You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/arc-iac-docs/modules/terraform-aws-arc-cloudfront/README.md
+25-11Lines changed: 25 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,6 +15,8 @@ For more information about this repository and its usage, please see [Terraform
15
15
16
16
## Usage
17
17
18
+
**Important Note**: When using custom ACM certificates (`acm_details.domain_name` is set), the certificate must be created in the `us-east-1` region as required by CloudFront. If you're deploying in a different region, you'll need to configure a provider alias for `us-east-1`.
19
+
18
20
To see a full example, check out the [main.tf](https://github.com/sourcefuse/terraform-aws-arc-cloudfront/blob/main/example/main.tf) file in the example folder.
|[aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity)| data source |
217
-
|[aws_partition.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition)| data source |
218
235
|[aws_route53_zone.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone)| data source |
219
-
|[aws_s3_bucket.origin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_bucket)| data source |
220
236
221
237
## Inputs
222
238
@@ -226,18 +242,16 @@ module "cloudfront" {
226
242
| <aname="input_aliases"></a> [aliases](#input\_aliases)| Fully qualified domain name for site being hosted |`list(string)`| n/a | yes |
227
243
| <a name="input_cache_behaviors"></a> [cache\_behaviors](#input\_cache\_behaviors) | Set the cache behaviors for the distribution , Note:- You cannot use an origin request policy in a cache behavior without a cache policy. | <pre>list(object({<br/> origin_id = string // should be same as what is given in origins<br/> path_pattern = string<br/> allowed_methods = list(string)<br/> cached_methods = list(string)<br/> response_headers_policy_name = optional(string, null)<br/> use_aws_managed_response_headers_policy = optional(bool, false)<br/> function_association = optional(list(object({ // Specific event to trigger this function. Valid values: viewer-request or viewer-response.<br/> event_type = string,<br/> function_arn = string<br/> })))<br/> lambda_function_association = optional(list(object({ // A config block that triggers a lambda function with specific actions (maximum 4).<br/> event_type = string,<br/> lambda_arn = string,<br/> include_body = bool // When set to true it exposes the request body to the lambda function.<br/> })))<br/> use_aws_managed_cache_policy = bool,<br/> cache_policy_name = string, // It can be custom or aws managed policy name , if custom cache_policies variable key should match<br/> use_aws_managed_origin_request_policy = optional(bool),<br/> origin_request_policy_name = optional(string), // It can be custom or aws managed policy name , if custom origin_request_policies variable key should match<br/> compress = bool,<br/> viewer_protocol_policy = string<br/> }))</pre> | `[]` | no |
| <aname="input_cors_configuration"></a> [cors\_configuration](#input\_cors\_configuration)| Specifies the allowed headers, methods, origins and exposed headers when using CORS on this bucket | <pre>list(object({<br/> allowed_headers = list(string)<br/> allowed_methods = list(string)<br/> allowed_origins = list(string)<br/> expose_headers = list(string)<br/> max_age_seconds = number<br/> }))</pre> |`null`| no |
230
245
| <aname="input_create_route53_records"></a> [create\_route53\_records](#input\_create\_route53\_records)| made optional route53 |`bool`|`false`| no |
231
246
| <aname="input_custom_error_responses"></a> [custom\_error\_responses](#input\_custom\_error\_responses)| One or more custom error response elements | <pre>list(object({<br/> error_caching_min_ttl = optional(number),<br/> error_code = string,<br/> response_code = optional(string),<br/> response_page_path = optional(string) // eg: /custom_404.html<br/> }))</pre> |`[]`| no |
232
247
