Terraform module which sets up a CloudFront distribution with logging into S3.
The following resources are created:
- CloudFront
module "my_cloudfront" {
source = "git::https://github.com/zoitech/terraform-aws-cloudfront.git"
# Or to specifiy a particular module version:
source = "git::https://github.com/zoitech/terraform-aws-cloudfront.git?ref=2.0.0"module "my_cloudfront" {
source = "git::https://github.com/zoitech/terraform-aws-cloudfront.git"
dns_domain_name = "mydomain.s3.amazonaws.com"
origin_path = "/mypath"
origin_id = "s3-myorigin"
#s3_origin_config - origin_access_identity
state_enabled = true
is_ipv6_enabled = false
comment = "Environment=Prod"
default_root_object = "index.html"
# Logging into S3
logging_config_include_cookies = false
logging_config_bucket = "mylogbucket.s3.amazonaws.com"
logging_config_prefix = "s3-my-origin-id"
# Aliases
aliases = ["myalias.mywebsite.com"]
# Default Cache Behavior Settings
default_cache_behavior_allowed_methods = ["GET", "HEAD"]
default_cache_behavior_cached_methods = ["GET", "HEAD"]
default_cache_behavior_forwarded_values_headers = ["origin"]
target_origin_id = "s3-my-origin-id"
viewer_protocol_policy = "redirect-to-https"
price_class = "PriceClass_100"
# Custom Error Response
custom_error_response = [
{
error_caching_min_ttl = "86400" #Optional
error_code = "404" #Required
response_code = "200" #Optional
response_page_path = "/index.html"} #Optional
]
# Geo Restrictions
restriction_type = "none"
# Certificate
acm_certificate_arn = data.aws_acm_certificate.my_acm_certificate.arn
minimum_protocol_version = "TLSv1.1_2016"
ssl_support_method = "sni-only"
}
The following outputs are possible:
- domain_name (The domain name corresponding to the distribution. For example: d604721fxaaqy9.cloudfront.net)
- hosted_zone_id (The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.)
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| Name | Version |
|---|---|
| aws | n/a |
No modules.
| Name | Type |
|---|---|
| aws_cloudfront_distribution.distribution | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| acm_certificate_arn | The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1. | any |
n/a | yes |
| aliases | (Optional) - Extra CNAMEs (alternate domain names), if any, for this distribution. | list(string) |
n/a | yes |
| comment | (Optional) - Any comments you want to include about the distribution. | any |
n/a | yes |
| custom_error_response | (Optional) - One or more custom error response elements (multiples allowed). | any |
[] |
no |
| default_cache_behavior_allowed_methods | (Required) - Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. | list(string) |
n/a | yes |
| default_cache_behavior_cached_methods | (Required) - Controls whether CloudFront caches the response to requests using the specified HTTP methods. | list(string) |
n/a | yes |
| default_cache_behavior_forwarded_values_headers | (Required) - Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers. | list(string) |
n/a | yes |
| default_root_object | (Optional) - The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. | string |
"index.html" |
no |
| dns_domain_name | (Required) - The DNS domain name of either the S3 bucket, or web site of your custom origin. | any |
n/a | yes |
| is_ipv6_enabled | (Optional) - Whether the IPv6 is enabled for the distribution. | bool |
false |
no |
| logging_config_bucket | (Required) - The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com. | any |
n/a | yes |
| logging_config_include_cookies | (Optional) - Specifies whether you want CloudFront to include cookies in access logs (default: false). | bool |
false |
no |
| logging_config_prefix | (Optional) - An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/. | any |
n/a | yes |
| minimum_protocol_version | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified. | any |
n/a | yes |
| origin_id | (Required) - A unique identifier for the origin. | any |
n/a | yes |
| origin_path | (Optional) - An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. | string |
"" |
no |
| price_class | (Optional) - The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100 | any |
n/a | yes |
| region | region | string |
"eu-west-1" |
no |
| restriction_locations | (Optional) - The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist). | list(string) |
[] |
no |
| restriction_type | (Required) - The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist. | string |
"none" |
no |
| ssl_support_method | Specifies how you want CloudFront to serve HTTPS requests. One of vip or sni-only. Required if you specify acm_certificate_arn or iam_certificate_id. NOTE: vip causes CloudFront to use a dedicated IP address and may incur extra charges. | any |
n/a | yes |
| state_enabled | (Required) - Whether the distribution is enabled to accept end user requests for content. | bool |
true |
no |
| tags | Tags to be added to the distribution | map(string) |
{} |
no |
| target_origin_id | (Required) - The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior. | any |
n/a | yes |
| viewer_protocol_policy | (Required) - Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https. | any |
n/a | yes |
| Name | Description |
|---|---|
| cf_arn | n/a |
| cf_id | n/a |
| domain_name | n/a |
| hosted_zone_id | n/a |