Skip to content

Commit

Permalink
Merge pull request #352 from dasmeta/DMVP-5400
Browse files Browse the repository at this point in the history
fix(DMVP-5400): Change default value
  • Loading branch information
aghamyan44 authored Oct 7, 2024
2 parents 9ef57d5 + f90eff7 commit 873a3fb
Show file tree
Hide file tree
Showing 20 changed files with 343 additions and 50 deletions.
23 changes: 14 additions & 9 deletions modules/cloudfront/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,7 @@ module "cloudfront" {
| Name | Source | Version |
|------|--------|---------|
| <a name="module_aws-cloudfront-security-headers"></a> [aws-cloudfront-security-headers](#module\_aws-cloudfront-security-headers) | ../aws-cloudfront-security-headers | n/a |
| <a name="module_aws-cloudfront-security-headers-policy"></a> [aws-cloudfront-security-headers-policy](#module\_aws-cloudfront-security-headers-policy) | ./modules/response_headers/ | n/a |

## Resources

Expand All @@ -165,32 +166,36 @@ module "cloudfront" {
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_acm_cert_arn"></a> [acm\_cert\_arn](#input\_acm\_cert\_arn) | ACM certificate arn. | `string` | `""` | no |
| <a name="input_cache_policy_id"></a> [cache\_policy\_id](#input\_cache\_policy\_id) | Unique identifier of the cache policy that is attached to the cache behavior | `string` | `""` | no |
| <a name="input_cloudfront_default_certificate"></a> [cloudfront\_default\_certificate](#input\_cloudfront\_default\_certificate) | true if you want viewers to use HTTPS to request your objects and you're using the CloudFront domain name for your distribution. | `bool` | `true` | no |
| <a name="input_comment"></a> [comment](#input\_comment) | Comment for CloudFront | `string` | `""` | no |
| <a name="input_connection_attempts"></a> [connection\_attempts](#input\_connection\_attempts) | The number of times that CloudFront attempts to connect to the origin. | `number` | `3` | no |
| <a name="input_connection_timeout"></a> [connection\_timeout](#input\_connection\_timeout) | The number of seconds that CloudFront waits when trying to establish a connection to the origin. | `number` | `10` | no |
| <a name="input_create_lambda_security_headers"></a> [create\_lambda\_security\_headers](#input\_create\_lambda\_security\_headers) | Whether to create and attach a labda function to the distribution or not. | `bool` | `false` | no |
| <a name="input_custom_origin_config"></a> [custom\_origin\_config](#input\_custom\_origin\_config) | n/a | `map` | <pre>{<br/> "http_port": 80,<br/> "https_port": 443,<br/> "origin_keepalive_timeout": 5,<br/> "origin_protocol_policy": "http-only",<br/> "origin_read_timeout": 30,<br/> "origin_ssl_protocols": [<br/> "TLSv1",<br/> "TLSv1.1",<br/> "TLSv1.2"<br/> ]<br/>}</pre> | no |
| <a name="input_default_allowed_methods"></a> [default\_allowed\_methods](#input\_default\_allowed\_methods) | Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. | `list(string)` | <pre>[<br/> "DELETE",<br/> "GET",<br/> "HEAD",<br/> "OPTIONS",<br/> "PATCH",<br/> "POST",<br/> "PUT"<br/>]</pre> | no |
| <a name="input_default_cached_methods"></a> [default\_cached\_methods](#input\_default\_cached\_methods) | Controls whether CloudFront caches the response to requests using the specified HTTP methods. | `list(string)` | <pre>[<br/> "GET",<br/> "HEAD"<br/>]</pre> | no |
| <a name="input_create_response_headers_policy"></a> [create\_response\_headers\_policy](#input\_create\_response\_headers\_policy) | Create cloudfront custom header policy | <pre>object({<br> enabled = optional(bool, false)<br> name = optional(string, "custom_response_headers")<br> security_headers = object({<br> frame_options = optional(string)<br> })<br> })</pre> | <pre>{<br> "enabled": false,<br> "name": "custom_response_headers",<br> "security_headers": {}<br>}</pre> | no |
