Skip to content

jmgreg31/terraform-aws-cloudfront

Repository files navigation

Build Status Latest Release

Terraform Cloudfront Module

This is a module to build a cloudfront distribution. It has been modularized to accept multiple origins, behaviors, and custom error responses. Please reference the Example folder for an example of this module in action. Note: The example is used directly for integration testing

Notes

  • This Module supports Terraform Version 0.12 and above
  • This Module has been tested & verified with 0.13.3
  • While dynamic_custom_origin_config and dynamic_s3_origin_config are considered not required, you must supply at least one origin config.
  • Cloudfront functions require logging to be enabled

Release

See CHANGELOG for release notes

IMPORTANT: To migrate from version v4.x.x to v5.x.x update the module source to the specific cloudfront folder.

source = "git::https://github.com/jmgreg31/terraform-aws-cloudfront//cloudfront?ref=v5.0.0"

Inputs

Name Description Type Default Required
acm_certificate_arn "The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. The ACM certificate must be in US-EAST-1. string null no
additional_tags A mapping of additional tags to attach map(string) {} no
alias Aliases, or CNAMES, for the distribution list [] no
comment Any comment about the CloudFront Distribution string "" no
cloudfront_default_certificate This variable is not required anymore, being auto generated, left here for compability purposes bool true no
create_cf Set to false to prevent the module from creating any resources bool true no
default_root_object The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL string "" no
dynamic_custom_error_response Custom error response to be used in dynamic block any [] no
dynamic_custom_origin_config Configuration for the custom origin config to be used in dynamic block any [] no
dynamic_default_cache_behavior Default Cache Behviors to be used in dynamic block any n/a yes
dynamic_ordered_cache_behavior Ordered Cache Behaviors to be used in dynamic block any [] no
dynamic_origin_group Origin Group to be used in dynamic block any [] no
dynamic_logging_config This is the logging configuration for the Cloudfront Distribution. It is not required. If you choose to use this configuration, be sure you have the correct IAM and Bucket ACL rules. Your tfvars file should follow this syntax:

logging_config = [{ bucket = "" include_cookies = prefix = "" }]
any [] no
dynamic_s3_origin_config Configuration for the s3 origin config to be used in dynamic block list(map(string)) [] no
enable Whether the distribution is enabled to accept end user requests for content bool true no
enable_ipv6 Whether the IPv6 is enabled for the distribution bool true no
http_version The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2 string "http2" no
iam_certificate_id Specifies IAM certificate id for CloudFront distribution string null no
minimum_protocol_version The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018 or TLSv1.2_2019. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified. string TLSv1 no
price The price class of the CloudFront Distribution. Valid types are PriceClass_All, PriceClass_100, PriceClass_200 string "PriceClass_100" no
restriction_location The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist) list [] no
restriction_type The restriction type of your CloudFront distribution geolocation restriction. Options include none, whitelist, blacklist string "none" no
retain_on_delete Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. bool false no
ssl_support_method This variable is not required anymore, being auto generated, left here for compability purposes string sni-only no
tag_name The tagged name string n/a no
wait_for_deployment If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. bool true no
webacl The WAF Web ACL string "" no

Outputs

Name Description
id The identifier for the distribution. For example: EDFDVBD632BHDS5.
arn The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
caller_reference Internal value used by CloudFront to allow future updates to the distribution configuration.
status The current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system.
trusted_signers The key pair IDs that CloudFront is aware of for each trusted signer, if the distribution is set up to serve private content with signed URLs.
domain_name The domain name corresponding to the distribution. For example: d604721fxaaqy9.cloudfront.net.
name The domain name corresponding to the distribution. For example: d604721fxaaqy9.cloudfront.net.
last_modified_time The date and time the distribution was last modified.
in_progress_validation_batches The number of invalidation batches currently in progress.
etag The current version of the distribution's information. For example: E2QWRUHAPOMQZL.
hosted_zone_id The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.