { | |||||
type = string | |||||
} |
terraform { | |||||
required_providers { | |||||
akamai = { | |||||
source = "akamai/akamai" | |||||
version = "5.2.0" | |||||
} | |||||
} | |||||
} | |||||
provider "akamai" { | |||||
edgerc = var.edgerc | |||||
config_section = var.section | |||||
} |
data "akamai_property_rules_template" "template-update" { | |||||
template_file = abspath("${path.root}/property-snippets/main.json") | |||||
variables { | |||||
name = "secure" | |||||
value = "${var.secure}" | |||||
type = "bool" | |||||
} | |||||
variables { | |||||
name = "origin" | |||||
value = "${var.origin}" | |||||
type = "string" | |||||
} | |||||
variables { | |||||
name = "cpcodeId" | |||||
value = "${var.cpcodeId}" | |||||
type = "number" | |||||
} | |||||
variables { | |||||
name = "cpcodeName" | |||||
value = "${var.cpcodeName}" | |||||
type = "string" | |||||
} | |||||
} | |||||
resource "akamai_property" "ion_premier" { | |||||
name = "${var.UserID}-${var.program}" | |||||
product_id = "prd_SPM" | |||||
contract_id = "ctr_${var.contract_id}" | |||||
group_id = "grp_${var.group_id}" | |||||
hostnames { | |||||
cname_from = "${var.UserID}${var.program}.${var.hostname}" | |||||
cname_to = var.edge_hostname | |||||
cert_provisioning_type = "CPS_MANAGED" | |||||
} | |||||
rule_format = "latest" | |||||
rules = data.akamai_property_rules_template.template-update.json | |||||
} | |||||
output "property_id" { | |||||
value = "${akamai_property.ion_premier.id}" | |||||
} | |||||
output "property_version" { | |||||
value = "${akamai_property.ion_premier.latest_version}" | |||||
} | |||||
resource "akamai_property_activation" "activation_staging" { | |||||
property_id = "${akamai_property.ion_premier.id}" | |||||
version = "${akamai_property.ion_premier.latest_version}" | |||||
network = "${var.network}" | |||||
contact = ["${var.email}"] | |||||
note = "Automatic deployment for PowerShell Lab" | |||||
auto_acknowledge_rule_warnings = true | |||||
} |
{ | |||||
"name": "Accelerate delivery", | |||||
"children": [ | |||||
{ | |||||
"name": "Origin connectivity", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "dnsAsyncRefresh", | |||||
"options": { | |||||
"enabled": true, | |||||
"timeout": "1h" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "timeout", | |||||
"options": { | |||||
"value": "5s" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "readTimeout", | |||||
"options": { | |||||
"value": "120s" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Optimize the connection between edge and origin." | |||||
}, | |||||
{ | |||||
"name": "Protocol optimizations", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "enhancedAkamaiProtocol", | |||||
"options": { | |||||
"display": "" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "http2", | |||||
"options": { | |||||
"enabled": "" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "allowTransferEncoding", | |||||
"options": { | |||||
"enabled": true | |||||
} | |||||
}, | |||||
{ | |||||
"name": "sureRoute", | |||||
"options": { | |||||
"enableCustomKey": false, | |||||
"enabled": true, | |||||
"forceSslForward": false, | |||||
"raceStatTtl": "30m", | |||||
"srDownloadLinkTitle": "", | |||||
"testObjectUrl": "/akamai/sure-route-test-object.html", | |||||
"toHostStatus": "INCOMING_HH", | |||||
"type": "PERFORMANCE" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Serve your website using modern and fast protocols." | |||||
}, | |||||
{ | |||||
"name": "Prefetching", | |||||
"children": [ | |||||
{ | |||||
"name": "Prefetching objects", | |||||
"children": [ | |||||
{ | |||||
"name": "Bots", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "prefetch", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "userAgent", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"matchWildcard": true, | |||||
"values": [ | |||||
"*bot*", | |||||
"*crawl*", | |||||
"*spider*" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Disable prefetching for specific clients identifying themselves as bots and crawlers. This avoids requesting unnecessary resources from the origin." | |||||
} | |||||
], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "prefetch", | |||||
"options": { | |||||
"enabled": true | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Define for which HTML pages prefetching should be enabled." | |||||
}, | |||||
{ | |||||
"name": "Prefetchable objects", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "prefetchable", | |||||
"options": { | |||||
"enabled": true | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "fileExtension", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"values": [ | |||||
"css", | |||||
"js", | |||||
"jpg", | |||||
"jpeg", | |||||
"jp2", | |||||
"png", | |||||
"gif", | |||||
"svg", | |||||
"svgz", | |||||
"webp", | |||||
"eot", | |||||
"woff", | |||||
"woff2", | |||||
"otf", | |||||
"ttf" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Define which resources should be prefetched." | |||||
} | |||||
], | |||||
"behaviors": [], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Instruct edge servers to retrieve embedded resources before the browser requests them." | |||||
}, | |||||
{ | |||||
"name": "Adaptive acceleration", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "adaptiveAcceleration", | |||||
"options": { | |||||
"abLogic": "DISABLED", | |||||
"enableBrotliCompression": false, | |||||
"enablePreconnect": true, | |||||
"enablePush": true, | |||||
"enableRo": false, | |||||
"preloadEnable": true, | |||||
"source": "mPulse", | |||||
"titleHttp2ServerPush": "", | |||||
"titlePreconnect": "", | |||||
"titlePreload": "", | |||||
"titleRo": "" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Automatically and continuously apply performance optimizations to your website using machine learning." | |||||
} | |||||
], | |||||
"behaviors": [], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Control the settings related to improving the performance of delivering objects to your users." | |||||
