diff --git a/modules/cloudfront/README.md b/modules/cloudfront/README.md
index 1033b79c..fdc3949e 100644
--- a/modules/cloudfront/README.md
+++ b/modules/cloudfront/README.md
@@ -153,6 +153,7 @@ module "cloudfront" {
| Name | Source | Version |
|------|--------|---------|
| [aws-cloudfront-security-headers](#module\_aws-cloudfront-security-headers) | ../aws-cloudfront-security-headers | n/a |
+| [aws-cloudfront-security-headers-policy](#module\_aws-cloudfront-security-headers-policy) | ./modules/response_headers/ | n/a |
## Resources
@@ -165,32 +166,36 @@ module "cloudfront" {
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [acm\_cert\_arn](#input\_acm\_cert\_arn) | ACM certificate arn. | `string` | `""` | no |
+| [cache\_policy\_id](#input\_cache\_policy\_id) | Unique identifier of the cache policy that is attached to the cache behavior | `string` | `""` | no |
| [cloudfront\_default\_certificate](#input\_cloudfront\_default\_certificate) | true if you want viewers to use HTTPS to request your objects and you're using the CloudFront domain name for your distribution. | `bool` | `true` | no |
+| [comment](#input\_comment) | Comment for CloudFront | `string` | `""` | no |
| [connection\_attempts](#input\_connection\_attempts) | The number of times that CloudFront attempts to connect to the origin. | `number` | `3` | no |
| [connection\_timeout](#input\_connection\_timeout) | The number of seconds that CloudFront waits when trying to establish a connection to the origin. | `number` | `10` | no |
| [create\_lambda\_security\_headers](#input\_create\_lambda\_security\_headers) | Whether to create and attach a labda function to the distribution or not. | `bool` | `false` | no |
-| [custom\_origin\_config](#input\_custom\_origin\_config) | n/a | `map` | {
"http_port": 80,
"https_port": 443,
"origin_keepalive_timeout": 5,
"origin_protocol_policy": "http-only",
"origin_read_timeout": 30,
"origin_ssl_protocols": [
"TLSv1",
"TLSv1.1",
"TLSv1.2"
]
} | no |
-| [default\_allowed\_methods](#input\_default\_allowed\_methods) | Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. | `list(string)` | [
"DELETE",
"GET",
"HEAD",
"OPTIONS",
"PATCH",
"POST",
"PUT"
]
| no |
-| [default\_cached\_methods](#input\_default\_cached\_methods) | Controls whether CloudFront caches the response to requests using the specified HTTP methods. | `list(string)` | [
"GET",
"HEAD"
]
| no |
+| [create\_response\_headers\_policy](#input\_create\_response\_headers\_policy) | Create cloudfront custom header policy | object({
enabled = optional(bool, false)
name = optional(string, "custom_response_headers")
security_headers = object({
frame_options = optional(string)
})
}) | {
"enabled": false,
"name": "custom_response_headers",
"security_headers": {}
} | no |
+| [custom\_origin\_config](#input\_custom\_origin\_config) | n/a | `map` | {
"http_port": 80,
"https_port": 443,
"origin_keepalive_timeout": 5,
"origin_protocol_policy": "http-only",
"origin_read_timeout": 30,
"origin_ssl_protocols": [
"TLSv1",
"TLSv1.1",
"TLSv1.2"
]
} | no |
+| [default\_allowed\_methods](#input\_default\_allowed\_methods) | Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. | `list(string)` | [
"DELETE",
"GET",
"HEAD",
"OPTIONS",
"PATCH",
"POST",
"PUT"
]
| no |
+| [default\_cached\_methods](#input\_default\_cached\_methods) | Controls whether CloudFront caches the response to requests using the specified HTTP methods. | `list(string)` | [
"GET",
"HEAD"
]
| no |
| [default\_compress](#input\_default\_compress) | Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header. | `bool` | `true` | no |
| [default\_default\_ttl](#input\_default\_default\_ttl) | The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. | `number` | `0` | no |
| [default\_max\_ttl](#input\_default\_max\_ttl) | The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. | `number` | `0` | no |
