Use this URL for the source of the module. See the usage examples below for more details.
github.com/pbs/terraform-aws-cloudfront-module?ref=3.2.0More information can be found on these install methods and more in the documentation here.
This module creates a CloudFront distribution.
If configured to integrate with an S3 bucket, an origin access identity will be configured for the bucket.
Integrate this module like so:
module "cloudfront" {
source = "github.com/pbs/terraform-aws-cloudfront-module?ref=3.2.0"
# Required Parameters
primary_hosted_zone = "example.com"
origins = [{
domain_name = module.service.domain_name
custom_origin_config = {
http_port = 80
https_port = 443
origin_keepalive_timeout = 5
origin_protocol_policy = "https-only"
origin_read_timeout = 30
origin_ssl_protocols = [
"TLSv1.2",
]
}
}]
# Tagging Parameters
organization = var.organization
environment = var.environment
product = var.product
repo = var.repo
# Optional Parameters
}If this repo is added as a subtree, then the version of the module should be close to the version shown here:
3.2.0
Note, however that subtrees can be altered as desired within repositories.
Further documentation on usage can be found here.
Below is automatically generated documentation on this Terraform module using terraform-docs
| Name | Version |
|---|---|
| terraform | >= 1.3.2 |
| aws | >= 4.5.0 |
| Name | Version |
|---|---|
| aws | 5.24.0 |
No modules.
| Name | Type |
|---|---|
| aws_cloudfront_distribution.cdn | resource |
| aws_cloudfront_origin_access_control.oac | resource |
| aws_route53_record.dns | resource |
| aws_acm_certificate.primary_acm_wildcard_cert | data source |
| aws_cloudfront_cache_policy.cache_policy | data source |
| aws_cloudfront_origin_request_policy.origin_request_policy | data source |
| aws_cloudfront_response_headers_policy.response_headers_policy | data source |
| aws_default_tags.common_tags | data source |
| aws_route53_zone.primary_hosted_zone | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| environment | Environment (sharedtools, dev, staging, qa, prod) | string |
n/a | yes |
| organization | Organization using this module. Used to prefix tags so that they are easily identified as being from your organization | string |
n/a | yes |
| origins | One or more origins for this distribution. | list(object({ |
n/a | yes |
| primary_hosted_zone | Name of the primary hosted zone for DNS. e.g. primary_hosted_zone = example.org --> service.example.org. | string |
n/a | yes |
| product | Tag used to group resources according to product | string |
n/a | yes |
| repo | Tag used to point to the repo using this module | string |
n/a | yes |
| acm_arn | (optional) ARN for the ACM cert used for the CloudFront distribution | string |
null |
no |
| aliases | (optional) CNAME(s) that are allowed to be used for this cdn. Default is product.primary_hosted_zone. e.g. [service.example.com] --> [service.example.com] |
list(string) |
null |
no |
| cloudfront_default_certificate | (optional) use cloudfront default ssl certificate | bool |
false |
no |
| cnames | (optional) CNAME(s) that are going to be created for this cdn in the primary_hosted_zone. This can be set to [] to avoid creating a CNAME for the app. This can be useful for CDNs. Default is product. e.g. [service] --> [example.example.com] |
list(string) |
null |
no |
| comment | (optional) comment for the CDN | string |
null |
no |
| compress | (optional) gzip compress response | bool |
true |
no |
| create_cname | (optional) create CNAME(s) that point to CloudFront distribution | bool |
true |
no |
| custom_error_response | (optional) set of one or more custom error response elements | list(any) |
[] |
no |
| default_behavior_allowed_methods | (optional) default behavior allowed methods | list(string) |
[ |
no |
| default_behavior_cached_methods | (optional) default behavior cached methods | list(string) |
[ |
no |
| default_behavior_function_association | (optional) default behavior function association | object({ |
null |
no |
| default_behavior_lambda_function_association | (optional) default behavior lambda function association | object({ |
null |
no |
| default_cache_policy_id | (optional) policy id for the cache policy of the default cache behavior. If null, a lookup on default_cache_policy_name will be attempted. | string |
null |
no |
| default_cache_policy_name | (optional) policy name for the cache policy of the default cache behavior | string |
"Managed-CachingDisabled" |
no |
| default_origin_id | (optional) default origin origin id | string |
null |
no |
| default_origin_request_policy_id | (optional) policy id for the origin request policy of the default cache behavior. If null, a lookup on default_origin_request_policy_name will be attempted. | string |
null |
no |
| default_origin_request_policy_name | (optional) policy name for the origin request policy of the default cache behavior | string |
null |
no |
| default_response_headers_policy_id | (optional) policy id for the response headers policy of the default cache behavior. If null, a lookup on default_response_headers_policy_name will be attempted. | string |
null |
no |
| default_response_headers_policy_name | (optional) policy name for the response headers policy of the default cache behavior | string |
null |
no |
| default_root_object | (optional) default root object to be served from cdn. e.g. index.hml | string |
null |
no |
| dns_evaluate_target_health | (optional) evaluate health of endpoints by querying DNS records | bool |
false |
no |
| enabled | (optional) enable cloudfront | bool |
true |
no |
| http_version | (optional) The maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3. | string |
"http2and3" |
no |
| is_ipv6_enabled | (optional) enable ipv6 | bool |
true |
no |
| logging_config | (optional) logging configuration that controls how logs are written to your distribution (maximum one) | list(object({ |
[] |
no |
| minimum_protocol_version | (optional) tls minimum protocol version | string |
"TLSv1.2_2021" |
no |
| name | (optional) name of the distribution. Used as the default for DNS creation when configured | string |
null |
no |
| ordered_cache_behavior | (optional) an ordered list of cache behaviors resource for this distribution | list(object({ |
[] |
no |
| price_class | (optional) price class for the distribution | string |
"PriceClass_100" |
no |
| restriction_locations | (optional) locations to use in access restriction (whitelist or blacklist based on restriction_type) | list(string) |
[] |
no |
| restriction_type | (optional) type of restriction for CDN | string |
"none" |
no |
| ssl_support_method | (optional) ssl support method (one of vip or sni-only) | string |
"sni-only" |
no |
| tags | Extra tags | map(string) |
{} |
no |
| viewer_protocol_policy | (optional) viewer protocol policy | string |
"redirect-to-https" |
no |
| web_acl_id | (optional) unique identifier that specifies the AWS WAF web ACL | string |
null |
no |
| Name | Description |
|---|---|
| arn | ARN of the CloudFront distribution |
| default_cache_policy_id | The default cache policy ID |
| domain_name | One domain name that will resolve to this cdn. Might not be a valid alias. |
| id | ID of the CloudFront distribution |
| oac_id | ID of the origin access identity |