} |
{ | |||||
"name": "Augment insights", | |||||
"children": [ | |||||
{ | |||||
"name": "Traffic reporting", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "cpCode", | |||||
"options": { | |||||
"value": { | |||||
"id": "${env.cpcodeId}", | |||||
"name": "${env.cpcodeName}" | |||||
} | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Identify your main traffic segments so you can granularly zoom in your traffic statistics like hits, bandwidth, offload, response codes, and errors." | |||||
}, | |||||
{ | |||||
"name": "mPulse RUM", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "mPulse", | |||||
"options": { | |||||
"apiKey": "", | |||||
"bufferSize": "", | |||||
"configOverride": "", | |||||
"enabled": true, | |||||
"loaderVersion": "V12", | |||||
"requirePci": false, | |||||
"titleOptional": "" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Collect and analyze real-user data to monitor the performance of your website." | |||||
}, | |||||
{ | |||||
"name": "Geolocation", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "edgeScape", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "requestType", | |||||
"options": { | |||||
"matchOperator": "IS", | |||||
"value": "CLIENT_REQ" | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Receive data about a user's geolocation and connection speed in a request header. If you change cached content based on the values of the X-Akamai-Edgescape request header, contact your account representative." | |||||
}, | |||||
{ | |||||
"name": "Log delivery", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "report", | |||||
"options": { | |||||
"logAcceptLanguage": false, | |||||
"logCookies": "OFF", | |||||
"logCustomLogField": false, | |||||
"logEdgeIP": false, | |||||
"logHost": false, | |||||
"logReferer": false, | |||||
"logUserAgent": false, | |||||
"logXForwardedFor": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Specify the level of detail you want to be logged in your Log Delivery Service reports. Log User-Agent Header to obtain detailed information in the Traffic by Browser and OS report." | |||||
} | |||||
], | |||||
"behaviors": [], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Control the settings related to monitoring and reporting. This gives you additional visibility into your traffic and audiences." | |||||
} |
{ | |||||
"name": "Increase availability", | |||||
"children": [ | |||||
{ | |||||
"name": "Simulate failover", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "breakConnection", | |||||
"options": { | |||||
"enabled": true | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "contentDeliveryNetwork", | |||||
"options": { | |||||
"matchOperator": "IS", | |||||
"network": "STAGING" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "requestHeader", | |||||
"options": { | |||||
"headerName": "breakconnection", | |||||
"matchCaseSensitiveValue": true, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"matchWildcardName": false, | |||||
"matchWildcardValue": false, | |||||
"values": [ | |||||
"Your-Secret-Here" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Simulate an origin connection problem and test the site failover configuration on the CDN staging network." | |||||
}, | |||||
{ | |||||
"name": "Site failover", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "failAction", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "originTimeout", | |||||
"options": { | |||||
"matchOperator": "ORIGIN_TIMED_OUT" | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "any", | |||||
"comments": "Specify how edge servers respond when the origin is not available." | |||||
}, | |||||
{ | |||||
"name": "Origin health", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "healthDetection", | |||||
"options": { | |||||
"maximumReconnects": 3, | |||||
"retryCount": 3, | |||||
"retryInterval": "10s" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Monitor the health of your origin by tracking unsuccessful IP connection attempts." | |||||
}, | |||||
{ | |||||
"name": "Script management", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "scriptManagement", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Enable Script Management to minimize performance and availability impacts from third-party JavaScripts." | |||||
} | |||||
], | |||||
"behaviors": [], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Control how to respond when your origin or third parties are slow or even down to minimize the negative impact on user experience." | |||||
} |
{ | |||||
"rules": { | |||||
"name": "default", | |||||
"children": [ | |||||
"#include:augment_insights.json", | |||||
"#include:accelerate_delivery.json", | |||||
"#include:increase_availability.json", | |||||
"#include:minimize_payload.json", | |||||
"#include:offload_origin.json", | |||||
"#include:strengthen_security.json" | |||||
], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "origin", | |||||
"options": { | |||||
"cacheKeyHostname": "REQUEST_HOST_HEADER", | |||||
"compress": true, | |||||
"enableTrueClientIp": true, | |||||
"forwardHostHeader": "REQUEST_HOST_HEADER", | |||||
"httpPort": 80, | |||||
"httpsPort": 443, | |||||
"originCertificate": "", | |||||
"originSni": true, | |||||
"originType": "CUSTOMER", | |||||
"ports": "", | |||||
"trueClientIpClientSetting": false, | |||||
"trueClientIpHeader": "True-Client-IP", | |||||
"verificationMode": "PLATFORM_SETTINGS", | |||||
"hostname": "${env.origin}" | |||||
} | |||||
} | |||||
], | |||||
"options": { | |||||
"is_secure": "${env.secure}" | |||||
}, | |||||
"comments": "The behaviors in the Default Rule apply to all requests for the property hostnames unless another rule overrides the Default Rule settings." | |||||
} | |||||
} |
{ | |||||
"name": "Minimize payload", | |||||
"children": [ | |||||
{ | |||||
"name": "Compressible objects", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "gzipResponse", | |||||
"options": { | |||||
