From 43f75b83217c1219fbde2e35651f02910f5e849c Mon Sep 17 00:00:00 2001 From: Konrad Obal Date: Thu, 26 Mar 2020 15:47:03 +0100 Subject: [PATCH 1/2] feat: Allow specifing custom origins --- README.md | 3 ++- docs/terraform.md | 3 ++- main.tf | 19 ++++++++++++++++++- variables.tf | 23 +++++++++++++++++++++-- 4 files changed, 43 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index aedee66c..a4126d67 100644 --- a/README.md +++ b/README.md @@ -161,6 +161,7 @@ Available targets: | cors_expose_headers | List of expose header in the response for S3 bucket | list(string) | `` | no | | cors_max_age_seconds | Time in seconds that browser can cache the response for S3 bucket | number | `3600` | no | | custom_error_response | List of one or more custom error response element maps | object | `` | no | +| custom_origins | One or more custom origins for this distribution (multiples allowed). See documentation for configuration options description https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments | object | `` | no | | default_root_object | Object that CloudFront return when requests the root URL | string | `index.html` | no | | default_ttl | Default amount of time (in seconds) that an object is in a CloudFront cache | number | `60` | no | | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no | @@ -188,7 +189,7 @@ Available targets: | minimum_protocol_version | Cloudfront TLS minimum protocol version | string | `TLSv1` | no | | name | Name (e.g. `bastion` or `app`) | string | - | yes | | namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | -| ordered_cache | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0. The fields can be described by the other variables in this file. For example, the field 'lambda_function_association' in this object has a description in var.lambda_function_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest of the vars in this file apply only to the default cache. | object | `` | no | +| ordered_cache | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0. The fields can be described by the other variables in this file. For example, the field 'lambda_function_association' in this object has a description in var.lambda_function_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest of the vars in this file apply only to the default cache. Put value `""` on field `target_origin_id` to specify default s3 bucket origin. | object | `` | no | | origin_bucket | Origin S3 bucket name | string | `` | no | | origin_force_destroy | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`) | bool | `false` | no | | origin_path | An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. It must begin with a /. Do not add a / at the end of the path. | string | `` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 79ffb02c..b55df4e6 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -17,6 +17,7 @@ | cors_expose_headers | List of expose header in the response for S3 bucket | list(string) | `` | no | | cors_max_age_seconds | Time in seconds that browser can cache the response for S3 bucket | number | `3600` | no | | custom_error_response | List of one or more custom error response element maps | object | `` | no | +| custom_origins | One or more custom origins for this distribution (multiples allowed). See documentation for configuration options description https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments | object | `` | no | | default_root_object | Object that CloudFront return when requests the root URL | string | `index.html` | no | | default_ttl | Default amount of time (in seconds) that an object is in a CloudFront cache | number | `60` | no | | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no | @@ -44,7 +45,7 @@ | minimum_protocol_version | Cloudfront TLS minimum protocol version | string | `TLSv1` | no | | name | Name (e.g. `bastion` or `app`) | string | - | yes | | namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | -| ordered_cache | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0. The fields can be described by the other variables in this file. For example, the field 'lambda_function_association' in this object has a description in var.lambda_function_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest of the vars in this file apply only to the default cache. | object | `` | no | +| ordered_cache | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0. The fields can be described by the other variables in this file. For example, the field 'lambda_function_association' in this object has a description in var.lambda_function_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest of the vars in this file apply only to the default cache. Put value `""` on field `target_origin_id` to specify default s3 bucket origin. | object | `` | no | | origin_bucket | Origin S3 bucket name | string | `` | no | | origin_force_destroy | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`) | bool | `false` | no | | origin_path | An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. It must begin with a /. Do not add a / at the end of the path. | string | `` | no | diff --git a/main.tf b/main.tf index 78f9924b..b397d2c6 100644 --- a/main.tf +++ b/main.tf @@ -232,6 +232,23 @@ resource "aws_cloudfront_distribution" "default" { } } + dynamic "origin" { + for_each = var.custom_origins + content { + domain_name = origin.value.domain_name + origin_id = origin.value.origin_id + origin_path = lookup(origin.value, "origin_path", "") + custom_origin_config { + http_port = lookup(origin.value.custom_origin_config, "http_port", null) + https_port = lookup(origin.value.custom_origin_config, "https_port", null) + origin_protocol_policy = lookup(origin.value.custom_origin_config, "origin_protocol_policy", "https-only") + origin_ssl_protocols = lookup(origin.value.custom_origin_config, "origin_ssl_protocols", ["TLSv1.2"]) + origin_keepalive_timeout = lookup(origin.value.custom_origin_config, "origin_keepalive_timeout", 60) + origin_read_timeout = lookup(origin.value.custom_origin_config, "origin_read_timeout", 60) + } + } + } + viewer_certificate { acm_certificate_arn = var.acm_certificate_arn ssl_support_method = var.acm_certificate_arn == "" ? "" : "sni-only" @@ -278,7 +295,7 @@ resource "aws_cloudfront_distribution" "default" { allowed_methods = ordered_cache_behavior.value.allowed_methods cached_methods = ordered_cache_behavior.value.cached_methods - target_origin_id = module.distribution_label.id + target_origin_id = ordered_cache_behavior.value.target_origin_id == "" ? module.distribution_label.id : ordered_cache_behavior.value.target_origin_id compress = ordered_cache_behavior.value.compress trusted_signers = var.trusted_signers diff --git a/variables.tf b/variables.tf index e3a70748..180816da 100644 --- a/variables.tf +++ b/variables.tf @@ -380,7 +380,8 @@ variable "ipv6_enabled" { variable "ordered_cache" { type = list(object({ - path_pattern = string + target_origin_id = string + path_pattern = string allowed_methods = list(string) cached_methods = list(string) @@ -406,10 +407,28 @@ variable "ordered_cache" { An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0. The fields can be described by the other variables in this file. For example, the field 'lambda_function_association' in this object has a description in var.lambda_function_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest -of the vars in this file apply only to the default cache. +of the vars in this file apply only to the default cache. Put value `""` on field `target_origin_id` to specify default s3 bucket origin. DESCRIPTION } +variable "custom_origins" { + type = list(object({ + domain_name = string + origin_id = string + origin_path = string + custom_origin_config = object({ + http_port = number + https_port = number + origin_protocol_policy = string + origin_ssl_protocols = list(string) + origin_keepalive_timeout = number + origin_read_timeout = number + }) + })) + default = [] + description = "One or more custom origins for this distribution (multiples allowed). See documentation for configuration options description https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments" +} + variable "website_enabled" { type = bool default = false From f579d71c5a418c778e83a7727bc35cb5cb83ca6a Mon Sep 17 00:00:00 2001 From: actions-bot <58130806+actions-bot@users.noreply.github.com> Date: Sat, 27 Jun 2020 18:00:49 +0000 Subject: [PATCH 2/2] Updated README.md --- README.md | 3 ++- docs/terraform.md | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d9bd2ebd..79f01819 100644 --- a/README.md +++ b/README.md @@ -178,6 +178,7 @@ Available targets: | cors\_expose\_headers | List of expose header in the response for S3 bucket | `list(string)` |
[
"ETag"
]
| no | | cors\_max\_age\_seconds | Time in seconds that browser can cache the response for S3 bucket | `number` | `3600` | no | | custom\_error\_response | List of one or more custom error response element maps |
list(object({
error_caching_min_ttl = string
error_code = string
response_code = string
response_page_path = string
}))
| `[]` | no | +| custom\_origins | One or more custom origins for this distribution (multiples allowed). See documentation for configuration options description https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments |
list(object({
domain_name = string
origin_id = string
origin_path = string
custom_origin_config = object({
http_port = number
https_port = number
origin_protocol_policy = string
origin_ssl_protocols = list(string)
origin_keepalive_timeout = number
origin_read_timeout = number
})
}))
| `[]` | no | | default\_root\_object | Object that CloudFront return when requests the root URL | `string` | `"index.html"` | no | | default\_ttl | Default amount of time (in seconds) that an object is in a CloudFront cache | `number` | `60` | no | | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no | @@ -206,7 +207,7 @@ Available targets: | minimum\_protocol\_version | Cloudfront TLS minimum protocol version | `string` | `"TLSv1"` | no | | name | Name (e.g. `bastion` or `app`) | `string` | n/a | yes | | namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | -| ordered\_cache | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
The fields can be described by the other variables in this file. For example, the field 'lambda\_function\_association' in this object has
a description in var.lambda\_function\_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest
of the vars in this file apply only to the default cache. |
list(object({
path_pattern = string

