Skip to content

Latest commit

 

History

History
92 lines (73 loc) · 8.48 KB

File metadata and controls

92 lines (73 loc) · 8.48 KB

Terraform AWS Cloudfront for s3

Fully written and tested using OpenTofu

Simple AWS Cloudfront to serve static websites from S3.

Key features

  • lambda@edge function if you want to serve content in subfolders without needing to provide the index.html, for example: https://foo.bar/somepage/
  • Custom error reponses

TODO:

  • Add tests

Requirements

Name Version
terraform >= 0.13.0
aws >= 5.0.0

Providers

Name Version
aws >= 5.0.0

Modules

No modules.

Resources

Name Type
aws_cloudfront_cache_policy.this resource
aws_cloudfront_distribution.this resource
aws_cloudfront_function.this resource
aws_cloudfront_origin_access_control.this resource
aws_s3_bucket_policy.allow_cloudfront resource
aws_cloudfront_cache_policy.managed data source
aws_iam_policy_document.allow_cloudfront data source

Inputs

Name Description Type Default Required
acm_certificate_arn ACM Certificate ARN, must be us-east-1 string n/a yes
aliases Alternate domain names list(string) null no
allowed_methods default cache behavior allowed methods list(string)
[
"GET",
"HEAD"
]
no
attach_s3_bucket_policy attach a policy to s3 bucket to allow this distribution bool true no
cache_policy_comment Cache policy Comment/description string null no
cache_policy_name The cache policy name string null no
cached_methods default cache behavior cached methods list(string)
[
"GET",
"HEAD"
]
no
cloudfront_origin_description Description for the origin string n/a yes
cloudfront_origin_name The name of the cloudfront origin string n/a yes
cookies_forwarding_behavior Whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. string "none" no
custom_cache_policy If going to create a custom cache policy bool false no
custom_edge_function_associations Edge functions to associate with the distribution
map(object({
event_type = string
function_arn = string
}))
{} no
custom_error_responses Custom error response definitions
list(object({
error_caching_min_ttl = optional(number)
error_code = optional(number)
response_code = optional(number)
response_page_path = optional(string)
}))
null no
default_root_object The default website root object string null no
default_ttl Default cache ttl number 1800 no
enable_cloudfront_origin_access_control enable/disable cloudfront origin access control bool true no
enable_distribution Enables the cf distributuion bool true no
enable_ipv6 Enables ipv6 for the cloudfront distributuion bool true no
enable_noindex_function Enables lambda@edge function to serve files inside subfolders bool true no
geo_restriction_locations locations to apply restrictions to list(string) [] no
geo_restriction_type whitelist/blacklist string "none" no
headers_forwarding_behavior Whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin string "none" no
managed_cache_policy_name The default cache policy name string null no
max_ttl Max cache ttl number 3600 no
min_ttl Min cache ttl number 0 no
origin_access_identity CloudFront S3 origin configuration information string null no
price_class Price class for this distribution string "PriceClass_All" no
query_string_forwarding_behavior Whether URL query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin string "none" no
s3_bucket_id Name of s3 bucket string n/a yes
s3_objects The s3 onjects to allow access to ARN/objects list(any) n/a yes
s3_origin_id unique origin id string "s3Website" no
s3_origin_path objects origin path if using subfolders string null no
s3_regional_domain_name The regional domain name of the bucket string n/a yes
ssl_support_method SSL support method to be used string "sni-only" no
tls_minimum_protocol_version Minimum TLS version string "TLSv1.2_2021" no
viewer_protocol_policy specify the protocol that users can use to access the files in the origin string "redirect-to-https" no

Outputs

No outputs.