"behavior": "ALWAYS" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "contentType", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"matchWildcard": true, | |||||
"values": [ | |||||
"application/*javascript*", | |||||
"application/*json*", | |||||
"application/*xml*", | |||||
"application/text*", | |||||
"application/vnd-ms-fontobject", | |||||
"application/vnd.microsoft.icon", | |||||
"application/x-font-opentype", | |||||
"application/x-font-truetype", | |||||
"application/x-font-ttf", | |||||
"application/xmlfont/eot", | |||||
"font/eot", | |||||
"font/opentype", | |||||
"font/otf", | |||||
"image/svg+xml", | |||||
"image/vnd.microsoft.icon", | |||||
"image/x-icon", | |||||
"text/*", | |||||
"application/octet-stream*", | |||||
"application/x-font-eot*", | |||||
"font/ttf", | |||||
"application/font-ttf", | |||||
"application/font-sfnt", | |||||
"application/x-tgif" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Serve gzip compressed content for text-based formats." | |||||
} | |||||
], | |||||
"behaviors": [], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Control the settings that reduce the size of the delivered content and decrease the number of bytes sent by your properties. This allows you to cut down the network overhead of your website or API." | |||||
} |
{ | |||||
"name": "Offload origin", | |||||
"children": [ | |||||
{ | |||||
"name": "CSS and JavaScript", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "caching", | |||||
"options": { | |||||
"behavior": "MAX_AGE", | |||||
"mustRevalidate": false, | |||||
"ttl": "7d" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "fileExtension", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"values": [ | |||||
"css", | |||||
"js" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "any", | |||||
"comments": "Override the default caching behavior for CSS and JavaScript" | |||||
}, | |||||
{ | |||||
"name": "Fonts", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "caching", | |||||
"options": { | |||||
"behavior": "MAX_AGE", | |||||
"mustRevalidate": false, | |||||
"ttl": "30d" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "fileExtension", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"values": [ | |||||
"eot", | |||||
"woff", | |||||
"woff2", | |||||
"otf", | |||||
"ttf" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "any", | |||||
"comments": "Override the default caching behavior for fonts." | |||||
}, | |||||
{ | |||||
"name": "Images", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "caching", | |||||
"options": { | |||||
"behavior": "MAX_AGE", | |||||
"mustRevalidate": false, | |||||
"ttl": "30d" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "fileExtension", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"values": [ | |||||
"jpg", | |||||
"jpeg", | |||||
"png", | |||||
"gif", | |||||
"webp", | |||||
"jp2", | |||||
"ico", | |||||
"svg", | |||||
"svgz" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "any", | |||||
"comments": "Override the default caching behavior for images." | |||||
}, | |||||
{ | |||||
"name": "Files", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "caching", | |||||
"options": { | |||||
"behavior": "MAX_AGE", | |||||
"mustRevalidate": false, | |||||
"ttl": "7d" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "fileExtension", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"values": [ | |||||
"pdf", | |||||
"doc", | |||||
"docx", | |||||
"odt" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "any", | |||||
"comments": "Override the default caching behavior for files. Files containing Personal Identified Information (PII) should require Edge authentication or not be cached at all." | |||||
}, | |||||
{ | |||||
"name": "Other static objects", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "caching", | |||||
"options": { | |||||
"behavior": "MAX_AGE", | |||||
"mustRevalidate": false, | |||||
"ttl": "7d" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "fileExtension", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"values": [ | |||||
"aif", | |||||
"aiff", | |||||
"au", | |||||
"avi", | |||||
"bin", | |||||
"bmp", | |||||
"cab", | |||||
"carb", | |||||
"cct", | |||||
"cdf", | |||||
"class", | |||||
"dcr", | |||||
"dtd", | |||||
"exe", | |||||
"flv", | |||||
"gcf", | |||||
"gff", | |||||
"grv", | |||||
"hdml", | |||||
"hqx", | |||||
"ini", | |||||
"mov", | |||||
"mp3", | |||||
"nc", | |||||
"pct", | |||||
"ppc", | |||||
"pws", | |||||
"swa", | |||||
"swf", | |||||
"txt", | |||||
"vbs", | |||||
"w32", | |||||
"wav", | |||||
"midi", | |||||
"wbmp", | |||||
"wml", | |||||
"wmlc", | |||||
"wmls", | |||||
"wmlsc", | |||||
"xsd", | |||||
"zip", | |||||
"pict", | |||||
"tif", | |||||
"tiff", | |||||
"mid", | |||||
"jxr", | |||||
"jar" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "any", | |||||
"comments": "Override the default caching behavior for other static objects." | |||||
}, | |||||
{ | |||||
"name": "HTML pages", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "caching", | |||||
"options": { | |||||
"behavior": "NO_STORE" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "cacheKeyQueryParams", | |||||
"options": { | |||||
"behavior": "IGNORE", | |||||
"exactMatch": true, | |||||
"parameters": [ | |||||
"gclid", | |||||
"fbclid", | |||||
"utm_source", | |||||
"utm_campaign", | |||||
"utm_medium", | |||||
"utm_content" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "fileExtension", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"values": [ | |||||
"html", | |||||
"htm", | |||||
"php", | |||||
"jsp", | |||||
"aspx", | |||||
"EMPTY_STRING" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Override the default caching behavior for HTML pages cached on edge servers." | |||||
}, | |||||
{ | |||||
"name": "Redirects", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "cacheRedirect", | |||||
"options": { | |||||