| [default\_min\_ttl](#input\_default\_min\_ttl) | The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. | `number` | `0` | no |
-| [default\_root\_object](#input\_default\_root\_object) | The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. | `string` | `"/index.html"` | no |
+| [default\_root\_object](#input\_default\_root\_object) | The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. | `string` | `"index.html"` | no |
| [default\_smooth\_streaming](#input\_default\_smooth\_streaming) | Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. | `bool` | `false` | no |
| [default\_target\_origin\_id](#input\_default\_target\_origin\_id) | The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior. | `string` | n/a | yes |
| [default\_viewer\_protocol\_policy](#input\_default\_viewer\_protocol\_policy) | Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https. | `string` | `"allow-all"` | no |
| [domain\_names](#input\_domain\_names) | The list of domain names (aliases) for which cloudfront will used for | `list(string)` | n/a | yes |
| [enabled](#input\_enabled) | Whether the distribution is enabled to accept end user requests for content. | `bool` | `true` | no |
-| [function\_associations](#input\_function\_associations) | A list of Cloudfront function associations. | list(object({
event_type = string
function_arn = string
})) | `[]` | no |
+| [forwarded\_values](#input\_forwarded\_values) | Origin Forwarded value | object({
query_string = optional(bool, false)
headers = optional(list(string), ["Origin"])
forward = optional(string, "none")
}) | {
"forward": "none",
"headers": [
"Origin"
],
"query_string": false
} | no |
+| [function\_associations](#input\_function\_associations) | A list of Cloudfront function associations. | list(object({
event_type = string
function_arn = string
})) | `[]` | no |
| [http\_port](#input\_http\_port) | The HTTP port the custom origin listens on. | `number` | `80` | no |
| [https\_port](#input\_https\_port) | The HTTPS port the custom origin listens on. | `number` | `443` | no |
| [is\_ipv6\_enabled](#input\_is\_ipv6\_enabled) | Whether the IPv6 is enabled for the distribution. | `bool` | `true` | no |
| [lambda\_function\_body](#input\_lambda\_function\_body) | When set to true it exposes the request body to the lambda function. Valid values: true, false. | `bool` | `false` | no |
-| [logging\_config](#input\_logging\_config) | n/a | object({
enabled = optional(bool, false)
bucket = string
prefix = optional(string, "/")
include_cookies = optional(bool, false)
}) | {
"bucket": null,
"enable": false
} | no |
+| [logging\_config](#input\_logging\_config) | n/a | object({
enabled = optional(bool, false)
bucket = string
prefix = optional(string, "/")
include_cookies = optional(bool, false)
}) | {
"bucket": null,
"enable": false
} | no |
| [minimum\_protocol\_version](#input\_minimum\_protocol\_version) | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. | `string` | `"TLSv1"` | no |
-| [ordered\_allowed\_methods](#input\_ordered\_allowed\_methods) | n/a | `list(string)` | [
"GET",
"HEAD",
"OPTIONS"
]
| no |
-| [ordered\_cached\_methods](#input\_ordered\_cached\_methods) | n/a | `list(string)` | [
"GET",
"HEAD"
]
| no |
+| [ordered\_allowed\_methods](#input\_ordered\_allowed\_methods) | n/a | `list(string)` | [
"GET",
"HEAD",
"OPTIONS"
]
| no |
+| [ordered\_cached\_methods](#input\_ordered\_cached\_methods) | n/a | `list(string)` | [
"GET",
"HEAD"
]
| no |
| [ordered\_compress](#input\_ordered\_compress) | n/a | `bool` | `true` | no |
| [ordered\_default\_ttl](#input\_ordered\_default\_ttl) | n/a | `number` | `0` | no |
| [ordered\_max\_ttl](#input\_ordered\_max\_ttl) | n/a | `number` | `0` | no |
@@ -200,7 +205,7 @@ module "cloudfront" {
| [origin\_keepalive\_timeout](#input\_origin\_keepalive\_timeout) | The Custom KeepAlive timeout, in seconds. | `number` | `5` | no |
