Auto Format

README.md

@@ -435,6 +435,7 @@ Available targets:
 | <a name="input_ordered_cache"></a> [ordered\_cache](#input\_ordered\_cache) | An ordered list of [cache behaviors](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#cache-behavior-arguments) resource for this distribution.<br>List in order of precedence (first match wins). This is in addition to the default cache policy.<br>Set `target_origin_id` to `""` to specify the S3 bucket origin created by this module. | <pre>list(object({<br>    target_origin_id = string<br>    path_pattern     = string<br><br>    allowed_methods = list(string)<br>    cached_methods  = list(string)<br>    compress        = bool<br><br>    cache_policy_id          = string<br>    origin_request_policy_id = string<br><br>    viewer_protocol_policy = string<br>    min_ttl                = number<br>    default_ttl            = number<br>    max_ttl                = number<br><br>    forward_query_string  = bool<br>    forward_header_values = list(string)<br>    forward_cookies       = string<br><br>    lambda_function_association = list(object({<br>      event_type   = string<br>      include_body = bool<br>      lambda_arn   = string<br>    }))<br><br>    function_association = list(object({<br>      event_type   = string<br>      function_arn = string<br>    }))<br>  }))</pre> | `[]` | no |
 | <a name="input_origin_bucket"></a> [origin\_bucket](#input\_origin\_bucket) | Name of an existing S3 bucket to use as the origin. If this is not provided, it will create a new s3 bucket using `var.name` and other context related inputs | `string` | `null` | no |
 | <a name="input_origin_force_destroy"></a> [origin\_force\_destroy](#input\_origin\_force\_destroy) | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`) | `bool` | `false` | no |
+| <a name="input_origin_groups"></a> [origin\_groups](#input\_origin\_groups) | List of [Origin Groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#origin-group-arguments) to create in the distribution.<br>The values of `primary_origin_id` and `failover_origin_id` must correspond to origin IDs existing in `var.s3_origins` or `var.custom_origins`.<br>If `primary_origin_id` is set to `null` or `""`, then the origin id of the origin created by this module will be used in its place. | <pre>list(object({<br>    primary_origin_id  = string<br>    failover_origin_id = string<br>    failover_criteria  = list(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_origin_path"></a> [origin\_path](#input\_origin\_path) | An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. It must begin with a /. Do not add a / at the end of the path. | `string` | `""` | no |
 | <a name="input_origin_ssl_protocols"></a> [origin\_ssl\_protocols](#input\_origin\_ssl\_protocols) | The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. | `list(string)` | <pre>[<br>  "TLSv1",<br>  "TLSv1.1",<br>  "TLSv1.2"<br>]</pre> | no |
 | <a name="input_override_origin_bucket_policy"></a> [override\_origin\_bucket\_policy](#input\_override\_origin\_bucket\_policy) | When using an existing origin bucket (through var.origin\_bucket), setting this to 'false' will make it so the existing bucket policy will not be overriden | `bool` | `true` | no |
@@ -465,13 +466,15 @@ Available targets:
 
 | Name | Description |
 |------|-------------|
-| <a name="output_aliases"></a> [aliases](#output\_aliases) | Aliases of the CloudFront distibution |
+| <a name="output_aliases"></a> [aliases](#output\_aliases) | Aliases of the CloudFront distribution. |
 | <a name="output_cf_arn"></a> [cf\_arn](#output\_cf\_arn) | ARN of AWS CloudFront distribution |
 | <a name="output_cf_domain_name"></a> [cf\_domain\_name](#output\_cf\_domain\_name) | Domain name corresponding to the distribution |
 | <a name="output_cf_etag"></a> [cf\_etag](#output\_cf\_etag) | Current version of the distribution's information |
 | <a name="output_cf_hosted_zone_id"></a> [cf\_hosted\_zone\_id](#output\_cf\_hosted\_zone\_id) | CloudFront Route 53 zone ID |
 | <a name="output_cf_id"></a> [cf\_id](#output\_cf\_id) | ID of AWS CloudFront distribution |
 | <a name="output_cf_identity_iam_arn"></a> [cf\_identity\_iam\_arn](#output\_cf\_identity\_iam\_arn) | CloudFront Origin Access Identity IAM ARN |
+| <a name="output_cf_origin_groups"></a> [cf\_origin\_groups](#output\_cf\_origin\_groups) | List of Origin Groups in the CloudFront distribution. |
+| <a name="output_cf_origin_ids"></a> [cf\_origin\_ids](#output\_cf\_origin\_ids) | List of Origin IDs in the CloudFront distribution. |
 | <a name="output_cf_s3_canonical_user_id"></a> [cf\_s3\_canonical\_user\_id](#output\_cf\_s3\_canonical\_user\_id) | Canonical user ID for CloudFront Origin Access Identity |
 | <a name="output_cf_status"></a> [cf\_status](#output\_cf\_status) | Current status of the distribution |
 | <a name="output_logs"></a> [logs](#output\_logs) | Log bucket resource |

