From bda2f3f2a2890a6f498dcaf6b96d6c7d2f7f0e7e Mon Sep 17 00:00:00 2001 From: Jamie Nelson Date: Tue, 28 Aug 2018 16:17:54 +0100 Subject: [PATCH] Forwarded headers are needed when using CORS on S3 from cloudfront (#25) * Forwarded headers are needed when using CORS on S3 from cloudfront * lint * Moved the forwarded header values into a var --- README.md | 4 +++- docs/targets.md | 3 ++- docs/terraform.md | 1 + example/main.tf | 4 ++++ main.tf | 1 + variables.tf | 6 ++++++ 6 files changed, 17 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ac4dd300..a21bc518 100644 --- a/README.md +++ b/README.md @@ -73,8 +73,9 @@ Then you can use this method for supressing the superfluous errors. ``` Available targets: - help This help screen + help Help screen help/all Display help for all targets + help/short This help short screen lint Lint terraform code ``` @@ -101,6 +102,7 @@ Available targets: | delimiter | Delimiter to be used between `name`, `namespace`, `stage`, etc. | string | `-` | no | | enabled | Select Enabled if you want CloudFront to begin processing requests as soon as the distribution is created, or select Disabled if you do not want CloudFront to begin processing requests after the distribution is created. | string | `true` | no | | forward_cookies | Time in seconds that browser can cache the response for S3 bucket | string | `none` | no | +| forward_header_values | A list of whitelisted header values to forward to the origin | list | `` | no | | forward_query_string | Forward query strings to the origin that is associated with this cache behavior | string | `false` | no | | geo_restriction_locations | List of country codes for which CloudFront either to distribute content (whitelist) or not distribute your content (blacklist) | list | `` | no | | geo_restriction_type | Method that use to restrict distribution of your content by country: `none`, `whitelist`, or `blacklist` | string | `none` | no | diff --git a/docs/targets.md b/docs/targets.md index 09c39cd6..3d4be2a7 100644 --- a/docs/targets.md +++ b/docs/targets.md @@ -2,8 +2,9 @@ ``` Available targets: - help This help screen + help Help screen help/all Display help for all targets + help/short This help short screen lint Lint terraform code ``` diff --git a/docs/terraform.md b/docs/terraform.md index 57fce106..8101fd77 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -21,6 +21,7 @@ | delimiter | Delimiter to be used between `name`, `namespace`, `stage`, etc. | string | `-` | no | | enabled | Select Enabled if you want CloudFront to begin processing requests as soon as the distribution is created, or select Disabled if you do not want CloudFront to begin processing requests after the distribution is created. | string | `true` | no | | forward_cookies | Time in seconds that browser can cache the response for S3 bucket | string | `none` | no | +| forward_header_values | A list of whitelisted header values to forward to the origin | list | `` | no | | forward_query_string | Forward query strings to the origin that is associated with this cache behavior | string | `false` | no | | geo_restriction_locations | List of country codes for which CloudFront either to distribute content (whitelist) or not distribute your content (blacklist) | list | `` | no | | geo_restriction_type | Method that use to restrict distribution of your content by country: `none`, `whitelist`, or `blacklist` | string | `none` | no | diff --git a/example/main.tf b/example/main.tf index 74564f82..a02f436e 100644 --- a/example/main.tf +++ b/example/main.tf @@ -12,6 +12,10 @@ module "cdn" { parent_zone_id = "${aws_route53_zone.primary.zone_id}" use_regional_s3_endpoint = "true" origin_force_destroy = "true" + cors_allowed_headers = ["*"] + cors_allowed_methods = ["GET", "HEAD", "PUT"] + cors_allowed_origins = ["*.cloudposse.com"] + cors_expose_headers = ["ETag"] } resource "aws_s3_bucket_object" "index" { diff --git a/main.tf b/main.tf index f2115592..5ed03ead 100644 --- a/main.tf +++ b/main.tf @@ -144,6 +144,7 @@ resource "aws_cloudfront_distribution" "default" { forwarded_values { query_string = "${var.forward_query_string}" + headers = ["${var.forward_header_values}"] cookies { forward = "${var.forward_cookies}" diff --git a/variables.tf b/variables.tf index 662ff225..cc555ecf 100644 --- a/variables.tf +++ b/variables.tf @@ -163,6 +163,12 @@ variable "forward_cookies" { description = "Time in seconds that browser can cache the response for S3 bucket" } +variable "forward_header_values" { + type = "list" + description = "A list of whitelisted header values to forward to the origin" + default = ["Access-Control-Request-Headers", "Access-Control-Request-Method", "Origin"] +} + variable "price_class" { default = "PriceClass_100" description = "Price class for this distribution: `PriceClass_All`, `PriceClass_200`, `PriceClass_100`"