This is a module to build a cloudfront distribution. It has been modularized to accept multiple origins, behaviors, and custom error responses. Please reference the Example folder for an example of this module in action
- This Module supports Terraform Version 0.12 and above
- This Module has been tested & verified with 0.13.3
- While
dynamic_custom_origin_configanddynamic_s3_origin_configare considered not required, you must supply atleast one origin config.
See CHANGELOG for release notes
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| acm_certificate_arn | "The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. The ACM certificate must be in US-EAST-1. | string | null |
no |
| additional_tags | A mapping of additional tags to attach | map(string) | {} |
no |
| alias | Aliases, or CNAMES, for the distribution | list | [] |
no |
| comment | Any comment about the CloudFront Distribution | string | "" |
no |
| cloudfront_default_certificate | This variable is not required anymore, being auto generated, left here for compability purposes | bool | true |
no |
| create_cf | Set to false to prevent the module from creating any resources | bool | true |
no |
| default_root_object | The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL | string | "" |
no |
| dynamic_custom_error_response | Custom error response to be used in dynamic block | any | [] |
no |
| dynamic_custom_origin_config | Configuration for the custom origin config to be used in dynamic block | any | [] |
no |
| dynamic_default_cache_behavior | Default Cache Behviors to be used in dynamic block | any | n/a | yes |
| dynamic_ordered_cache_behavior | Ordered Cache Behaviors to be used in dynamic block | any | [] |
no |
| dynamic_origin_group | Origin Group to be used in dynamic block | any | [] |
no |
| dynamic_logging_config | This is the logging configuration for the Cloudfront Distribution. It is not required. If you choose to use this configuration, be sure you have the correct IAM and Bucket ACL rules. Your tfvars file should follow this syntax: logging_config = [{ bucket = "" include_cookies = prefix = "" }] |
any | [] |
no |
| dynamic_s3_origin_config | Configuration for the s3 origin config to be used in dynamic block | list(map(string)) | [] |
no |
| enable | Whether the distribution is enabled to accept end user requests for content | bool | true |
no |
| enable_ipv6 | Whether the IPv6 is enabled for the distribution | bool | true |
no |
| http_version | The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2 | string | "http2" |
no |
| iam_certificate_id | Specifies IAM certificate id for CloudFront distribution | string | null |
no |
| minimum_protocol_version | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018 or TLSv1.2_2019. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified. | string | TLSv1 | no |
| price | The price class of the CloudFront Distribution. Valid types are PriceClass_All, PriceClass_100, PriceClass_200 | string | "PriceClass_100" |
no |
| restriction_location | The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist) | list | [] |
no |
| restriction_type | The restriction type of your CloudFront distribution geolocation restriction. Options include none, whitelist, blacklist | string | "none" |
no |
| retain_on_delete | Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. | bool | false |
no |
| ssl_support_method | This variable is not required anymore, being auto generated, left here for compability purposes | string | sni-only | no |
| tag_name | The tagged name | string | n/a | no |
| wait_for_deployment | If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. | bool | true |
no |
| webacl | The WAF Web ACL | string | "" |
no |
| Name | Description |
|---|---|
| id | The identifier for the distribution. For example: EDFDVBD632BHDS5. |
| arn | The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID. |
| caller_reference | Internal value used by CloudFront to allow future updates to the distribution configuration. |
| status | The current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system. |
| trusted_signers | The key pair IDs that CloudFront is aware of for each trusted signer, if the distribution is set up to serve private content with signed URLs. |
| domain_name | The domain name corresponding to the distribution. For example: d604721fxaaqy9.cloudfront.net. |
| name | The domain name corresponding to the distribution. For example: d604721fxaaqy9.cloudfront.net. |
| last_modified_time | The date and time the distribution was last modified. |
| in_progress_validation_batches | The number of invalidation batches currently in progress. |
| etag | The current version of the distribution's information. For example: E2QWRUHAPOMQZL. |
| hosted_zone_id | The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2. |