Add TravisCI. Fix CloudFront default certificate (#11)

* terraform fmt * Update `cloudfront_default_certificate` attribute * Add TravisCI * Update `README` * Update `README` * terraform fmt
cloudposse · Feb 17, 2018 · c3aea8a · c3aea8a
1 parent 07fae50
commit c3aea8a
Show file tree

Hide file tree

Showing 7 changed files with 50 additions and 8 deletions.
diff --git a/.gitignore b/.gitignore
@@ -6,3 +6,5 @@
 .terraform/
 
 .idea
+*.iml
+
diff --git a/.travis.yml b/.travis.yml
@@ -0,0 +1,16 @@
+addons:
+  apt:
+    packages:
+      - git
+      - make
+      - curl
+
+install:
+  - make init
+
+script:
+  - make terraform:install
+  - make terraform:get-plugins
+  - make terraform:get-modules
+  - make terraform:lint
+  - make terraform:validate
diff --git a/LICENSE b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2017 Cloud Posse, LLC
+   Copyright 2017-2018 Cloud Posse, LLC
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

diff --git a/Makefile b/Makefile
@@ -0,0 +1,6 @@
+SHELL := /bin/bash
+
+-include $(shell curl -sSL -o .build-harness "https://git.io/build-harness"; echo .build-harness)
+
+lint:
+	$(SELF) terraform:install terraform:get-modules terraform:get-plugins terraform:lint terraform:validate
diff --git a/README.md b/README.md
@@ -1,7 +1,8 @@
-# terraform-aws-cloudfront-s3-cdn
+# terraform-aws-cloudfront-s3-cdn [![Build Status](https://travis-ci.org/cloudposse/terraform-aws-cloudfront-s3-cdn.svg?branch=master)](https://travis-ci.org/cloudposse/terraform-aws-cloudfront-s3-cdn)
 
 Terraform module to easily provision an AWS CloudFront CDN with an S3 or custom origin.
 
+
 ## Usage
 
 ```hcl
@@ -15,6 +16,7 @@ module "cdn" {
 }
 ```
 
+
 ### Generating ACM Certificate
 
 Use the AWS cli to [request new ACM certifiates](http://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request.html) (requires email validation)
@@ -23,6 +25,21 @@ aws acm request-certificate --domain-name example.com --subject-alternative-name
 ```
 
 
+
+__NOTE__:
+
+Although AWS Certificate Manager is supported in many AWS regions, to use an SSL certificate with CloudFront, it should be requested only in US East (N. Virginia) region.
+
+https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html
+> If you want to require HTTPS between viewers and CloudFront, you must change the AWS region to US East (N. Virginia) in the AWS Certificate Manager console before you request or import a certificate.
+
+https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html
+> To use an ACM Certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region. ACM Certificates in this region that are associated with a CloudFront distribution are distributed to all the geographic locations configured for that distribution.
+
+This is a fundamental requirement of CloudFront, and you will need to request the certificate in `us-east-1` region.
+
+
+
 ## Variables
 
 |  Name                          |  Default               |  Description                                                                                                                                                      | Required |

diff --git a/main.tf b/main.tf
@@ -49,10 +49,10 @@ resource "aws_s3_bucket_policy" "default" {
 }
 
 resource "aws_s3_bucket" "origin" {
-  count  = "${signum(length(var.origin_bucket)) == 1 ? 0 : 1}"
-  bucket = "${module.origin_label.id}"
-  acl    = "private"
-  tags   = "${module.origin_label.tags}"
+  count         = "${signum(length(var.origin_bucket)) == 1 ? 0 : 1}"
+  bucket        = "${module.origin_label.id}"
+  acl           = "private"
+  tags          = "${module.origin_label.tags}"
   force_destroy = "${var.origin_force_destroy}"
 
   cors_rule {
@@ -128,7 +128,7 @@ resource "aws_cloudfront_distribution" "default" {
     acm_certificate_arn            = "${var.acm_certificate_arn}"
     ssl_support_method             = "sni-only"
     minimum_protocol_version       = "TLSv1"
-    cloudfront_default_certificate = "${var.acm_certificate_arn == "" ? 1 : 0}"
+    cloudfront_default_certificate = "${var.acm_certificate_arn == "" ? true : false}"
   }
 
   default_cache_behavior {

diff --git a/variables.tf b/variables.tf
@@ -3,6 +3,7 @@ variable "namespace" {}
 variable "stage" {}
 
 variable "tags" {
+  type    = "map"
   default = {}
 }
 
@@ -32,7 +33,7 @@ variable "origin_bucket" {
 variable "origin_path" {
   # http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginPath
   description = "(Optional) - An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. It must begin with a /. Do not add a / at the end of the path."
-  default = ""
+  default     = ""
 }
 
 variable "origin_force_destroy" {