"enabled": "false" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "chaseRedirects", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Configure caching for HTTP redirects. The redirect is cached for the same TTL as a 200 HTTP response when this feature is enabled." | |||||
}, | |||||
{ | |||||
"name": "POST responses", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "cachePost", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Define when HTTP POST requests should be cached. You should enable it under a criteria match." | |||||
}, | |||||
{ | |||||
"name": "GraphQL", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "graphqlCaching", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "path", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "MATCHES_ONE_OF", | |||||
"normalize": false, | |||||
"values": [ | |||||
"/graphql" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Define when your GraphQL queries should be cached." | |||||
}, | |||||
{ | |||||
"name": "Uncacheable objects", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "downstreamCache", | |||||
"options": { | |||||
"behavior": "BUST" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "cacheability", | |||||
"options": { | |||||
"matchOperator": "IS_NOT", | |||||
"value": "CACHEABLE" | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Configure the default client caching behavior for uncacheable content at the edge." | |||||
} | |||||
], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "caching", | |||||
"options": { | |||||
"behavior": "NO_STORE" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "tieredDistribution", | |||||
"options": { | |||||
"enabled": true | |||||
} | |||||
}, | |||||
{ | |||||
"name": "validateEntityTag", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
}, | |||||
{ | |||||
"name": "removeVary", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
}, | |||||
{ | |||||
"name": "cacheError", | |||||
"options": { | |||||
"enabled": true, | |||||
"preserveStale": true, | |||||
"ttl": "10s" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "cacheKeyQueryParams", | |||||
"options": { | |||||
"behavior": "INCLUDE_ALL_ALPHABETIZE_ORDER" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "prefreshCache", | |||||
"options": { | |||||
"enabled": true, | |||||
"prefreshval": 90 | |||||
} | |||||
}, | |||||
{ | |||||
"name": "downstreamCache", | |||||
"options": { | |||||
"allowBehavior": "LESSER", | |||||
"behavior": "ALLOW", | |||||
"sendHeaders": "CACHE_CONTROL", | |||||
"sendPrivate": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Control the settings related to caching content at the edge and in the browser. As a result, fewer requests go to your origin, fewer bytes leave your data centers, and your assets are closer to your users." | |||||
} |
{ | |||||
"name": "Strengthen security", | |||||
"children": [ | |||||
{ | |||||
"name": "Allowed methods", | |||||
"children": [ | |||||
{ | |||||
"name": "POST", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "allowPost", | |||||
"options": { | |||||
"allowWithoutContentLength": false, | |||||
"enabled": true | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Allow use of the POST HTTP request method." | |||||
}, | |||||
{ | |||||
"name": "OPTIONS", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "allowOptions", | |||||
"options": { | |||||
"enabled": true | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Allow use of the OPTIONS HTTP request method." | |||||
}, | |||||
{ | |||||
"name": "PUT", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "allowPut", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Allow use of the PUT HTTP request method." | |||||
}, | |||||
{ | |||||
"name": "DELETE", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "allowDelete", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Allow use of the DELETE HTTP request method." | |||||
}, | |||||
{ | |||||
"name": "PATCH", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "allowPatch", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Allow use of the PATCH HTTP request method." | |||||
} | |||||
], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "allHttpInCacheHierarchy", | |||||
"options": { | |||||
"enabled": true | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Allow the use of HTTP methods. Consider enabling additional methods under a path match for increased origin security." | |||||
}, | |||||
{ | |||||
"name": "Obfuscate debug info", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "cacheTagVisible", | |||||
"options": { | |||||
"behavior": "PRAGMA_HEADER" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Do not expose back-end information unless the request contains the Pragma debug header." | |||||
}, | |||||
{ | |||||
"name": "Obfuscate backend info", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "modifyOutgoingResponseHeader", | |||||
"options": { | |||||
"action": "DELETE", | |||||
"customHeaderName": "X-Powered-By", | |||||
"standardDeleteHeaderName": "OTHER" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "modifyOutgoingResponseHeader", | |||||
"options": { | |||||
"action": "DELETE", | |||||
"customHeaderName": "Server", | |||||
"standardDeleteHeaderName": "OTHER" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "requestHeader", | |||||
"options": { | |||||
"headerName": "X-Akamai-Debug", | |||||
"matchCaseSensitiveValue": true, | |||||
"matchOperator": "IS_NOT_ONE_OF", | |||||
"matchWildcardName": false, | |||||
"matchWildcardValue": false, | |||||
"values": [ | |||||
"true" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Do not expose back-end information unless the request contains an additional secret header. Regularly change the criteria to use a specific unique value for the secret header." | |||||
}, | |||||
{ | |||||
"name": "HSTS", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "httpStrictTransportSecurity", | |||||
"options": { | |||||
"enable": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Require all browsers to connect to your site using HTTPS." | |||||