| [origin\_protocol\_policy](#input\_origin\_protocol\_policy) | The origin protocol policy to apply to your origin. | `string` | `"http-only"` | no |
| [origin\_read\_timeout](#input\_origin\_read\_timeout) | The Custom Read timeout, in seconds. | `number` | `30` | no |
-| [origin\_ssl\_protocols](#input\_origin\_ssl\_protocols) | The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. | `list(string)` | [
"TLSv1",
"TLSv1.1",
"TLSv1.2"
]
| no |
+| [origin\_ssl\_protocols](#input\_origin\_ssl\_protocols) | The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. | `list(string)` | [
"TLSv1",
"TLSv1.1",
"TLSv1.2"
]
| no |
| [origins](#input\_origins) | Targets, types and custom\_origin\_config block are needed to create new origins. | `list(any)` | n/a | yes |
| [price\_class](#input\_price\_class) | The price class for this distribution. | `string` | `"PriceClass_All"` | no |
| [restriction\_type](#input\_restriction\_type) | The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist. | `string` | `"none"` | no |
diff --git a/modules/cloudfront/distribution.tf b/modules/cloudfront/distribution.tf
index 99a270b0..ccb97045 100644
--- a/modules/cloudfront/distribution.tf
+++ b/modules/cloudfront/distribution.tf
@@ -16,6 +16,7 @@ locals {
resource "aws_cloudfront_distribution" "main" {
aliases = var.domain_names
+ comment = var.comment
enabled = var.enabled
is_ipv6_enabled = var.is_ipv6_enabled
price_class = var.price_class
@@ -42,21 +43,27 @@ resource "aws_cloudfront_distribution" "main" {
cached_methods = var.default_cached_methods
compress = var.default_compress
default_ttl = var.default_default_ttl
+ cache_policy_id = var.cache_policy_id
- forwarded_values {
- query_string = false
- headers = ["Origin"]
+ dynamic "forwarded_values" {
+ for_each = var.cache_policy_id == "" ? [var.forwarded_values] : []
- cookies {
- forward = "none"
+ content {
+ query_string = forwarded_values.value.query_string
+ headers = forwarded_values.value.headers
+
+ cookies {
+ forward = forwarded_values.value.forward
+ }
}
}
- max_ttl = var.default_max_ttl
- min_ttl = var.default_min_ttl
- smooth_streaming = var.default_smooth_streaming
- target_origin_id = var.default_target_origin_id
- viewer_protocol_policy = var.default_viewer_protocol_policy
+ max_ttl = var.default_max_ttl
+ min_ttl = var.default_min_ttl
+ smooth_streaming = var.default_smooth_streaming
+ target_origin_id = var.default_target_origin_id
+ response_headers_policy_id = var.create_response_headers_policy.enabled ? module.aws-cloudfront-security-headers-policy[0].id : null
+ viewer_protocol_policy = var.default_viewer_protocol_policy
dynamic "lambda_function_association" {
for_each = module.aws-cloudfront-security-headers
@@ -76,7 +83,6 @@ resource "aws_cloudfront_distribution" "main" {
function_arn = function_association.value.function_arn
}
}
-
}
dynamic "ordered_cache_behavior" {
@@ -88,21 +94,35 @@ resource "aws_cloudfront_distribution" "main" {
compress = var.ordered_compress
default_ttl = var.ordered_default_ttl
max_ttl = var.ordered_max_ttl
+ cache_policy_id = var.cache_policy_id
- forwarded_values {
- query_string = false
- headers = ["Origin"]
+ dynamic "forwarded_values" {
+ for_each = var.cache_policy_id == "" ? [var.forwarded_values] : []
- cookies {
- forward = "none"
+ content {
+ query_string = forwarded_values.value.query_string
+ headers = forwarded_values.value.headers
+
+ cookies {
+ forward = forwarded_values.value.forward
+ }
}
}
- min_ttl = var.ordered_min_ttl
- path_pattern = ordered_cache_behavior.value.pattern
- smooth_streaming = var.ordered_smooth_streaming
- target_origin_id = ordered_cache_behavior.value.target
- viewer_protocol_policy = var.ordered_viewer_protocol_policy
+ min_ttl = var.ordered_min_ttl
+ path_pattern = ordered_cache_behavior.value.pattern
+ smooth_streaming = var.ordered_smooth_streaming