docs/terraform.md

@@ -115,6 +115,7 @@
 | <a name="input_ordered_cache"></a> [ordered\_cache](#input\_ordered\_cache) | An ordered list of [cache behaviors](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#cache-behavior-arguments) resource for this distribution.<br>List in order of precedence (first match wins). This is in addition to the default cache policy.<br>Set `target_origin_id` to `""` to specify the S3 bucket origin created by this module. | <pre>list(object({<br>    target_origin_id = string<br>    path_pattern     = string<br><br>    allowed_methods = list(string)<br>    cached_methods  = list(string)<br>    compress        = bool<br><br>    cache_policy_id          = string<br>    origin_request_policy_id = string<br><br>    viewer_protocol_policy = string<br>    min_ttl                = number<br>    default_ttl            = number<br>    max_ttl                = number<br><br>    forward_query_string  = bool<br>    forward_header_values = list(string)<br>    forward_cookies       = string<br><br>    lambda_function_association = list(object({<br>      event_type   = string<br>      include_body = bool<br>      lambda_arn   = string<br>    }))<br><br>    function_association = list(object({<br>      event_type   = string<br>      function_arn = string<br>    }))<br>  }))</pre> | `[]` | no |
 | <a name="input_origin_bucket"></a> [origin\_bucket](#input\_origin\_bucket) | Name of an existing S3 bucket to use as the origin. If this is not provided, it will create a new s3 bucket using `var.name` and other context related inputs | `string` | `null` | no |
 | <a name="input_origin_force_destroy"></a> [origin\_force\_destroy](#input\_origin\_force\_destroy) | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`) | `bool` | `false` | no |
+| <a name="input_origin_groups"></a> [origin\_groups](#input\_origin\_groups) | List of [Origin Groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#origin-group-arguments) to create in the distribution.<br>The values of `primary_origin_id` and `failover_origin_id` must correspond to origin IDs existing in `var.s3_origins` or `var.custom_origins`.<br>If `primary_origin_id` is set to `null` or `""`, then the origin id of the origin created by this module will be used in its place. | <pre>list(object({<br>    primary_origin_id  = string<br>    failover_origin_id = string<br>    failover_criteria  = list(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_origin_path"></a> [origin\_path](#input\_origin\_path) | An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. It must begin with a /. Do not add a / at the end of the path. | `string` | `""` | no |
 | <a name="input_origin_ssl_protocols"></a> [origin\_ssl\_protocols](#input\_origin\_ssl\_protocols) | The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. | `list(string)` | <pre>[<br>  "TLSv1",<br>  "TLSv1.1",<br>  "TLSv1.2"<br>]</pre> | no |
 | <a name="input_override_origin_bucket_policy"></a> [override\_origin\_bucket\_policy](#input\_override\_origin\_bucket\_policy) | When using an existing origin bucket (through var.origin\_bucket), setting this to 'false' will make it so the existing bucket policy will not be overriden | `bool` | `true` | no |
@@ -145,13 +146,15 @@
 
