Terraform AWS Cloudfront for s3

Fully written and tested using OpenTofu

Simple AWS Cloudfront to serve static websites from S3.

Key features

• lambda@edge function if you want to serve content in subfolders without needing to provide the index.html, for example: https://foo.bar/somepage/
• Custom error reponses

TODO:

• Add tests

Requirements

Name	Version
terraform	>= 0.13.0
aws	>= 5.0.0

Providers

Name	Version
aws	>= 5.0.0

Modules

No modules.

Resources

Name	Type
aws_cloudfront_cache_policy.this	resource
aws_cloudfront_distribution.this	resource
aws_cloudfront_function.this	resource
aws_cloudfront_origin_access_control.this	resource
aws_s3_bucket_policy.allow_cloudfront	resource
aws_cloudfront_cache_policy.managed	data source
aws_iam_policy_document.allow_cloudfront	data source

Inputs

Name	Description	Type	Default	Required
acm_certificate_arn	ACM Certificate ARN, must be us-east-1	string	n/a	yes
aliases	Alternate domain names	list(string)	null	no
allowed_methods	default cache behavior allowed methods	list(string)	[ "GET", "HEAD" ]	no
attach_s3_bucket_policy	attach a policy to s3 bucket to allow this distribution	bool	true	no
cache_policy_comment	Cache policy Comment/description	string	null	no
cache_policy_name	The cache policy name	string	null	no
cached_methods	default cache behavior cached methods	list(string)	[ "GET", "HEAD" ]	no
cloudfront_origin_description	Description for the origin	string	n/a	yes
cloudfront_origin_name	The name of the cloudfront origin	string	n/a	yes
cookies_forwarding_behavior	Whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin.	string	"none"	no
custom_cache_policy	If going to create a custom cache policy	bool	false	no
custom_edge_function_associations	Edge functions to associate with the distribution	map(object({ event_type = string function_arn = string }))	{}	no
custom_error_responses	Custom error response definitions	list(object({ error_caching_min_ttl = optional(number) error_code = optional(number) response_code = optional(number) response_page_path = optional(string) }))	null	no
default_root_object	The default website root object	string	null	no
default_ttl	Default cache ttl	number	1800	no
enable_cloudfront_origin_access_control	enable/disable cloudfront origin access control	bool	true	no
enable_distribution	Enables the cf distributuion	bool	true	no
enable_ipv6	Enables ipv6 for the cloudfront distributuion	bool	true	no
enable_noindex_function	Enables lambda@edge function to serve files inside subfolders	bool	true	no
geo_restriction_locations	locations to apply restrictions to	list(string)	[]	no
geo_restriction_type	whitelist/blacklist	string	"none"	no
headers_forwarding_behavior	Whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin	string	"none"	no
managed_cache_policy_name	The default cache policy name	string	null	no
max_ttl	Max cache ttl	number	3600	no
min_ttl	Min cache ttl	number	0	no
origin_access_identity	CloudFront S3 origin configuration information	string	null	no
price_class	Price class for this distribution	string	"PriceClass_All"	no
query_string_forwarding_behavior	Whether URL query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin	string	"none"	no
s3_bucket_id	Name of s3 bucket	string	n/a	yes
s3_objects	The s3 onjects to allow access to ARN/objects	list(any)	n/a	yes
s3_origin_id	unique origin id	string	"s3Website"	no
s3_origin_path	objects origin path if using subfolders	string	null	no
s3_regional_domain_name	The regional domain name of the bucket	string	n/a	yes
ssl_support_method	SSL support method to be used	string	"sni-only"	no
tls_minimum_protocol_version	Minimum TLS version	string	"TLSv1.2_2021"	no
viewer_protocol_policy	specify the protocol that users can use to access the files in the origin	string	"redirect-to-https"	no

Outputs

No outputs.