| <a name="input_custom_origin_config"></a> [custom\_origin\_config](#input\_custom\_origin\_config) | n/a | `map` | <pre>{<br> "http_port": 80,<br> "https_port": 443,<br> "origin_keepalive_timeout": 5,<br> "origin_protocol_policy": "http-only",<br> "origin_read_timeout": 30,<br> "origin_ssl_protocols": [<br> "TLSv1",<br> "TLSv1.1",<br> "TLSv1.2"<br> ]<br>}</pre> | no |
| <a name="input_default_allowed_methods"></a> [default\_allowed\_methods](#input\_default\_allowed\_methods) | Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. | `list(string)` | <pre>[<br> "DELETE",<br> "GET",<br> "HEAD",<br> "OPTIONS",<br> "PATCH",<br> "POST",<br> "PUT"<br>]</pre> | no |
| <a name="input_default_cached_methods"></a> [default\_cached\_methods](#input\_default\_cached\_methods) | Controls whether CloudFront caches the response to requests using the specified HTTP methods. | `list(string)` | <pre>[<br> "GET",<br> "HEAD"<br>]</pre> | no |
| <a name="input_default_compress"></a> [default\_compress](#input\_default\_compress) | Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header. | `bool` | `true` | no |
| <a name="input_default_default_ttl"></a> [default\_default\_ttl](#input\_default\_default\_ttl) | The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. | `number` | `0` | no |
| <a name="input_default_max_ttl"></a> [default\_max\_ttl](#input\_default\_max\_ttl) | The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. | `number` | `0` | no |
| <a name="input_default_min_ttl"></a> [default\_min\_ttl](#input\_default\_min\_ttl) | The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. | `number` | `0` | no |
| <a name="input_default_root_object"></a> [default\_root\_object](#input\_default\_root\_object) | The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. | `string` | `"/index.html"` | no |
| <a name="input_default_root_object"></a> [default\_root\_object](#input\_default\_root\_object) | The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. | `string` | `"index.html"` | no |
| <a name="input_default_smooth_streaming"></a> [default\_smooth\_streaming](#input\_default\_smooth\_streaming) | Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. | `bool` | `false` | no |
| <a name="input_default_target_origin_id"></a> [default\_target\_origin\_id](#input\_default\_target\_origin\_id) | The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior. | `string` | n/a | yes |
| <a name="input_default_viewer_protocol_policy"></a> [default\_viewer\_protocol\_policy](#input\_default\_viewer\_protocol\_policy) | Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https. | `string` | `"allow-all"` | no |
| <a name="input_domain_names"></a> [domain\_names](#input\_domain\_names) | The list of domain names (aliases) for which cloudfront will used for | `list(string)` | n/a | yes |
| <a name="input_enabled"></a> [enabled](#input\_enabled) | Whether the distribution is enabled to accept end user requests for content. | `bool` | `true` | no |
| <a name="input_function_associations"></a> [function\_associations](#input\_function\_associations) | A list of Cloudfront function associations. | <pre>list(object({<br/> event_type = string<br/> function_arn = string<br/> }))</pre> | `[]` | no |
| <a name="input_forwarded_values"></a> [forwarded\_values](#input\_forwarded\_values) | Origin Forwarded value | <pre>object({<br> query_string = optional(bool, false)<br> headers = optional(list(string), ["Origin"])<br> forward = optional(string, "none")<br> })</pre> | <pre>{<br> "forward": "none",<br> "headers": [<br> "Origin"<br> ],<br> "query_string": false<br>}</pre> | no |
| <a name="input_function_associations"></a> [function\_associations](#input\_function\_associations) | A list of Cloudfront function associations. | <pre>list(object({<br> event_type = string<br> function_arn = string<br> }))</pre> | `[]` | no |
| <a name="input_http_port"></a> [http\_port](#input\_http\_port) | The HTTP port the custom origin listens on. | `number` | `80` | no |
| <a name="input_https_port"></a> [https\_port](#input\_https\_port) | The HTTPS port the custom origin listens on. | `number` | `443` | no |