} | |||||
], | |||||
"behaviors": [], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Control the settings that minimize the information your website shares with clients and malicious entities to reduce your exposure to threats." | |||||
} |
variable "edgerc" { | |||||
type = string | |||||
default = "~/.edgerc" | |||||
} | |||||
variable "section" { | |||||
type = string | |||||
default = "default" | |||||
} | |||||
variable "UserID" { | |||||
type = string | |||||
} | |||||
variable "contract_id" { | |||||
type = string | |||||
default = "W-KXID8R" | |||||
} | |||||
variable "group_id" { | |||||
type = string | |||||
default = "240743" | |||||
} | |||||
variable "origin" { | |||||
type = string | |||||
default = "juiceshopdevops.akaorigin.com" | |||||
} | |||||
variable "cpcodeId" { | |||||
type = number | |||||
default = 1522211 | |||||
} | |||||
variable "cpcodeName" { | |||||
type = string | |||||
default = "PowerShellLabs" | |||||
} | |||||
variable "secure" { | |||||
type = bool | |||||
default = true | |||||
} | |||||
variable "network" { | |||||
default = "STAGING" | |||||
} | |||||
variable "hostname" { | |||||
type = string | |||||
default = "akaudevops.com" | |||||
} | |||||
variable "edge_hostname" { | |||||
type = string | |||||
default = "akaudevops.com.edgekey.net" | |||||
} | |||||
variable "program" { | |||||
type = string | |||||
default = "pwshlab" | |||||
} | |||||
variable "email" { | |||||
type = string | |||||
} |
edgerc = "~/.edgerc" | |||||
section = "" | |||||
contract_id = "" | |||||
group_id = "" | |||||
origin = "" | |||||
cpcode =00000 | |||||
secure = true | |||||
network= "STAGING" | |||||
hostname= "" | |||||
edge_hostname = "" | |||||
program="devops" | |||||
prefix="" |
#!/bin/bash | |||||
echo $PWD && | |||||
cd clilabtf && | |||||
terraform init && | |||||
terraform plan -out=.plan && | |||||
terraform apply .plan && | |||||
cd $OLDPWD |
#!/bin/bash | |||||
echo $PWD && | |||||
cd pwshlabtf && | |||||
terraform init && | |||||
terraform plan -out=.plan && | |||||
terraform apply .plan && | |||||
cd $OLDPWD |
terraform { | |||||
required_providers { | |||||
akamai = { | |||||
source = "akamai/akamai" | |||||
version = "5.2.0" | |||||
} | |||||
} | |||||
} | |||||
provider "akamai" { | |||||
edgerc = var.edgerc | |||||
config_section = var.section | |||||
} |
{ | |||||
"name": "Accelerate delivery", | |||||
"children": [ | |||||
{ | |||||
"name": "Origin connectivity", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "dnsAsyncRefresh", | |||||
"options": { | |||||
"enabled": true, | |||||
"timeout": "1h" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "timeout", | |||||
"options": { | |||||
"value": "5s" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "readTimeout", | |||||
"options": { | |||||
"value": "120s" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Optimize the connection between edge and origin." | |||||
}, | |||||
{ | |||||
"name": "Protocol optimizations", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "enhancedAkamaiProtocol", | |||||
"options": { | |||||
"display": "" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "http2", | |||||
"options": { | |||||
"enabled": "" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "allowTransferEncoding", | |||||
"options": { | |||||
"enabled": true | |||||
} | |||||
}, | |||||
{ | |||||
"name": "sureRoute", | |||||
"options": { | |||||
"enableCustomKey": false, | |||||
"enabled": true, | |||||
"forceSslForward": false, | |||||
"raceStatTtl": "30m", | |||||
"srDownloadLinkTitle": "", | |||||
"testObjectUrl": "/akamai/sure-route-test-object.html", | |||||
"toHostStatus": "INCOMING_HH", | |||||
"type": "PERFORMANCE" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Serve your website using modern and fast protocols." | |||||
}, | |||||
{ | |||||
"name": "Prefetching", | |||||
"children": [ | |||||
{ | |||||
"name": "Prefetching objects", | |||||
"children": [ | |||||
{ | |||||
"name": "Bots", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "prefetch", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "userAgent", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"matchWildcard": true, | |||||
"values": [ | |||||
"*bot*", | |||||
"*crawl*", | |||||
"*spider*" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Disable prefetching for specific clients identifying themselves as bots and crawlers. This avoids requesting unnecessary resources from the origin." | |||||
} | |||||
], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "prefetch", | |||||
"options": { | |||||
"enabled": true | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Define for which HTML pages prefetching should be enabled." | |||||
}, | |||||
{ | |||||
"name": "Prefetchable objects", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "prefetchable", | |||||
"options": { | |||||
"enabled": true | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "fileExtension", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"values": [ | |||||
"css", | |||||
"js", | |||||
"jpg", | |||||
"jpeg", | |||||
"jp2", | |||||
"png", | |||||
"gif", | |||||
"svg", | |||||
"svgz", | |||||
"webp", | |||||
"eot", | |||||
"woff", | |||||
"woff2", | |||||
"otf", | |||||
"ttf" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Define which resources should be prefetched." | |||||
} | |||||
], | |||||
"behaviors": [], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Instruct edge servers to retrieve embedded resources before the browser requests them." | |||||
}, | |||||
{ | |||||
"name": "Adaptive acceleration", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "adaptiveAcceleration", | |||||
"options": { | |||||
"abLogic": "DISABLED", | |||||
"enableBrotliCompression": false, | |||||
"enablePreconnect": true, | |||||
"enablePush": true, | |||||
"enableRo": false, | |||||
"preloadEnable": true, | |||||
"source": "mPulse", | |||||
"titleHttp2ServerPush": "", | |||||
"titlePreconnect": "", | |||||
"titlePreload": "", | |||||
"titleRo": "" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Automatically and continuously apply performance optimizations to your website using machine learning." | |||||
} | |||||
], | |||||
"behaviors": [], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Control the settings related to improving the performance of delivering objects to your users." | |||||
} |
{ | |||||
"name": "Augment insights", | |||||
"children": [ | |||||
{ | |||||
"name": "Traffic reporting", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "cpCode", | |||||
"options": { | |||||
"value": { | |||||
"id": "${env.cpcodeId}", | |||||
"name": "${env.cpcodeName}" | |||||
} | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Identify your main traffic segments so you can granularly zoom in your traffic statistics like hits, bandwidth, offload, response codes, and errors." | |||||
}, | |||||
{ | |||||
"name": "mPulse RUM", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "mPulse", | |||||
"options": { | |||||
"apiKey": "", | |||||
"bufferSize": "", | |||||
"configOverride": "", | |||||
"enabled": true, | |||||
"loaderVersion": "V12", | |||||
"requirePci": false, | |||||
"titleOptional": "" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Collect and analyze real-user data to monitor the performance of your website." | |||||
}, | |||||
{ | |||||
"name": "Geolocation", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "edgeScape", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "requestType", | |||||
"options": { | |||||
"matchOperator": "IS", | |||||
"value": "CLIENT_REQ" | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Receive data about a user's geolocation and connection speed in a request header. If you change cached content based on the values of the X-Akamai-Edgescape request header, contact your account representative." | |||||
}, | |||||
{ | |||||
"name": "Log delivery", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "report", | |||||
"options": { | |||||
"logAcceptLanguage": false, | |||||
"logCookies": "OFF", | |||||
"logCustomLogField": false, | |||||
"logEdgeIP": false, | |||||
"logHost": false, | |||||
"logReferer": false, | |||||
"logUserAgent": false, | |||||
"logXForwardedFor": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Specify the level of detail you want to be logged in your Log Delivery Service reports. Log User-Agent Header to obtain detailed information in the Traffic by Browser and OS report." | |||||
} | |||||
], | |||||
"behaviors": [], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Control the settings related to monitoring and reporting. This gives you additional visibility into your traffic and audiences." | |||||
} |
{ | |||||
"name": "Increase availability", | |||||
"children": [ | |||||
{ | |||||
"name": "Simulate failover", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "breakConnection", | |||||
"options": { | |||||
"enabled": true | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "contentDeliveryNetwork", | |||||
"options": { | |||||
"matchOperator": "IS", | |||||
"network": "STAGING" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "requestHeader", | |||||
"options": { | |||||
"headerName": "breakconnection", | |||||
"matchCaseSensitiveValue": true, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"matchWildcardName": false, | |||||
"matchWildcardValue": false, | |||||
"values": [ | |||||
"Your-Secret-Here" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Simulate an origin connection problem and test the site failover configuration on the CDN staging network." | |||||
}, | |||||
{ | |||||
"name": "Site failover", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "failAction", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "originTimeout", | |||||
"options": { | |||||
"matchOperator": "ORIGIN_TIMED_OUT" | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "any", | |||||
"comments": "Specify how edge servers respond when the origin is not available." | |||||
}, | |||||
{ | |||||
"name": "Origin health", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "healthDetection", | |||||
"options": { | |||||
"maximumReconnects": 3, | |||||
"retryCount": 3, | |||||
"retryInterval": "10s" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Monitor the health of your origin by tracking unsuccessful IP connection attempts." | |||||
}, | |||||
{ | |||||
"name": "Script management", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "scriptManagement", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Enable Script Management to minimize performance and availability impacts from third-party JavaScripts." | |||||
} | |||||
], | |||||
"behaviors": [], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Control how to respond when your origin or third parties are slow or even down to minimize the negative impact on user experience." | |||||
} |
{ | |||||
"name": "Minimize payload", | |||||
"children": [ | |||||
{ | |||||
"name": "Compressible objects", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "gzipResponse", | |||||
"options": { | |||||
"behavior": "ALWAYS" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "contentType", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"matchWildcard": true, | |||||
"values": [ | |||||
"application/*javascript*", | |||||
"application/*json*", | |||||
"application/*xml*", | |||||
"application/text*", | |||||
"application/vnd-ms-fontobject", | |||||
"application/vnd.microsoft.icon", | |||||
"application/x-font-opentype", | |||||
"application/x-font-truetype", | |||||
"application/x-font-ttf", | |||||
"application/xmlfont/eot", | |||||
"font/eot", | |||||
"font/opentype", | |||||
"font/otf", | |||||
"image/svg+xml", | |||||
"image/vnd.microsoft.icon", | |||||
"image/x-icon", | |||||
"text/*", | |||||
"application/octet-stream*", | |||||
"application/x-font-eot*", | |||||
"font/ttf", | |||||
