Public Files Hosted in S3 Bucket
This module creates an S3 bucket fronted by CloudFront. Files in this bucket will be available at a public URL. The URL for each file is https://{var.domain}/path/to/file/in/bucket.
Under the hood, this module passes most arguments to either
so see the documentation for those modules for more information about various input settings.
Usage
Default Error Pages
Often you will want to have a page to load if a client requests an asset not found in the S3 bucket. To configure the page that gets loaded, set the not_found_path input variable. It requires an absolute path from the root of the bucket.
Re-routing to Default Files
Often you will want to re-route requests from file-less paths (e.g., /some/page) to paths for a default file in the corresponding folders (e.g., /some/page/index.html).
The default_file input allows you to specify the filename that requests will be re-routed to (e.g., /some/page/ -> /some/page/${var.default_file}.
By default, this re-routing occurs for all requests with paths that do not contain a .. To instead only re-route if the path is to a directory or has a trailing slash (e.g., /some/page/), set default_file_strict to false.
Providers
The following providers are needed by this module:
Required Inputs
The following input variables are required:
bucket_name
Description: The name of the s3 bucket.
Type: string
description
Description: A statement of purpose for the S3 bucket.
Type: string
domains
Description: The domain names to serve content from
Type: list(string)
Optional Inputs
The following input variables are optional (have default values):
cors_additional_allowed_origins
Description: Specifies which origins are allowed besides the domain name specified
Type: list(string)
Default: []
cors_allowed_headers
Description: Specifies which headers are allowed for CORS requests.
Type: list(string)
Default:
[ "Content-Length"]cors_allowed_methods
Description: Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD.
Type: list(string)
Default:
[ "GET", "HEAD"]cors_expose_headers
Description: Specifies expose header in the response.
Type: list(string)
Default: []
cors_max_age_seconds
Description: Time in seconds that the browser can cache the response for a preflight CORS request.
Type: number
Default: 3600
default_cache_behavior
Description: The default configuration for requests that hit the CloudFront distribution.
Type:
object({ caching_enabled = optional(bool, true) # Whether the CDN should cache responses from the origin (overrides all other caching settings) allowed_methods = optional(list(string), ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]) # What HTTP methods are allowed cached_methods = optional(list(string), ["GET", "HEAD"]) # What HTTP methods will be cached min_ttl = optional(number, 0) # Minimum cache time default_ttl = optional(number, 86400) # Default cache time max_ttl = optional(number, 31536000) # Maximum cache time cookies_in_cache_key = optional(list(string), ["*"]) # Which cookies will be included in the cache key (Providing "*" means ALL cookies) headers_in_cache_key = optional(list(string), [ # Which headers will be included in the cache key "Authorization", "Origin", "x-http-method-override", "x-http-method", "x-method-override", "x-forwarded-host", "x-host", "x-original-url", "x-rewrite-url", "forwarded" ]) query_strings_in_cache_key = optional(list(string), ["*"]) # Which query strings will be included in the cache key (Providing "*" means ALL query strings) compression_enabled = optional(bool, true) # Whether the CDN performs compression on your assets viewer_protocol_policy = optional(string, "redirect-to-https") # What should happen based on the client protocol (HTTP vs HTTPS). One of: allow-all, https-only, redirect-to-https })Default: {}
default_file
Description: A default file name to use when no file is specified (/some/file/ => /some/file/index.html). If this is ”, no default file extension will be applied.
Type: string
Default: "index.html"
default_file_strict
Description: Iff true, then all requests with paths that do not contain a . will have the default_file appended.
Type: bool
Default: true
expire_after_days
Description: Whether objects older than indicated days should be deleted. (0 to disable)
Type: number
Default: 0
expire_old_versions
Description: Whether old object versions should be expired.
Type: bool
Default: true
force_destroy
Description: Whether the bucket can be deleted if objects still exist in it.
Type: bool
Default: false
geo_restriction_list
Description: A list of ISO 3166 country codes for the geographic restriction list (works for both whitelist and blacklist)
Type: list(string)
Default: []
geo_restriction_type
Description: What type of geographic restrictions to you want to apply to CDN clients. Must be one of: none, blacklist, whitelist.
Type: string
Default: "none"
intelligent_transitions_enabled
Description: Whether objects should be subject to intelligent access tiering.
Type: bool
Default: true
logging_cookies_enabled
Description: Whether cookies should be included in the CloudFront request logs
Type: bool
Default: false
logging_enabled
Description: Whether request logging should be enabled for the CloudFront distribution
Type: bool
Default: false
logging_expire_after_days
Description: The number of days after which CloudFront logs will be deleted. (0 to disable)
Type: number
Default: 0
not_found_path
Description: The bucket path to return when the HTTP request path isn’t found in the S3 bucket
Type: string
Default: "/404.html"
path_match_behaviors
Description: Similar to default_cache_behavior but allows you to specify specific rules for certain path patterns. The keys for this map are the path patterns (e.g., ‘*.jpg’).
Type:
map(object({ caching_enabled = optional(bool, true) allowed_methods = optional(list(string), ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]) cached_methods = optional(list(string), ["GET", "HEAD"]) min_ttl = optional(number, 0) default_ttl = optional(number, 86400) max_ttl = optional(number, 31536000) cookies_in_cache_key = optional(list(string), ["*"]) headers_in_cache_key = optional(list(string), [ "Authorization", "Origin", "x-http-method-override", "x-http-method", "x-method-override", "x-forwarded-host", "x-host", "x-original-url", "x-rewrite-url", "forwarded" ]) query_strings_in_cache_key = optional(list(string), ["*"]) compression_enabled = optional(bool, true) viewer_protocol_policy = optional(string, "redirect-to-https") }))Default: {}
price_class
Description: The price class for the CDN. Must be one of: PriceClass_All, PriceClass_200, PriceClass_100.
Type: string
Default: "PriceClass_100"
redirect_rules
Description: A list of redirect rules that the ingress will match against before sending requests to the upstreams
Type:
list(object({ source = string # A regex string for matching the entire request url (^https://domain.com(/.*)?$) target = string # The redirect target (can use numbered capture groups from the source - https://domain2.com/$1) permanent = optional(bool, false) # If true will issue a 301 redirect; otherwise, will use 302 }))Default: []
rewrite_rules
Description: Rewrite rules to add for the path resolution
Type:
list(object({ match = string rewrite = string }))Default: []
timed_transitions_enabled
Description: Whether objects should be transitioned to lower storage tiers after a certain amount of time.
Type: bool
Default: false
versioning_enabled
Description: Whether object versioning is enabled.
Type: bool
Default: false
Outputs
The following outputs are exported:
bucket_arn
Description: n/a
bucket_name
Description: n/a
domain
Description: n/a
Usage
No notes