Inputs
The following input variables are supported:
cors_additional_allowed_origins
Description: Specifies which origins are allowed besides the domain name specified. Use ’*’ to allow any origin.
Type: list(string)
Default: []
cors_allowed_headers
Description: Specifies which headers are allowed for CORS requests.
Type: list(string)
Default:
[ "Content-Length"]cors_allowed_methods
Description: Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.
Type: list(string)
Default:
[ "GET", "HEAD"]cors_enabled
Description: True if the CloudFront distribution should handle adding CORS headers instead of the origin.
Type: bool
Default: false
cors_max_age_seconds
Description: Time in seconds that the browser can cache the response for a preflight CORS request.
Type: number
Default: 3600
custom_error_responses
Description: Mutates error responses returned from the origin before forwarding them to the client
Type:
list(object({ error_caching_min_ttl = optional(number, 60 * 60) // (seconds) Minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. error_code = string // The HTTP status code that you want match (4xx or 5xx) response_code = optional(string) // The HTTP status code that you actually want to return to the client response_page_path = optional(string) // The error page to return }))Default: []
description
Description: A description for this CDN
Type: string
Default: null
domains
Description: A list of domains to use for the CDN
Type: list(string)
Default: n/a
geo_restriction_list
Description: A list of ISO 3166 country codes for the geographic restriction list (works for both whitelist and blacklist)
Type: list(string)
Default: []
geo_restriction_type
Description: What type of geographic restrictions to you want to apply to CDN clients. Must be one of: none, blacklist, whitelist.
Type: string
Default: "none"
logging_cookies_enabled
Description: Whether cookies should be included in the request logs
Type: bool
Default: false
logging_enabled
Description: Whether request logging should be enabled for the CloudFront distribution
Type: bool
Default: false
logging_expire_after_days
Description: The number of days after which logs will be deleted. (0 to disable)
Type: number
Default: 0
name
Description: The name of the CDN that will get created
Type: string
Default: n/a
origin_configs
Description: A list of configuration settings for communicating with the upstream origins
Type:
list(object({ origin_id = optional(string) # A globally unique identifier for this origin (will be automatically computed if not provided) origin_domain = string # The domain name of the ingress origin path_prefix = optional(string, "/") # Only traffic with this HTTP path prefix will be routed to the indicated origin extra_origin_headers = optional(map(string), {}) # Headers sent from the CDN to the origin origin_access_control_id = optional(string, null) # The OAC id to use for accessing private origins
# Rules for mutating the request path before it is forwarded to the upstream service remove_prefix = optional(bool, false) # True iff the the path_prefix should be stripped before forwarding on to upstream service rewrite_rules = optional(list(object({ match = string rewrite = string })), [])
# The default behavior of the CDN before routing requests to this origin default_cache_behavior = optional(object({ caching_enabled = optional(bool, true) # Whether the CDN should cache responses from the origin (overrides all other caching settings) allowed_methods = optional(list(string), ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]) # What HTTP methods are allowed cached_methods = optional(list(string), ["GET", "HEAD"]) # What HTTP methods will be cached min_ttl = optional(number, 0) # Minimum cache time default_ttl = optional(number, 86400) # Default cache time max_ttl = optional(number, 31536000) # Maximum cache time cookies_in_cache_key = optional(list(string), ["*"]) # Which cookies will be included in the cache key (Providing "*" means ALL cookies) headers_in_cache_key = optional(list(string), [ # Which headers will be included in the cache key "Authorization", "Origin", "x-http-method-override", "x-http-method", "x-method-override", "x-forwarded-host", "x-host", "x-original-url", "x-rewrite-url", "forwarded" ]) query_strings_in_cache_key = optional(list(string), ["*"]) # Which query strings will be included in the cache key (Providing "*" means ALL query strings) cookies_not_forwarded = optional(list(string), []) # Which cookies will NOT be forwarded to the ingress from the CDN headers_not_forwarded = optional(list(string), []) # Which headers will NOT be forwarded to the ingress from CDN query_strings_not_forwarded = optional(list(string), []) # Which query strings will NOT be forwarded to the ingress from the CDN compression_enabled = optional(bool, true) # Whether the CDN performs compression on your assets viewer_protocol_policy = optional(string, "redirect-to-https") # What should happen based on the client protocol (HTTP vs HTTPS). One of: allow-all, https-only, redirect-to-https }))
# Similar to default_cache_behavior but allows you to specific specific rules for certain path patterns # The keys for this map are the path patterns (e.g., "*.jpg") # Path patterns will automatically be prefixed with the path_prefix value, so it can be omitted path_match_behavior = optional(map(object({ caching_enabled = optional(bool, true) allowed_methods = optional(list(string), ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]) cached_methods = optional(list(string), ["GET", "HEAD"]) min_ttl = optional(number, 0) default_ttl = optional(number, 86400) max_ttl = optional(number, 31536000) cookies_in_cache_key = optional(list(string), ["*"]) headers_in_cache_key = optional(list(string), [ "Authorization", "Origin", "x-http-method-override", "x-http-method", "x-method-override", "x-forwarded-host", "x-host", "x-original-url", "x-rewrite-url", "forwarded" ]) query_strings_in_cache_key = optional(list(string), ["*"]) cookies_not_forwarded = optional(list(string), []) headers_not_forwarded = optional(list(string), []) query_strings_not_forwarded = optional(list(string), []) compression_enabled = optional(bool, true) viewer_protocol_policy = optional(string, "redirect-to-https") })), {}) }))Default: n/a
origin_shield_enabled
Description: Whether origin shield should be enabled for the CloudFront distribution
Type: bool
Default: false
price_class
Description: The price class for the CDN. Must be one of: PriceClass_All, PriceClass_200, PriceClass_100.
Type: string
Default: "PriceClass_100"
redirect_rules
Description: A list of redirect rules that the ingress will match against before sending requests to the upstreams
Type:
list(object({ source = string # A regex string for matching the entire request url (^https://domain.com(/.*)?$) target = string # The redirect target (can use numbered capture groups from the source - https://domain2.com/$1) permanent = optional(bool, false) # If true will issue a 301 redirect; otherwise, will use 302 }))Default: []
Outputs
The following outputs are exported:
distribution_id
Description: The ID of the CloudFront distribution
logging_bucket_name
Description: The name of the log bucket for CloudFront access logs
Providers
The following providers are needed by this module: