This module will create cdn endpoint with alias and SSL-certificate and optional Cloud Front functions.
| Name | Version |
|---|---|
| terraform | >= 0.13.1 |
| aws | >= 4.29 |
| Name | Version |
|---|---|
| aws | >= 4.29 |
| aws.us-east-1 | >= 4.29 |
| null | n/a |
| Name | Source | Version |
|---|---|---|
| certificate | github.com/terraform-aws-modules/terraform-aws-acm | v5.0.1 |
| certificate-validations | github.com/terraform-aws-modules/terraform-aws-acm | v5.0.1 |
| cloudfront | github.com/terraform-aws-modules/terraform-aws-cloudfront | v3.4.0 |
| Name | Type |
|---|---|
| aws_acm_certificate_validation.this | resource |
| aws_cloudfront_function.functions | resource |
| aws_route53_record.additional_records | resource |
| aws_route53_record.ipv6 | resource |
| aws_route53_record.this | resource |
| aws_s3_bucket_policy.s3_origin_policy | resource |
| null_resource.either_s3_origin_hostname_or_s3_origin_name_is_required | resource |
| null_resource.s3_origin_name_is_required_to_override_the_s3_origin_policy | resource |
| aws_iam_policy_document.oac_policy | data source |
| aws_iam_policy_document.oai_policy | data source |
| aws_s3_bucket.s3_origin | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| r53_hostname | Hostname for CloudFront alias | string |
n/a | yes |
| r53_zone_id | Route53 zone ID to be used for hostname and certificate validation | string |
n/a | yes |
| additional_zones | Map containing the Route53 Zone IDs and hostnames for additional domains | map(object({ |
{} |
no |
| cdn_logging | Prefix in s3 bucket for cdn logs | string |
"" |
no |
| cf_functions | The Cloud Front function configuration {type = object{}} ie. {"viewer-request" = object{}} type: Allowed cf event types are viewer-request and viewer-response name: Name of the function comment: Description of the function code: Source code of the function assign: true for associating the function with the cf distribution, false to remove the association. (to remove the cf function firstly set it to false to dissociate from the cf distribution) |
map(object({ |
{} |
no |
| create | Whether to create the resources | bool |
true |
no |
| create_origin_access_control | Controls if CloudFront origin access control should be created | bool |
false |
no |
| create_origin_access_identity | Controls if CloudFront origin access identity should be created | bool |
true |
no |
| default_root_object | The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. | string |
null |
no |
| dns_ttl | dns ttl for the cert validation records | number |
60 |
no |
| ipv6 | create also alias records for ipv6 | bool |
false |
no |
| override_s3_origin_policy | Overrides the S3-bucket policy to set OAI | bool |
false |
no |
| s3_logging_hostname | Hostname of S3-bucket to be used for logging | string |
"" |
no |
| s3_origin_hostname | Hostname of S3-bucket to be used as origin | string |
"" |
no |
| s3_origin_name | Name of S3-bucket to be used as origin | string |
"" |
no |
| s3_origin_policy_restrict_access | Folder/files to add as an condition to the S3-bucket policy resource | string |
"/*" |
no |
| tags | Map of custom tags for the provisioned resources | map(string) |
{} |
no |
| validation_timeout | Define maximum timeout to wait for the validation to complete | string |
null |
no |
| Name | Description |
|---|---|
| certificate_arn | ARN of ACM SSL certificate created for CloudFront |
| cloudfront_alias | Alias hostname of CloudFront distribution |
| cloudfront_alias_additional_zones | Alias hostname of CloudFront distribution for additional zones |
| cloudfront_arn | ARN of CloudFront distribution creates |
| cloudfront_hosted_zone_id | Hosted Zone ID CloudFront distribution uses |
| cloudfront_id | ID CloudFront distribution ID |