+ target_origin_id = ordered_cache_behavior.value.target
+ viewer_protocol_policy = var.ordered_viewer_protocol_policy
+ response_headers_policy_id = var.create_response_headers_policy.enabled ? module.aws-cloudfront-security-headers-policy[0].id : null
+ dynamic "function_association" {
+ for_each = var.function_associations
+
+ content {
+ event_type = function_association.value.event_type
+ function_arn = function_association.value.function_arn
+ }
+ }
}
}
diff --git a/modules/cloudfront/modules/cloudfront_functions/README.md b/modules/cloudfront/modules/cloudfront_functions/README.md
new file mode 100644
index 00000000..204deb8b
--- /dev/null
+++ b/modules/cloudfront/modules/cloudfront_functions/README.md
@@ -0,0 +1,39 @@
+# cloudfront_functions
+
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_cloudfront_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_function) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [code](#input\_code) | Function code | `any` | n/a | yes |
+| [comment](#input\_comment) | Function comment | `string` | `""` | no |
+| [name](#input\_name) | Function name | `string` | n/a | yes |
+| [publish](#input\_publish) | Function Publish | `bool` | `true` | no |
+| [runtime](#input\_runtime) | Function runtime | `string` | `"cloudfront-js-1.0"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [arn](#output\_arn) | n/a |
+
diff --git a/modules/cloudfront/modules/cloudfront_functions/main.tf b/modules/cloudfront/modules/cloudfront_functions/main.tf
new file mode 100644
index 00000000..cfa70d17
--- /dev/null
+++ b/modules/cloudfront/modules/cloudfront_functions/main.tf
@@ -0,0 +1,7 @@
+resource "aws_cloudfront_function" "this" {
+ name = var.name
+ runtime = var.runtime
+ comment = var.comment
+ publish = var.publish
+ code = var.code
+}
diff --git a/modules/cloudfront/modules/cloudfront_functions/output.tf b/modules/cloudfront/modules/cloudfront_functions/output.tf
new file mode 100644
index 00000000..d0c3766e
--- /dev/null
+++ b/modules/cloudfront/modules/cloudfront_functions/output.tf
@@ -0,0 +1,3 @@
+output "arn" {
+ value = aws_cloudfront_function.this.arn
+}
diff --git a/modules/cloudfront/modules/cloudfront_functions/tests/basic/README.md b/modules/cloudfront/modules/cloudfront_functions/tests/basic/README.md
new file mode 100644
index 00000000..b4777976
--- /dev/null
+++ b/modules/cloudfront/modules/cloudfront_functions/tests/basic/README.md
@@ -0,0 +1,29 @@
+# basic
+
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [function](#module\_function) | ../../ | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+
diff --git a/modules/cloudfront/modules/cloudfront_functions/tests/basic/function.js b/modules/cloudfront/modules/cloudfront_functions/tests/basic/function.js
new file mode 100644
index 00000000..e69de29b
diff --git a/modules/cloudfront/modules/cloudfront_functions/tests/basic/main.tf b/modules/cloudfront/modules/cloudfront_functions/tests/basic/main.tf
new file mode 100644
index 00000000..65dbca0f
--- /dev/null
+++ b/modules/cloudfront/modules/cloudfront_functions/tests/basic/main.tf
@@ -0,0 +1,6 @@
+module "function" {
+ source = "../../"
+
+ name = "test"
+ code = file("${path.module}/function.js")
+}
diff --git a/modules/cloudfront/modules/cloudfront_functions/variables.tf b/modules/cloudfront/modules/cloudfront_functions/variables.tf
new file mode 100644
index 00000000..082bd547
--- /dev/null
+++ b/modules/cloudfront/modules/cloudfront_functions/variables.tf
@@ -0,0 +1,27 @@
+variable "name" {
+ type = string
+ description = "Function name"
+}
+
+variable "comment" {
+ type = string
+ description = "Function comment"
+ default = ""
+}
+
+variable "runtime" {
+ type = string
+ description = "Function runtime"
+ default = "cloudfront-js-1.0"
+}
+
+variable "publish" {
+ type = bool
+ description = "Function Publish"
+ default = true