"application/font-ttf", | |||||
"application/font-sfnt", | |||||
"application/x-tgif" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Serve gzip compressed content for text-based formats." | |||||
} | |||||
], | |||||
"behaviors": [], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Control the settings that reduce the size of the delivered content and decrease the number of bytes sent by your properties. This allows you to cut down the network overhead of your website or API." | |||||
} |
{ | |||||
"name": "Offload origin", | |||||
"children": [ | |||||
{ | |||||
"name": "CSS and JavaScript", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "caching", | |||||
"options": { | |||||
"behavior": "MAX_AGE", | |||||
"mustRevalidate": false, | |||||
"ttl": "7d" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "fileExtension", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"values": [ | |||||
"css", | |||||
"js" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "any", | |||||
"comments": "Override the default caching behavior for CSS and JavaScript" | |||||
}, | |||||
{ | |||||
"name": "Fonts", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "caching", | |||||
"options": { | |||||
"behavior": "MAX_AGE", | |||||
"mustRevalidate": false, | |||||
"ttl": "30d" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "fileExtension", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"values": [ | |||||
"eot", | |||||
"woff", | |||||
"woff2", | |||||
"otf", | |||||
"ttf" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "any", | |||||
"comments": "Override the default caching behavior for fonts." | |||||
}, | |||||
{ | |||||
"name": "Images", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "caching", | |||||
"options": { | |||||
"behavior": "MAX_AGE", | |||||
"mustRevalidate": false, | |||||
"ttl": "30d" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "fileExtension", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"values": [ | |||||
"jpg", | |||||
"jpeg", | |||||
"png", | |||||
"gif", | |||||
"webp", | |||||
"jp2", | |||||
"ico", | |||||
"svg", | |||||
"svgz" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "any", | |||||
"comments": "Override the default caching behavior for images." | |||||
}, | |||||
{ | |||||
"name": "Files", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "caching", | |||||
"options": { | |||||
"behavior": "MAX_AGE", | |||||
"mustRevalidate": false, | |||||
"ttl": "7d" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "fileExtension", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"values": [ | |||||
"pdf", | |||||
"doc", | |||||
"docx", | |||||
"odt" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "any", | |||||
"comments": "Override the default caching behavior for files. Files containing Personal Identified Information (PII) should require Edge authentication or not be cached at all." | |||||
}, | |||||
{ | |||||
"name": "Other static objects", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "caching", | |||||
"options": { | |||||
"behavior": "MAX_AGE", | |||||
"mustRevalidate": false, | |||||
"ttl": "7d" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "fileExtension", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"values": [ | |||||
"aif", | |||||
"aiff", | |||||
"au", | |||||
"avi", | |||||
"bin", | |||||
"bmp", | |||||
"cab", | |||||
"carb", | |||||
"cct", | |||||
"cdf", | |||||
"class", | |||||
"dcr", | |||||
"dtd", | |||||
"exe", | |||||
"flv", | |||||
"gcf", | |||||
"gff", | |||||
"grv", | |||||
"hdml", | |||||
"hqx", | |||||
"ini", | |||||
"mov", | |||||
"mp3", | |||||
"nc", | |||||
"pct", | |||||
"ppc", | |||||
"pws", | |||||
"swa", | |||||
"swf", | |||||
"txt", | |||||
"vbs", | |||||
"w32", | |||||
"wav", | |||||
"midi", | |||||
"wbmp", | |||||
"wml", | |||||
"wmlc", | |||||
"wmls", | |||||
"wmlsc", | |||||
"xsd", | |||||
"zip", | |||||
"pict", | |||||
"tif", | |||||
"tiff", | |||||
"mid", | |||||
"jxr", | |||||
"jar" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "any", | |||||
"comments": "Override the default caching behavior for other static objects." | |||||
}, | |||||
{ | |||||
"name": "HTML pages", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "caching", | |||||
"options": { | |||||
"behavior": "NO_STORE" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "cacheKeyQueryParams", | |||||
"options": { | |||||
"behavior": "IGNORE", | |||||
"exactMatch": true, | |||||
"parameters": [ | |||||
"gclid", | |||||
"fbclid", | |||||
"utm_source", | |||||
"utm_campaign", | |||||
"utm_medium", | |||||
"utm_content" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "fileExtension", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "IS_ONE_OF", | |||||
"values": [ | |||||
"html", | |||||
"htm", | |||||
"php", | |||||
"jsp", | |||||
"aspx", | |||||
"EMPTY_STRING" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Override the default caching behavior for HTML pages cached on edge servers." | |||||
}, | |||||
{ | |||||
"name": "Redirects", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "cacheRedirect", | |||||
"options": { | |||||
"enabled": "false" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "chaseRedirects", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Configure caching for HTTP redirects. The redirect is cached for the same TTL as a 200 HTTP response when this feature is enabled." | |||||
}, | |||||
{ | |||||
"name": "POST responses", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "cachePost", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Define when HTTP POST requests should be cached. You should enable it under a criteria match." | |||||
}, | |||||
{ | |||||
"name": "GraphQL", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "graphqlCaching", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "path", | |||||
"options": { | |||||
"matchCaseSensitive": false, | |||||
"matchOperator": "MATCHES_ONE_OF", | |||||
"normalize": false, | |||||