allowed_methods = list(string)
cached_methods = list(string)
compress = bool

viewer_protocol_policy = string
min_ttl = number
default_ttl = number
max_ttl = number

forward_query_string = bool
forward_header_values = list(string)
forward_cookies = string

lambda_function_association = list(object({
event_type = string
include_body = bool
lambda_arn = string
}))
}))
| `[]` | no | +| ordered\_cache | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
The fields can be described by the other variables in this file. For example, the field 'lambda\_function\_association' in this object has
a description in var.lambda\_function\_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest
of the vars in this file apply only to the default cache. Put value `""` on field `target_origin_id` to specify default s3 bucket origin. |
list(object({
target_origin_id = string
path_pattern = string

allowed_methods = list(string)
cached_methods = list(string)
compress = bool

viewer_protocol_policy = string
min_ttl = number
default_ttl = number
max_ttl = number

forward_query_string = bool
forward_header_values = list(string)
forward_cookies = string

lambda_function_association = list(object({
event_type = string
include_body = bool
lambda_arn = string
}))
}))
| `[]` | no | | origin\_bucket | Origin S3 bucket name | `string` | `""` | no | | origin\_force\_destroy | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`) | `bool` | `false` | no | | origin\_path | An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. It must begin with a /. Do not add a / at the end of the path. | `string` | `""` | no | diff --git a/docs/terraform.md b/docs/terraform.md index cb4f1bf7..7945c707 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -34,6 +34,7 @@ | cors\_expose\_headers | List of expose header in the response for S3 bucket | `list(string)` |
[
"ETag"
]
| no | | cors\_max\_age\_seconds | Time in seconds that browser can cache the response for S3 bucket | `number` | `3600` | no | | custom\_error\_response | List of one or more custom error response element maps |
list(object({
error_caching_min_ttl = string
error_code = string
response_code = string
response_page_path = string
}))
| `[]` | no | +| custom\_origins | One or more custom origins for this distribution (multiples allowed). See documentation for configuration options description https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments |
list(object({
domain_name = string
origin_id = string
origin_path = string
custom_origin_config = object({
http_port = number
https_port = number
origin_protocol_policy = string
origin_ssl_protocols = list(string)
origin_keepalive_timeout = number
origin_read_timeout = number
})
}))
| `[]` | no | | default\_root\_object | Object that CloudFront return when requests the root URL | `string` | `"index.html"` | no | | default\_ttl | Default amount of time (in seconds) that an object is in a CloudFront cache | `number` | `60` | no | | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no | @@ -62,7 +63,7 @@ | minimum\_protocol\_version | Cloudfront TLS minimum protocol version | `string` | `"TLSv1"` | no | | name | Name (e.g. `bastion` or `app`) | `string` | n/a | yes | | namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | -| ordered\_cache | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
The fields can be described by the other variables in this file. For example, the field 'lambda\_function\_association' in this object has
a description in var.lambda\_function\_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest
of the vars in this file apply only to the default cache. |
list(object({
path_pattern = string

allowed_methods = list(string)
cached_methods = list(string)
compress = bool

viewer_protocol_policy = string
min_ttl = number
default_ttl = number
max_ttl = number

forward_query_string = bool
forward_header_values = list(string)
forward_cookies = string

lambda_function_association = list(object({
event_type = string
include_body = bool
lambda_arn = string
}))
}))
| `[]` | no | +| ordered\_cache | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
The fields can be described by the other variables in this file. For example, the field 'lambda\_function\_association' in this object has
a description in var.lambda\_function\_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest
of the vars in this file apply only to the default cache. Put value `""` on field `target_origin_id` to specify default s3 bucket origin. |
list(object({
target_origin_id = string
path_pattern = string

allowed_methods = list(string)
cached_methods = list(string)
compress = bool

viewer_protocol_policy = string
min_ttl = number
default_ttl = number
max_ttl = number

forward_query_string = bool
forward_header_values = list(string)
forward_cookies = string

lambda_function_association = list(object({
event_type = string
include_body = bool
lambda_arn = string
}))
}))
| `[]` | no | | origin\_bucket | Origin S3 bucket name | `string` | `""` | no | | origin\_force\_destroy | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`) | `bool` | `false` | no | | origin\_path | An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. It must begin with a /. Do not add a / at the end of the path. | `string` | `""` | no |