+}
+
+variable "code" {
+ type = any
+ description = "Function code"
+}
diff --git a/modules/cloudfront/modules/response_headers/README.md b/modules/cloudfront/modules/response_headers/README.md
new file mode 100644
index 00000000..dc2eb46d
--- /dev/null
+++ b/modules/cloudfront/modules/response_headers/README.md
@@ -0,0 +1,37 @@
+# response_headers
+
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_cloudfront_response_headers_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_response_headers_policy) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [custom\_headers](#input\_custom\_headers) | List of custom headers with header name, value, and override flag | list(object({
header = string
value = string
override = bool
})) | `[]` | no |
+| [name](#input\_name) | Cloudfront response headers polic | `string` | n/a | yes |
+| [security\_headers](#input\_security\_headers) | n/a | object({
frame_options = optional(string)
}) | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [id](#output\_id) | n/a |
+
diff --git a/modules/cloudfront/modules/response_headers/main.tf b/modules/cloudfront/modules/response_headers/main.tf
new file mode 100644
index 00000000..6458cbf8
--- /dev/null
+++ b/modules/cloudfront/modules/response_headers/main.tf
@@ -0,0 +1,25 @@
+# CloudFront custom response headers policy
+resource "aws_cloudfront_response_headers_policy" "this" {
+ name = var.name
+
+ custom_headers_config {
+ dynamic "items" {
+ for_each = var.custom_headers
+ content {
+ header = items.value.header
+ override = items.value.override
+ value = items.value.value
+ }
+ }
+ }
+
+ dynamic "security_headers_config" {
+ for_each = var.security_headers.frame_options != null ? [1] : []
+ content {
+ frame_options {
+ override = true
+ frame_option = var.security_headers.frame_options
+ }
+ }
+ }
+}
diff --git a/modules/cloudfront/modules/response_headers/output.tf b/modules/cloudfront/modules/response_headers/output.tf
new file mode 100644
index 00000000..b1ecaed0
--- /dev/null
+++ b/modules/cloudfront/modules/response_headers/output.tf
@@ -0,0 +1,3 @@
+output "id" {
+ value = aws_cloudfront_response_headers_policy.this.id
+}
diff --git a/modules/cloudfront/modules/response_headers/tests/basic/README.md b/modules/cloudfront/modules/response_headers/tests/basic/README.md
new file mode 100644
index 00000000..68c91730
--- /dev/null
+++ b/modules/cloudfront/modules/response_headers/tests/basic/README.md
@@ -0,0 +1,29 @@
+# tests
+
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [this](#module\_this) | ../ | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+
diff --git a/modules/cloudfront/modules/response_headers/tests/basic/main.tf b/modules/cloudfront/modules/response_headers/tests/basic/main.tf
new file mode 100644
index 00000000..10b25e11
--- /dev/null
+++ b/modules/cloudfront/modules/response_headers/tests/basic/main.tf
@@ -0,0 +1,7 @@
+module "this" {
+ source = "../"
+ name = "X-Frame-Options"
+ security_headers = {
+ frame_options = "DENY"
+ }
+}
diff --git a/modules/cloudfront/modules/response_headers/variables.tf b/modules/cloudfront/modules/response_headers/variables.tf
new file mode 100644
index 00000000..29765d57
--- /dev/null
+++ b/modules/cloudfront/modules/response_headers/variables.tf
@@ -0,0 +1,21 @@
+variable "custom_headers" {
+ type = list(object({
+ header = string
+ value = string
+ override = bool
+ }))
+ description = "List of custom headers with header name, value, and override flag"
+ default = []
+}
+
+variable "security_headers" {
+ type = object({
+ frame_options = optional(string)
+ })
+ default = {}
+}
+
+variable "name" {
+ type = string
+ description = "Cloudfront response headers polic"
+}
diff --git a/modules/cloudfront/security-headers-config.tf b/modules/cloudfront/security-headers-config.tf
new file mode 100644
index 00000000..1ee21fe1
--- /dev/null