 | Name | Description |
 |------|-------------|
-| <a name="output_aliases"></a> [aliases](#output\_aliases) | Aliases of the CloudFront distibution |
+| <a name="output_aliases"></a> [aliases](#output\_aliases) | Aliases of the CloudFront distribution. |
 | <a name="output_cf_arn"></a> [cf\_arn](#output\_cf\_arn) | ARN of AWS CloudFront distribution |
 | <a name="output_cf_domain_name"></a> [cf\_domain\_name](#output\_cf\_domain\_name) | Domain name corresponding to the distribution |
 | <a name="output_cf_etag"></a> [cf\_etag](#output\_cf\_etag) | Current version of the distribution's information |
 | <a name="output_cf_hosted_zone_id"></a> [cf\_hosted\_zone\_id](#output\_cf\_hosted\_zone\_id) | CloudFront Route 53 zone ID |
 | <a name="output_cf_id"></a> [cf\_id](#output\_cf\_id) | ID of AWS CloudFront distribution |
 | <a name="output_cf_identity_iam_arn"></a> [cf\_identity\_iam\_arn](#output\_cf\_identity\_iam\_arn) | CloudFront Origin Access Identity IAM ARN |
+| <a name="output_cf_origin_groups"></a> [cf\_origin\_groups](#output\_cf\_origin\_groups) | List of Origin Groups in the CloudFront distribution. |
+| <a name="output_cf_origin_ids"></a> [cf\_origin\_ids](#output\_cf\_origin\_ids) | List of Origin IDs in the CloudFront distribution. |
 | <a name="output_cf_s3_canonical_user_id"></a> [cf\_s3\_canonical\_user\_id](#output\_cf\_s3\_canonical\_user\_id) | Canonical user ID for CloudFront Origin Access Identity |
 | <a name="output_cf_status"></a> [cf\_status](#output\_cf\_status) | Current status of the distribution |
 | <a name="output_logs"></a> [logs](#output\_logs) | Log bucket resource |

examples/complete/custom-origins.tf

@@ -13,17 +13,17 @@ locals {
       origin_read_timeout      = 60
     }
   }
-  additional_custom_origins           = var.additional_custom_origins_enabled ? [
+  additional_custom_origins = var.additional_custom_origins_enabled ? [
     merge(local.default_custom_origin_configuration, {
-      domain_name    = module.additional_custom_origin.s3_bucket_website_endpoint
-      origin_id      = module.additional_custom_origin.hostname
+      domain_name = module.additional_custom_origin.s3_bucket_website_endpoint
+      origin_id   = module.additional_custom_origin.hostname
     }),
     merge(local.default_custom_origin_configuration, {
-      domain_name    = module.additional_custom_failover_origin.s3_bucket_website_endpoint
-      origin_id      = module.additional_custom_failover_origin.hostname
+      domain_name = module.additional_custom_failover_origin.s3_bucket_website_endpoint
+      origin_id   = module.additional_custom_failover_origin.hostname
     })
   ] : []
-  additional_custom_origin_groups     = var.additional_custom_origins_enabled ? [{
+  additional_custom_origin_groups = var.additional_custom_origins_enabled ? [{
     primary_origin_id  = local.additional_custom_origins[0].origin_id
     failover_origin_id = local.additional_custom_origins[1].origin_id
     failover_criteria  = var.origin_group_failover_criteria_status_codes

examples/complete/main.tf

@@ -80,15 +80,15 @@ module "cloudfront_s3_cdn" {
   additional_bucket_policy = local.enabled ? data.aws_iam_policy_document.document[0].json : ""
 
   custom_origins = local.additional_custom_origins
-  s3_origins     = concat([{
-    domain_name      = module.s3_bucket.bucket_regional_domain_name
-    origin_id        = module.s3_bucket.bucket_id
-    origin_path      = null
+  s3_origins = concat([{
+    domain_name = module.s3_bucket.bucket_regional_domain_name
+    origin_id   = module.s3_bucket.bucket_id
+    origin_path = null
     s3_origin_config = {
       origin_access_identity = ""
     }
   }], local.additional_s3_origins)
-  origin_groups  = concat([{
+  origin_groups = concat([{
     primary_origin_id  = null # will get translated to the origin id of the origin created by this module.
     failover_origin_id = module.s3_bucket.bucket_id
     failover_criteria  = var.origin_group_failover_criteria_status_codes