| <a name="input_is_ipv6_enabled"></a> [is\_ipv6\_enabled](#input\_is\_ipv6\_enabled) | Whether the IPv6 is enabled for the distribution. | `bool` | `true` | no |
| <a name="input_lambda_function_body"></a> [lambda\_function\_body](#input\_lambda\_function\_body) | When set to true it exposes the request body to the lambda function. Valid values: true, false. | `bool` | `false` | no |
| <a name="input_logging_config"></a> [logging\_config](#input\_logging\_config) | n/a | <pre>object({<br/> enabled = optional(bool, false)<br/> bucket = string<br/> prefix = optional(string, "/")<br/> include_cookies = optional(bool, false)<br/> })</pre> | <pre>{<br/> "bucket": null,<br/> "enable": false<br/>}</pre> | no |
| <a name="input_logging_config"></a> [logging\_config](#input\_logging\_config) | n/a | <pre>object({<br> enabled = optional(bool, false)<br> bucket = string<br> prefix = optional(string, "/")<br> include_cookies = optional(bool, false)<br> })</pre> | <pre>{<br> "bucket": null,<br> "enable": false<br>}</pre> | no |
| <a name="input_minimum_protocol_version"></a> [minimum\_protocol\_version](#input\_minimum\_protocol\_version) | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. | `string` | `"TLSv1"` | no |
| <a name="input_ordered_allowed_methods"></a> [ordered\_allowed\_methods](#input\_ordered\_allowed\_methods) | n/a | `list(string)` | <pre>[<br/> "GET",<br/> "HEAD",<br/> "OPTIONS"<br/>]</pre> | no |
| <a name="input_ordered_cached_methods"></a> [ordered\_cached\_methods](#input\_ordered\_cached\_methods) | n/a | `list(string)` | <pre>[<br/> "GET",<br/> "HEAD"<br/>]</pre> | no |
| <a name="input_ordered_allowed_methods"></a> [ordered\_allowed\_methods](#input\_ordered\_allowed\_methods) | n/a | `list(string)` | <pre>[<br> "GET",<br> "HEAD",<br> "OPTIONS"<br>]</pre> | no |
| <a name="input_ordered_cached_methods"></a> [ordered\_cached\_methods](#input\_ordered\_cached\_methods) | n/a | `list(string)` | <pre>[<br> "GET",<br> "HEAD"<br>]</pre> | no |
| <a name="input_ordered_compress"></a> [ordered\_compress](#input\_ordered\_compress) | n/a | `bool` | `true` | no |
| <a name="input_ordered_default_ttl"></a> [ordered\_default\_ttl](#input\_ordered\_default\_ttl) | n/a | `number` | `0` | no |
| <a name="input_ordered_max_ttl"></a> [ordered\_max\_ttl](#input\_ordered\_max\_ttl) | n/a | `number` | `0` | no |
Expand All @@ -200,7 +205,7 @@ module "cloudfront" {
| <a name="input_origin_keepalive_timeout"></a> [origin\_keepalive\_timeout](#input\_origin\_keepalive\_timeout) | The Custom KeepAlive timeout, in seconds. | `number` | `5` | no |
| <a name="input_origin_protocol_policy"></a> [origin\_protocol\_policy](#input\_origin\_protocol\_policy) | The origin protocol policy to apply to your origin. | `string` | `"http-only"` | no |
| <a name="input_origin_read_timeout"></a> [origin\_read\_timeout](#input\_origin\_read\_timeout) | The Custom Read timeout, in seconds. | `number` | `30` | no |
| <a name="input_origin_ssl_protocols"></a> [origin\_ssl\_protocols](#input\_origin\_ssl\_protocols) | The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. | `list(string)` | <pre>[<br/> "TLSv1",<br/> "TLSv1.1",<br/> "TLSv1.2"<br/>]</pre> | no |
| <a name="input_origin_ssl_protocols"></a> [origin\_ssl\_protocols](#input\_origin\_ssl\_protocols) | The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. | `list(string)` | <pre>[<br> "TLSv1",<br> "TLSv1.1",<br> "TLSv1.2"<br>]</pre> | no |
| <a name="input_origins"></a> [origins](#input\_origins) | Targets, types and custom\_origin\_config block are needed to create new origins. | `list(any)` | n/a | yes |
| <a name="input_price_class"></a> [price\_class](#input\_price\_class) | The price class for this distribution. | `string` | `"PriceClass_All"` | no |
| <a name="input_restriction_type"></a> [restriction\_type](#input\_restriction\_type) | The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist. | `string` | `"none"` | no |
Expand Down
62 changes: 41 additions & 21 deletions modules/cloudfront/distribution.tf
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ locals {

