Add CDN for archived data in S3

[Mr0grog]

This adds a CloudFront distribution to serve data from our "data snaphsots" S3 bucket at https://archives.getmyvax.org. The goal here is mainly to prevent people from potentially driving up S3 costs by making requests we can't control or cache against the bucket. (Per @TylerHendrickson’s guidance.)

This is a first step for #1180. After we confirm this is deployed and working, we’ll need to revoke public read access from the S3 bucket.

[Mr0grog]

OK, I’ve implemented this both directly with the AWS provider and using a module from Cloud Posse that makes the setup significantly simpler. I think the simplicity is probably worthwhile, but there are some caveats worth logging here:

• It might be broken! It triggers one deprecation warning in Terraform which should be OK, but this issue suggests there may be bigger problems: version 4.0.0 of the aws provider contains breaking changes for the CDN module cloudposse/terraform-aws-cloudfront-s3-cdn#217. It’s possible I’m just not using the problematic features, or maybe it’s since been fixed and nobody closed the issue. I guess we’ll see. 🤷

• It does so many things that properly understanding how to configure it correctly can be a bit confusing. See, for example, how many commits I made so I could see what Terraform’s plan output was and adjust (e.g. several settings determine whether alternate domain names are used, and the implications of that is not clearly documented anywhere). There is definitely some cost to this abstraction.

  (OTOH, I had forgotten to create an IPv6 DNS record in my manual version, and this module takes care of that. Good defaults, mostly.)