+++ b/modules/cloudfront/security-headers-config.tf
@@ -0,0 +1,7 @@
+module "aws-cloudfront-security-headers-policy" {
+ count = var.create_response_headers_policy.enabled ? 1 : 0
+
+ source = "./modules/response_headers/"
+ name = var.create_response_headers_policy.name
+ security_headers = var.create_response_headers_policy.security_headers
+}
diff --git a/modules/cloudfront/tests/default/0-setup.tf b/modules/cloudfront/tests/default/0-setup.tf
index db10e19d..4bd1935a 100644
--- a/modules/cloudfront/tests/default/0-setup.tf
+++ b/modules/cloudfront/tests/default/0-setup.tf
@@ -1,9 +1,5 @@
terraform {
required_providers {
- test = {
- source = "terraform.io/builtin/test"
- }
-
aws = {
source = "hashicorp/aws"
version = "~> 4.33"
diff --git a/modules/cloudfront/tests/default/2-assert.tf b/modules/cloudfront/tests/default/2-assert.tf
deleted file mode 100644
index 909a5004..00000000
--- a/modules/cloudfront/tests/default/2-assert.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-resource "test_assertions" "dummy" {
- component = "monitoring-modules-cloudwatch-alarm-actions"
-
- equal "scheme" {
- description = "As module does not have any output and data just make sure the case runs. Probably can be thrown away."
- got = "all good"
- want = "all good"
- }
-}
diff --git a/modules/cloudfront/tests/default/README.md b/modules/cloudfront/tests/default/README.md
index af5e9daf..3454471a 100644
--- a/modules/cloudfront/tests/default/README.md
+++ b/modules/cloudfront/tests/default/README.md
@@ -9,9 +9,7 @@
## Providers
-| Name | Version |
-|------|---------|
-| [test](#provider\_test) | n/a |
+No providers.
## Modules
@@ -21,9 +19,7 @@
## Resources
-| Name | Type |
-|------|------|
-| test_assertions.dummy | resource |
+No resources.
## Inputs
diff --git a/modules/cloudfront/variables.tf b/modules/cloudfront/variables.tf
index d90c05aa..b70d4c47 100644
--- a/modules/cloudfront/variables.tf
+++ b/modules/cloudfront/variables.tf
@@ -2,10 +2,18 @@ variable "domain_names" {
description = "The list of domain names (aliases) for which cloudfront will used for"
type = list(string)
}
+
variable "default_target_origin_id" {
description = "The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior."
type = string
}
+
+variable "comment" {
+ description = "Comment for CloudFront"
+ type = string
+ default = ""
+}
+
variable "origins" {
description = "Targets, types and custom_origin_config block are needed to create new origins."
type = list(any)
@@ -26,6 +34,27 @@ variable "create_lambda_security_headers" {
description = "Whether to create and attach a labda function to the distribution or not."
}
+variable "forwarded_values" {
+ type = object({
+ query_string = optional(bool, false)
+ headers = optional(list(string), ["Origin"])
+ forward = optional(string, "none")
+ })
+
+ default = {
+ query_string = false
+ headers = ["Origin"]
+ forward = "none"
+ }
+ description = "Origin Forwarded value"
+}
+
+variable "cache_policy_id" {
+ type = string
+ default = ""
+ description = "Unique identifier of the cache policy that is attached to the cache behavior"
+}
+
variable "targets" {
default = []
description = "Targets and patterns needed to create new behaviours."
@@ -70,7 +99,7 @@ variable "retain_on_delete" {
variable "default_root_object" {
type = string
- default = "/index.html"
+ default = "index.html"
description = "The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL."
}
@@ -267,3 +296,19 @@ variable "logging_config" {
bucket = null
}
}
+
+variable "create_response_headers_policy" {
+ type = object({
+ enabled = optional(bool, false)
+ name = optional(string, "custom_response_headers")
+ security_headers = object({
+ frame_options = optional(string)
+ })
+ })
+ default = {
+ enabled = false
+ name = "custom_response_headers"
+ security_headers = {}
+ }
+ description = "Create cloudfront custom header policy"
+}