resource "aws_cloudfront_distribution" "main" {
aliases = var.domain_names
comment = var.comment
enabled = var.enabled
is_ipv6_enabled = var.is_ipv6_enabled
price_class = var.price_class
Expand All @@ -42,21 +43,27 @@ resource "aws_cloudfront_distribution" "main" {
cached_methods = var.default_cached_methods
compress = var.default_compress
default_ttl = var.default_default_ttl
cache_policy_id = var.cache_policy_id

forwarded_values {
query_string = false
headers = ["Origin"]
dynamic "forwarded_values" {
for_each = var.cache_policy_id == "" ? [var.forwarded_values] : []

cookies {
forward = "none"
content {
query_string = forwarded_values.value.query_string
headers = forwarded_values.value.headers

cookies {
forward = forwarded_values.value.forward
}
}
}

max_ttl = var.default_max_ttl
min_ttl = var.default_min_ttl
smooth_streaming = var.default_smooth_streaming
target_origin_id = var.default_target_origin_id
viewer_protocol_policy = var.default_viewer_protocol_policy
max_ttl = var.default_max_ttl
min_ttl = var.default_min_ttl
smooth_streaming = var.default_smooth_streaming
target_origin_id = var.default_target_origin_id
response_headers_policy_id = var.create_response_headers_policy.enabled ? module.aws-cloudfront-security-headers-policy[0].id : null
viewer_protocol_policy = var.default_viewer_protocol_policy

dynamic "lambda_function_association" {
for_each = module.aws-cloudfront-security-headers
Expand All @@ -76,7 +83,6 @@ resource "aws_cloudfront_distribution" "main" {
function_arn = function_association.value.function_arn
}
}

}

dynamic "ordered_cache_behavior" {
Expand All @@ -88,21 +94,35 @@ resource "aws_cloudfront_distribution" "main" {
compress = var.ordered_compress
default_ttl = var.ordered_default_ttl
max_ttl = var.ordered_max_ttl
cache_policy_id = var.cache_policy_id

forwarded_values {
query_string = false
headers = ["Origin"]
dynamic "forwarded_values" {
for_each = var.cache_policy_id == "" ? [var.forwarded_values] : []

cookies {
forward = "none"
content {
query_string = forwarded_values.value.query_string
headers = forwarded_values.value.headers

cookies {
forward = forwarded_values.value.forward
}
}
}

min_ttl = var.ordered_min_ttl
path_pattern = ordered_cache_behavior.value.pattern
smooth_streaming = var.ordered_smooth_streaming
target_origin_id = ordered_cache_behavior.value.target
viewer_protocol_policy = var.ordered_viewer_protocol_policy
min_ttl = var.ordered_min_ttl
path_pattern = ordered_cache_behavior.value.pattern
smooth_streaming = var.ordered_smooth_streaming
target_origin_id = ordered_cache_behavior.value.target
viewer_protocol_policy = var.ordered_viewer_protocol_policy
response_headers_policy_id = var.create_response_headers_policy.enabled ? module.aws-cloudfront-security-headers-policy[0].id : null
dynamic "function_association" {
for_each = var.function_associations

content {
event_type = function_association.value.event_type
function_arn = function_association.value.function_arn
}
}
}
}

Expand Down
39 changes: 39 additions & 0 deletions modules/cloudfront/modules/cloudfront_functions/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# cloudfront_functions

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements

No requirements.

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |

## Modules

No modules.

## Resources

| Name | Type |
|------|------|
| [aws_cloudfront_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_function) | resource |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_code"></a> [code](#input\_code) | Function code | `any` | n/a | yes |
| <a name="input_comment"></a> [comment](#input\_comment) | Function comment | `string` | `""` | no |
| <a name="input_name"></a> [name](#input\_name) | Function name | `string` | n/a | yes |
| <a name="input_publish"></a> [publish](#input\_publish) | Function Publish | `bool` | `true` | no |
| <a name="input_runtime"></a> [runtime](#input\_runtime) | Function runtime | `string` | `"cloudfront-js-1.0"` | no |

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_arn"></a> [arn](#output\_arn) | n/a |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
7 changes: 7 additions & 0 deletions modules/cloudfront/modules/cloudfront_functions/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
resource "aws_cloudfront_function" "this" {
name = var.name
runtime = var.runtime
comment = var.comment
publish = var.publish
code = var.code
}
3 changes: 3 additions & 0 deletions modules/cloudfront/modules/cloudfront_functions/output.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
output "arn" {
value = aws_cloudfront_function.this.arn
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# basic

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements

No requirements.

## Providers

No providers.

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_function"></a> [function](#module\_function) | ../../ | n/a |

## Resources

No resources.

## Inputs

No inputs.

## Outputs

No outputs.
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
Empty file.
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
module "function" {
source = "../../"

name = "test"
code = file("${path.module}/function.js")
}
27 changes: 27 additions & 0 deletions modules/cloudfront/modules/cloudfront_functions/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
variable "name" {
type = string
description = "Function name"
}

variable "comment" {
type = string
description = "Function comment"
default = ""
}

variable "runtime" {
type = string
description = "Function runtime"
default = "cloudfront-js-1.0"
}

variable "publish" {
type = bool
description = "Function Publish"
default = true
}

variable "code" {
type = any
description = "Function code"
}
Loading

0 comments on commit 873a3fb

Please sign in to comment.