"values": [ | |||||
"/graphql" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Define when your GraphQL queries should be cached." | |||||
}, | |||||
{ | |||||
"name": "Uncacheable objects", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "downstreamCache", | |||||
"options": { | |||||
"behavior": "BUST" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "cacheability", | |||||
"options": { | |||||
"matchOperator": "IS_NOT", | |||||
"value": "CACHEABLE" | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Configure the default client caching behavior for uncacheable content at the edge." | |||||
} | |||||
], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "caching", | |||||
"options": { | |||||
"behavior": "NO_STORE" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "tieredDistribution", | |||||
"options": { | |||||
"enabled": true | |||||
} | |||||
}, | |||||
{ | |||||
"name": "validateEntityTag", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
}, | |||||
{ | |||||
"name": "removeVary", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
}, | |||||
{ | |||||
"name": "cacheError", | |||||
"options": { | |||||
"enabled": true, | |||||
"preserveStale": true, | |||||
"ttl": "10s" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "cacheKeyQueryParams", | |||||
"options": { | |||||
"behavior": "INCLUDE_ALL_ALPHABETIZE_ORDER" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "prefreshCache", | |||||
"options": { | |||||
"enabled": true, | |||||
"prefreshval": 90 | |||||
} | |||||
}, | |||||
{ | |||||
"name": "downstreamCache", | |||||
"options": { | |||||
"allowBehavior": "LESSER", | |||||
"behavior": "ALLOW", | |||||
"sendHeaders": "CACHE_CONTROL", | |||||
"sendPrivate": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Control the settings related to caching content at the edge and in the browser. As a result, fewer requests go to your origin, fewer bytes leave your data centers, and your assets are closer to your users." | |||||
} |
{ | |||||
"name": "Strengthen security", | |||||
"children": [ | |||||
{ | |||||
"name": "Allowed methods", | |||||
"children": [ | |||||
{ | |||||
"name": "POST", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "allowPost", | |||||
"options": { | |||||
"allowWithoutContentLength": false, | |||||
"enabled": true | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Allow use of the POST HTTP request method." | |||||
}, | |||||
{ | |||||
"name": "OPTIONS", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "allowOptions", | |||||
"options": { | |||||
"enabled": true | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Allow use of the OPTIONS HTTP request method." | |||||
}, | |||||
{ | |||||
"name": "PUT", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "allowPut", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Allow use of the PUT HTTP request method." | |||||
}, | |||||
{ | |||||
"name": "DELETE", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "allowDelete", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Allow use of the DELETE HTTP request method." | |||||
}, | |||||
{ | |||||
"name": "PATCH", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "allowPatch", | |||||
"options": { | |||||
"enabled": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Allow use of the PATCH HTTP request method." | |||||
} | |||||
], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "allHttpInCacheHierarchy", | |||||
"options": { | |||||
"enabled": true | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Allow the use of HTTP methods. Consider enabling additional methods under a path match for increased origin security." | |||||
}, | |||||
{ | |||||
"name": "Obfuscate debug info", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "cacheTagVisible", | |||||
"options": { | |||||
"behavior": "PRAGMA_HEADER" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Do not expose back-end information unless the request contains the Pragma debug header." | |||||
}, | |||||
{ | |||||
"name": "Obfuscate backend info", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "modifyOutgoingResponseHeader", | |||||
"options": { | |||||
"action": "DELETE", | |||||
"customHeaderName": "X-Powered-By", | |||||
"standardDeleteHeaderName": "OTHER" | |||||
} | |||||
}, | |||||
{ | |||||
"name": "modifyOutgoingResponseHeader", | |||||
"options": { | |||||
"action": "DELETE", | |||||
"customHeaderName": "Server", | |||||
"standardDeleteHeaderName": "OTHER" | |||||
} | |||||
} | |||||
], | |||||
"criteria": [ | |||||
{ | |||||
"name": "requestHeader", | |||||
"options": { | |||||
"headerName": "X-Akamai-Debug", | |||||
"matchCaseSensitiveValue": true, | |||||
"matchOperator": "IS_NOT_ONE_OF", | |||||
"matchWildcardName": false, | |||||
"matchWildcardValue": false, | |||||
"values": [ | |||||
"true" | |||||
] | |||||
} | |||||
} | |||||
], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Do not expose back-end information unless the request contains an additional secret header. Regularly change the criteria to use a specific unique value for the secret header." | |||||
}, | |||||
{ | |||||
"name": "HSTS", | |||||
"children": [], | |||||
"behaviors": [ | |||||
{ | |||||
"name": "httpStrictTransportSecurity", | |||||
"options": { | |||||
"enable": false | |||||
} | |||||
} | |||||
], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Require all browsers to connect to your site using HTTPS." | |||||
} | |||||
], | |||||
"behaviors": [], | |||||
"criteria": [], | |||||
"criteriaMustSatisfy": "all", | |||||
"comments": "Control the settings that minimize the information your website shares with clients and malicious entities to reduce your exposure to threats." | |||||
} |
edgerc = "~/.edgerc" | |||||
section = "" | |||||
contract_id = "" | |||||
group_id = "" | |||||
origin = "" | |||||
cpcode =00000 | |||||
secure = true | |||||
network= "STAGING" | |||||
hostname= "" | |||||
edge_hostname = "" | |||||
program="devops" | |||||
prefix="" |