diff --git a/README.md b/README.md index d9bd2ebd..79f01819 100644 --- a/README.md +++ b/README.md @@ -178,6 +178,7 @@ Available targets: | cors\_expose\_headers | List of expose header in the response for S3 bucket | `list(string)` |
[
"ETag"
]
| no | | cors\_max\_age\_seconds | Time in seconds that browser can cache the response for S3 bucket | `number` | `3600` | no | | custom\_error\_response | List of one or more custom error response element maps |
list(object({
error_caching_min_ttl = string
error_code = string
response_code = string
response_page_path = string
}))
| `[]` | no | +| custom\_origins | One or more custom origins for this distribution (multiples allowed). See documentation for configuration options description https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments |
list(object({
domain_name = string
origin_id = string
origin_path = string
custom_origin_config = object({
http_port = number
https_port = number
origin_protocol_policy = string
origin_ssl_protocols = list(string)
origin_keepalive_timeout = number
origin_read_timeout = number
})
}))
| `[]` | no | | default\_root\_object | Object that CloudFront return when requests the root URL | `string` | `"index.html"` | no | | default\_ttl | Default amount of time (in seconds) that an object is in a CloudFront cache | `number` | `60` | no | | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no | @@ -206,7 +207,7 @@ Available targets: | minimum\_protocol\_version | Cloudfront TLS minimum protocol version | `string` | `"TLSv1"` | no | | name | Name (e.g. `bastion` or `app`) | `string` | n/a | yes | | namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | -| ordered\_cache | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
The fields can be described by the other variables in this file. For example, the field 'lambda\_function\_association' in this object has
a description in var.lambda\_function\_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest
of the vars in this file apply only to the default cache. |
list(object({
path_pattern = string

allowed_methods = list(string)
cached_methods = list(string)
compress = bool

viewer_protocol_policy = string
min_ttl = number
default_ttl = number
max_ttl = number

forward_query_string = bool
forward_header_values = list(string)
forward_cookies = string

lambda_function_association = list(object({
event_type = string
include_body = bool
lambda_arn = string
}))
}))
| `[]` | no | +| ordered\_cache | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
The fields can be described by the other variables in this file. For example, the field 'lambda\_function\_association' in this object has
a description in var.lambda\_function\_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest
of the vars in this file apply only to the default cache. Put value `""` on field `target_origin_id` to specify default s3 bucket origin. |
list(object({
target_origin_id = string
path_pattern = string

allowed_methods = list(string)
cached_methods = list(string)
compress = bool

viewer_protocol_policy = string
min_ttl = number
default_ttl = number
max_ttl = number

forward_query_string = bool
forward_header_values = list(string)
forward_cookies = string

lambda_function_association = list(object({
event_type = string
include_body = bool
lambda_arn = string
}))
}))
| `[]` | no | | origin\_bucket | Origin S3 bucket name | `string` | `""` | no | | origin\_force\_destroy | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`) | `bool` | `false` | no | | origin\_path | An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. It must begin with a /. Do not add a / at the end of the path. | `string` | `""` | no | diff --git a/docs/terraform.md b/docs/terraform.md index cb4f1bf7..7945c707 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -34,6 +34,7 @@ | cors\_expose\_headers | List of expose header in the response for S3 bucket | `list(string)` |
[
"ETag"
]
| no | | cors\_max\_age\_seconds | Time in seconds that browser can cache the response for S3 bucket | `number` | `3600` | no | | custom\_error\_response | List of one or more custom error response element maps |
list(object({
error_caching_min_ttl = string
error_code = string
response_code = string
response_page_path = string
}))
| `[]` | no | +| custom\_origins | One or more custom origins for this distribution (multiples allowed). See documentation for configuration options description https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments |
list(object({
domain_name = string
origin_id = string
origin_path = string
custom_origin_config = object({
http_port = number
https_port = number
origin_protocol_policy = string
origin_ssl_protocols = list(string)
origin_keepalive_timeout = number
origin_read_timeout = number
})
}))
| `[]` | no | | default\_root\_object | Object that CloudFront return when requests the root URL | `string` | `"index.html"` | no | | default\_ttl | Default amount of time (in seconds) that an object is in a CloudFront cache | `number` | `60` | no | | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no | @@ -62,7 +63,7 @@ | minimum\_protocol\_version | Cloudfront TLS minimum protocol version | `string` | `"TLSv1"` | no | | name | Name (e.g. `bastion` or `app`) | `string` | n/a | yes | | namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | -| ordered\_cache | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
The fields can be described by the other variables in this file. For example, the field 'lambda\_function\_association' in this object has
a description in var.lambda\_function\_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest
of the vars in this file apply only to the default cache. |
list(object({
path_pattern = string

