From b486d9c29f6f3453f7e253af1369195300055231 Mon Sep 17 00:00:00 2001
From: Jo <jdbass@users.noreply.github.com>
Date: Mon, 1 Apr 2024 15:12:32 -0400
Subject: [PATCH] updating cloudfront tls config

---
 .github/workflows/primary.yaml         | 2 +-
 tofu/modules/services/frontend/main.tf | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/primary.yaml b/.github/workflows/primary.yaml
index 1bc6530c9..30867865f 100644
--- a/.github/workflows/primary.yaml
+++ b/.github/workflows/primary.yaml
@@ -105,7 +105,7 @@ jobs:
 
   deploy-frontend:
     needs: detect-changes
-    if: github.ref != 'refs/heads/main' && needs.detect-changes.outputs.run-frontend == 'true'
+    if: github.ref == 'refs/heads/main' && needs.detect-changes.outputs.run-frontend == 'true'
     uses: ./.github/workflows/deploy-frontend.yaml
     with:
       aws_region: us-east-1
diff --git a/tofu/modules/services/frontend/main.tf b/tofu/modules/services/frontend/main.tf
index 8ab8a2ec0..beaa994eb 100644
--- a/tofu/modules/services/frontend/main.tf
+++ b/tofu/modules/services/frontend/main.tf
@@ -154,7 +154,9 @@ resource "aws_cloudfront_distribution" "appointment" {
 
   viewer_certificate {
     acm_certificate_arn = var.ssl_cert
+    cloudfront_default_certificate = false
     ssl_support_method  = "sni-only"
+    minimum_protocol_version = "TLSv1.2_2021"
   }
 }