| <a name="input_default_cache_behavior"></a> [default\_cache\_behavior](#input\_default\_cache\_behavior) | Default cache behavior for the distribution | <pre>object({<br/> origin_id = string // should be same as what is given in origins<br/> allowed_methods = list(string)<br/> cached_methods = list(string)<br/> response_headers_policy_name = optional(string, null)<br/> use_aws_managed_response_headers_policy = optional(bool, false)<br/> function_association = optional(list(object({ // A config block that triggers a lambda function with specific actions (maximum 4).<br/> event_type = string, // Specific event to trigger this function. Valid values: viewer-request or viewer-response.<br/> function_arn = string<br/> })))<br/> lambda_function_association = optional(list(object({ // A config block that triggers a lambda function with specific actions (maximum 4).<br/> event_type = string,<br/> lambda_arn = string,<br/> include_body = bool // When set to true it exposes the request body to the lambda function.<br/> })))<br/> use_aws_managed_cache_policy = bool,<br/> cache_policy_name = string, // It can be custom or aws managed policy name , if custom cache_policies variable key should match<br/> use_aws_managed_origin_request_policy = optional(bool),<br/> origin_request_policy_name = optional(string), // It can be custom or aws managed policy name , if custom origin_request_policies variable key should match<br/> compress = bool<br/> viewer_protocol_policy = optional(string, "redirect-to-https")<br/> })</pre> | n/a | yes |
233
248
| <aname="input_default_root_object"></a> [default\_root\_object](#input\_default\_root\_object)| Object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. |`string`|`"index.html"`| no |
| <aname="input_enable_logging"></a> [enable\_logging](#input\_enable\_logging)| Enable logging for Clouffront destribution, this will create new S3 bucket |`bool`|`false`| no |
| <a name="input_origins"></a> [origins](#input\_origins) | List of Origins for Cloudfront | <pre>list(object({<br/> origin_type = string // S3 or custom origin<br/> origin_id = string<br/> origin_path = optional(string)<br/> domain_name = string<br/> bucket_name = optional(string) // required of origin is S3<br/> create_bucket = bool // required of origin is S3<br/> connection_attempts = optional(number, 3)<br/> connection_timeout = optional(number, 10)<br/> cors_configuration = optional(any) // cors for S3<br/> origin_shield = optional(object({<br/> enabled = bool<br/> origin_shield_region = string<br/> }), {<br/> enabled = false<br/> origin_shield_region = null<br/> })<br/> custom_origin_config = optional(object({<br/> http_port = number<br/> https_port = number<br/> origin_protocol_policy = string<br/> origin_ssl_protocols = list(string)<br/> origin_keepalive_timeout = optional(number, 5)<br/> origin_read_timeout = optional(number, 30)<br/> }))<br/> }))</pre> | `[]` | no |
254
+
| <a name="input_origins"></a> [origins](#input\_origins) | List of Origins for Cloudfront | <pre>list(object({<br/> origin_type = string // S3 or custom origin<br/> origin_id = string<br/> origin_path = optional(string)<br/> domain_name = string // required of origin is custom and if S3 bukcet is created outside the module<br/> bucket_name = optional(string) // required of origin is S3<br/> create_bucket = bool // required of origin is S3<br/> connection_attempts = optional(number, 3)<br/> connection_timeout = optional(number, 10)<br/> cors_configuration = optional(any) // cors for S3<br/> primary_origin = optional(bool, true) // used in origin groups to identify primary origin<br/> manage_bucket_policy = optional(bool, true) // whether to manage bucket policy for S3 origin<br/> origin_shield = optional(object({<br/> enabled = bool<br/> origin_shield_region = string<br/> }), {<br/> enabled = false<br/> origin_shield_region = null<br/> })<br/> custom_origin_config = optional(object({<br/> http_port = number<br/> https_port = number<br/> origin_protocol_policy = string<br/> origin_ssl_protocols = list(string)<br/> origin_keepalive_timeout = optional(number, 5)<br/> origin_read_timeout = optional(number, 30)<br/> }))<br/> }))</pre> | `[]` | no |
241
255
| <aname="input_price_class"></a> [price\_class](#input\_price\_class)| Price class for this distribution. One of PriceClass\_All, PriceClass\_200, PriceClass\_100. |`string`|`"PriceClass_All"`| no |
| <aname="input_retain_on_delete"></a> [retain\_on\_delete](#input\_retain\_on\_delete)| Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. |`bool`|`false`| no |
0 commit comments