allowed_methods = list(string)
cached_methods = list(string)
compress = bool

viewer_protocol_policy = string
min_ttl = number
default_ttl = number
max_ttl = number

forward_query_string = bool
forward_header_values = list(string)
forward_cookies = string

lambda_function_association = list(object({
event_type = string
include_body = bool
lambda_arn = string
}))
}))
| `[]` | no | +| ordered\_cache | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
The fields can be described by the other variables in this file. For example, the field 'lambda\_function\_association' in this object has
a description in var.lambda\_function\_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest
of the vars in this file apply only to the default cache. Put value `""` on field `target_origin_id` to specify default s3 bucket origin. |
list(object({
target_origin_id = string
path_pattern = string

allowed_methods = list(string)
cached_methods = list(string)
compress = bool

viewer_protocol_policy = string
min_ttl = number
default_ttl = number
max_ttl = number

forward_query_string = bool
forward_header_values = list(string)
forward_cookies = string

lambda_function_association = list(object({
event_type = string
include_body = bool
lambda_arn = string
}))
}))
| `[]` | no | | origin\_bucket | Origin S3 bucket name | `string` | `""` | no | | origin\_force\_destroy | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`) | `bool` | `false` | no | | origin\_path | An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. It must begin with a /. Do not add a / at the end of the path. | `string` | `""` | no | diff --git a/main.tf b/main.tf index e4e74413..ebc2119f 100644 --- a/main.tf +++ b/main.tf @@ -236,6 +236,23 @@ resource "aws_cloudfront_distribution" "default" { } } + dynamic "origin" { + for_each = var.custom_origins + content { + domain_name = origin.value.domain_name + origin_id = origin.value.origin_id + origin_path = lookup(origin.value, "origin_path", "") + custom_origin_config { + http_port = lookup(origin.value.custom_origin_config, "http_port", null) + https_port = lookup(origin.value.custom_origin_config, "https_port", null) + origin_protocol_policy = lookup(origin.value.custom_origin_config, "origin_protocol_policy", "https-only") + origin_ssl_protocols = lookup(origin.value.custom_origin_config, "origin_ssl_protocols", ["TLSv1.2"]) + origin_keepalive_timeout = lookup(origin.value.custom_origin_config, "origin_keepalive_timeout", 60) + origin_read_timeout = lookup(origin.value.custom_origin_config, "origin_read_timeout", 60) + } + } + } + viewer_certificate { acm_certificate_arn = var.acm_certificate_arn ssl_support_method = var.acm_certificate_arn == "" ? "" : "sni-only" @@ -282,7 +299,7 @@ resource "aws_cloudfront_distribution" "default" { allowed_methods = ordered_cache_behavior.value.allowed_methods cached_methods = ordered_cache_behavior.value.cached_methods - target_origin_id = module.distribution_label.id + target_origin_id = ordered_cache_behavior.value.target_origin_id == "" ? module.distribution_label.id : ordered_cache_behavior.value.target_origin_id compress = ordered_cache_behavior.value.compress trusted_signers = var.trusted_signers diff --git a/variables.tf b/variables.tf index b98f7c78..6b2bfbd9 100644 --- a/variables.tf +++ b/variables.tf @@ -386,7 +386,8 @@ variable "ipv6_enabled" { variable "ordered_cache" { type = list(object({ - path_pattern = string + target_origin_id = string + path_pattern = string allowed_methods = list(string) cached_methods = list(string) @@ -412,10 +413,28 @@ variable "ordered_cache" { An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0. The fields can be described by the other variables in this file. For example, the field 'lambda_function_association' in this object has a description in var.lambda_function_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest -of the vars in this file apply only to the default cache. +of the vars in this file apply only to the default cache. Put value `""` on field `target_origin_id` to specify default s3 bucket origin. DESCRIPTION } +variable "custom_origins" { + type = list(object({ + domain_name = string + origin_id = string + origin_path = string + custom_origin_config = object({ + http_port = number + https_port = number + origin_protocol_policy = string + origin_ssl_protocols = list(string) + origin_keepalive_timeout = number + origin_read_timeout = number + }) + })) + default = [] + description = "One or more custom origins for this distribution (multiples allowed). See documentation for configuration options description https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments" +} + variable "website_enabled" { type = bool default = false