terraform-aws-arc-cloudfront¶
Overview¶
SourceFuse AWS Reference Architecture (ARC) Terraform module for managing Cloudfront, S3, Route53 and ACM.
Usage¶
To see a full example, check out the main.tf file in the example folder.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 |
|
Requirements¶
Name | Version |
---|---|
terraform | >= 1.3.0, < 2.0.0 |
aws | ~> 4.0 |
Providers¶
Name | Version |
---|---|
aws | 4.67.0 |
aws.acm | 4.67.0 |
Modules¶
Name | Source | Version |
---|---|---|
kms | ./modules/kms | n/a |
s3_bucket | git::https://github.com/cloudposse/terraform-aws-s3-bucket | 3.1.2 |
s3_bucket_logs | git::https://github.com/cloudposse/terraform-aws-s3-bucket | 3.1.2 |
Resources¶
Name | Type |
---|---|
aws_acm_certificate.this | resource |
aws_acm_certificate_validation.this | resource |
aws_cloudfront_cache_policy.this | resource |
aws_cloudfront_distribution.this | resource |
aws_cloudfront_origin_access_control.s3 | resource |
aws_cloudfront_origin_request_policy.this | resource |
aws_cloudfront_response_headers_policy.this | resource |
aws_route53_record.root_domain | resource |
aws_route53_record.this | resource |
aws_s3_bucket_policy.cdn_bucket_policy | resource |
aws_caller_identity.this | data source |
aws_partition.this | data source |
aws_route53_zone.this | data source |
aws_s3_bucket.origin | data source |
Inputs¶
Name | Description | Type | Default | Required |
---|---|---|---|---|
acm_details | Details required for creating certificate eg. { domain_name = "test.com", subject_alternative_names = ["www.test.com"] } |
object({ |
{ |
no |
aliases | Fully qualified domain name for site being hosted | list(string) |
n/a | yes |
cache_behaviors | Set the cache behaviors for the distribution , Note:- You cannot use an origin request policy in a cache behavior without a cache policy. | list(object({ |
[] |
no |
cache_policies | Cache policies, eg. { "cache-policy-1" = { default_ttl = 86400, max_ttl = 31536000, min_ttl = 0, cookies_config = { cookie_behavior = "none", items = [] }, headers_config = { header_behavior = "whitelist", items = ["Authorization", "Origin", "Accept", "Access-Control-Request-Method", "Access-Control-Request-Headers", "Referer"] }, query_string_behavior = { header_behavior = "none", items = [] }, query_strings_config = { query_string_behavior = "none", items = [] } } } |
map(object( |
{} |
no |
cors_configuration | Specifies the allowed headers, methods, origins and exposed headers when using CORS on this bucket | list(object({ |
null |
no |
create_route53_records | made optional route53 | bool |
false |
no |
custom_error_responses | One or more custom error response elements | list(object({ |
[] |
no |
default_cache_behavior | Default cache behavior for the distribution | object({ |
n/a | yes |
default_root_object | Object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. | string |
"index.html" |
no |
description | CloudFron destribution description | string |
n/a | yes |
enable_logging | Enable logging for Clouffront destribution, this will create new S3 bucket | bool |
false |
no |
geo_restriction | Geographic restriction | object({ |
{ |
no |
logging_bucket | S3 bucket used for storing logs | string |
null |
no |
namespace | Namespace for the resources. | string |
null |
no |
origin_request_policies | Origin request policies, eg. { "origin-req-policy" = { cookies_config = { cookie_behavior = "none", items = [] }, headers_config = { header_behavior = "whitelist", items = ["Accept", "Accept-Charset", "Accept-Datetime", "Accept-Language", "Access-Control-Request-Method", "Access-Control-Request-Headers", "CloudFront-Forwarded-Proto", "CloudFront-Is-Android-Viewer", "CloudFront-Is-Desktop-Viewer", "CloudFront-Is-IOS-Viewer"] }, query_strings_config = { query_string_behavior = "none", items = [] } } } |
map(object({ |
{} |
no |
origins | List of Origins for Cloudfront | list(object({ |
[] |
no |
price_class | Price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100. | string |
"PriceClass_All" |
no |
response_headers_policy | Header policies, eg. { "response-header-policy-1" = { default_ttl = 86400, max_ttl = 31536000, min_ttl = 0, cookies_config = { cookie_behavior = "none", items = [] }, headers_config = { header_behavior = "whitelist", items = ["Authorization", "Origin", "Accept", "Access-Control-Request-Method", "Access-Control-Request-Headers", "Referer"] }, query_string_behavior = { header_behavior = "none", items = [] }, query_strings_config = { query_string_behavior = "none", items = [] } } } |
map(object( |
{} |
no |
retain_on_delete | Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. | bool |
false |
no |
route53_record_ttl | TTL for Route53 record | string |
60 |
no |
route53_root_domain | Domain to add to route 53 as alias to distribution | string |
n/a | yes |
s3_kms_details | KMS details for S3 encryption | object({ |
{ |
no |
tags | Tags for AWS resources | map(string) |
{} |
no |
viewer_certificate | The SSL configuration for this distribution | object({ |
{ |
no |
web_acl_id | Unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. | string |
null |
no |
Outputs¶
Name | Description |
---|---|
acm_certificate_arn | Certificate ARN |
cloudfront_arn | CloudFront ARN |
cloudfront_domain_name | CloudFront Domain name |
cloudfront_hosted_zone_id | CloudFront Hosted zone ID |
cloudfront_id | CloudFront ID |
logging_s3_bucket | Logging bucket name |
origin_s3_bucket | Origin bucket name |
Development¶
Prerequisites¶
Configurations¶
- Configure pre-commit hooks
Git commits¶
while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch
For Example
Tests¶
- Tests are available in
test
directory - Configure the dependencies
- Now execute the test
Authors¶
This project is authored by:
- SourceFuse ARC Team