examples/complete/s3-origins.tf

@@ -1,23 +1,23 @@
 locals {
   default_s3_origin_configuration = {
-    domain_name      = null
-    origin_id        = null
-    origin_path      = null
+    domain_name = null
+    origin_id   = null
+    origin_path = null
     s3_origin_config = {
       origin_access_identity = ""
     }
   }
-  additional_s3_origins           = var.additional_s3_origins_enabled ? [
+  additional_s3_origins = var.additional_s3_origins_enabled ? [
     merge(local.default_s3_origin_configuration, {
-      domain_name    = module.additional_s3_origin.bucket_regional_domain_name
-      origin_id      = module.additional_s3_origin.bucket_id
+      domain_name = module.additional_s3_origin.bucket_regional_domain_name
+      origin_id   = module.additional_s3_origin.bucket_id
     }),
     merge(local.default_s3_origin_configuration, {
-      domain_name    = module.additional_s3_failover_origin.bucket_regional_domain_name
-      origin_id      = module.additional_s3_failover_origin.bucket_id
+      domain_name = module.additional_s3_failover_origin.bucket_regional_domain_name
+      origin_id   = module.additional_s3_failover_origin.bucket_id
     })
   ] : []
-  additional_s3_origin_groups     = var.additional_s3_origins_enabled ? [{
+  additional_s3_origin_groups = var.additional_s3_origins_enabled ? [{
     primary_origin_id  = local.additional_s3_origins[0].origin_id
     failover_origin_id = local.additional_s3_origins[1].origin_id
     failover_criteria  = var.origin_group_failover_criteria_status_codes

examples/complete/variables.tf

@@ -22,7 +22,7 @@ variable "additional_s3_origins_enabled" {
 variable "origin_group_failover_criteria_status_codes" {
   type        = list(string)
   description = "List of HTTP Status Codes to use as the failover criteria for origin groups."
-  default     = [
+  default = [
     403,
     404,
     500,

main.tf

@@ -2,12 +2,12 @@ locals {
   enabled = module.this.enabled
 
   # Encapsulate logic here so that it is not lost/scattered among the configuration
-  website_enabled                = local.enabled && var.website_enabled
-  website_password_enabled       = local.website_enabled && var.s3_website_password_enabled
-  s3_origin_enabled              = local.enabled && ! var.website_enabled
-  create_s3_origin_bucket        = local.enabled && var.origin_bucket == null
-  s3_access_logging_enabled      = local.enabled && (var.s3_access_logging_enabled == null ? length(var.s3_access_log_bucket_name) > 0 : var.s3_access_logging_enabled)
-  create_cf_log_bucket           = local.cloudfront_access_logging_enabled && local.cloudfront_access_log_create_bucket
+  website_enabled           = local.enabled && var.website_enabled
+  website_password_enabled  = local.website_enabled && var.s3_website_password_enabled
+  s3_origin_enabled         = local.enabled && ! var.website_enabled
+  create_s3_origin_bucket   = local.enabled && var.origin_bucket == null
+  s3_access_logging_enabled = local.enabled && (var.s3_access_logging_enabled == null ? length(var.s3_access_log_bucket_name) > 0 : var.s3_access_logging_enabled)
+  create_cf_log_bucket      = local.cloudfront_access_logging_enabled && local.cloudfront_access_log_create_bucket
 
   create_cloudfront_origin_access_identity = local.enabled && length(compact([var.cloudfront_origin_access_identity_iam_arn])) == 0 # "" or null
 

variables.tf

@@ -578,7 +578,7 @@ variable "s3_website_password_enabled" {
 }
 
 variable "origin_groups" {
-  type        = list(object({
+  type = list(object({
     primary_origin_id  = string
     failover_origin_id = string
     failover_criteria  = list(string)