{"id":19129492,"url":"https://github.com/launchbynttdata/tf-aws-module_primitive-cloudfront_distribution","last_synced_at":"2026-06-08T03:30:14.950Z","repository":{"id":234078325,"uuid":"788109030","full_name":"launchbynttdata/tf-aws-module_primitive-cloudfront_distribution","owner":"launchbynttdata","description":null,"archived":false,"fork":false,"pushed_at":"2024-05-08T20:44:35.000Z","size":110,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2024-05-08T21:45:48.669Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/launchbynttdata.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-17T19:43:32.000Z","updated_at":"2024-05-08T20:44:37.000Z","dependencies_parsed_at":"2024-05-08T21:42:28.275Z","dependency_job_id":"577462bd-5111-40c5-b38a-5acad837a042","html_url":"https://github.com/launchbynttdata/tf-aws-module_primitive-cloudfront_distribution","commit_stats":null,"previous_names":["launchbynttdata/tf-aws-module_primitive-cloudfront_distribution"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_primitive-cloudfront_distribution","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_primitive-cloudfront_distribution/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_primitive-cloudfront_distribution/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchbynttdata%2Ftf-aws-module_primitive-cloudfront_distribution/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/launchbynttdata","download_url":"https://codeload.github.com/launchbynttdata/tf-aws-module_primitive-cloudfront_distribution/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240199258,"owners_count":19763827,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T06:07:38.889Z","updated_at":"2026-06-08T03:30:14.840Z","avatar_url":"https://github.com/launchbynttdata.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# tf-aws-module_primitive-wafv2_web_acl_regional\n\n[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![License: CC BY-NC-ND 4.0](https://img.shields.io/badge/License-CC_BY--NC--ND_4.0-lightgrey.svg)](https://creativecommons.org/licenses/by-nc-nd/4.0/)\n\n## Overview\n\nProvides a Regional Web ACL for a WAFv2 Resource. To obtain a non-regional (CloudFront) Web ACL, use the global variant, [found here](https://github.com/launchbynttdata/tf-aws-module_primitive-wafv2_web_acl_global).\n\n## Pre-Commit hooks\n\n[.pre-commit-config.yaml](.pre-commit-config.yaml) file defines certain `pre-commit` hooks that are relevant to terraform, golang and common linting tasks. There are no custom hooks added.\n\n`commitlint` hook enforces commit message in certain format. The commit contains the following structural elements, to communicate intent to the consumers of your commit messages:\n\n- **fix**: a commit of the type `fix` patches a bug in your codebase (this correlates with PATCH in Semantic Versioning).\n- **feat**: a commit of the type `feat` introduces a new feature to the codebase (this correlates with MINOR in Semantic Versioning).\n- **BREAKING CHANGE**: a commit that has a footer `BREAKING CHANGE:`, or appends a `!` after the type/scope, introduces a breaking API change (correlating with MAJOR in Semantic Versioning). A BREAKING CHANGE can be part of commits of any type.\nfooters other than BREAKING CHANGE: \u003cdescription\u003e may be provided and follow a convention similar to git trailer format.\n- **build**: a commit of the type `build` adds changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)\n- **chore**: a commit of the type `chore` adds changes that don't modify src or test files\n- **ci**: a commit of the type `ci` adds changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)\n- **docs**: a commit of the type `docs` adds documentation only changes\n- **perf**: a commit of the type `perf` adds code change that improves performance\n- **refactor**: a commit of the type `refactor` adds code change that neither fixes a bug nor adds a feature\n- **revert**: a commit of the type `revert` reverts a previous commit\n- **style**: a commit of the type `style` adds code changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)\n- **test**: a commit of the type `test` adds missing tests or correcting existing tests\n\nBase configuration used for this project is [commitlint-config-conventional (based on the Angular convention)](https://github.com/conventional-changelog/commitlint/tree/master/@commitlint/config-conventional#type-enum)\n\nIf you are a developer using vscode, [this](https://marketplace.visualstudio.com/items?itemName=joshbolduc.commitlint) plugin may be helpful.\n\n`detect-secrets-hook` prevents new secrets from being introduced into the baseline. TODO: INSERT DOC LINK ABOUT HOOKS\n\nIn order for `pre-commit` hooks to work properly\n\n- You need to have the pre-commit package manager installed. [Here](https://pre-commit.com/#install) are the installation instructions.\n- `pre-commit` would install all the hooks when commit message is added by default except for `commitlint` hook. `commitlint` hook would need to be installed manually using the command below\n\n```\npre-commit install --hook-type commit-msg\n```\n\n## To test the resource group module locally\n\n1. For development/enhancements to this module locally, you'll need to install all of its components. This is controlled by the `configure` target in the project's [`Makefile`](./Makefile). Before you can run `configure`, familiarize yourself with the variables in the `Makefile` and ensure they're pointing to the right places.\n\n```\nmake configure\n```\n\nThis adds in several files and directories that are ignored by `git`. They expose many new Make targets.\n\n2. _THIS STEP APPLIES ONLY TO MICROSOFT AZURE. IF YOU ARE USING A DIFFERENT PLATFORM PLEASE SKIP THIS STEP._ The first target you care about is `env`. This is the common interface for setting up environment variables. The values of the environment variables will be used to authenticate with cloud provider from local development workstation.\n\n`make configure` command will bring down `azure_env.sh` file on local workstation. Devloper would need to modify this file, replace the environment variable values with relevant values.\n\nThese environment variables are used by `terratest` integration suit.\n\nService principle used for authentication(value of ARM_CLIENT_ID) should have below privileges on resource group within the subscription.\n\n```\n\"Microsoft.Resources/subscriptions/resourceGroups/write\"\n\"Microsoft.Resources/subscriptions/resourceGroups/read\"\n\"Microsoft.Resources/subscriptions/resourceGroups/delete\"\n```\n\nThen run this make target to set the environment variables on developer workstation.\n\n```\nmake env\n```\n\n3. The first target you care about is `check`.\n\n**Pre-requisites**\nBefore running this target it is important to ensure that, developer has created files mentioned below on local workstation under root directory of git repository that contains code for primitives/segments. Note that these files are `azure` specific. If primitive/segment under development uses any other cloud provider than azure, this section may not be relevant.\n\n- A file named `provider.tf` with contents below\n\n```\nprovider \"azurerm\" {\n  features {}\n}\n```\n\n- A file named `terraform.tfvars` which contains key value pair of variables used.\n\nNote that since these files are added in `gitignore` they would not be checked in into primitive/segment's git repo.\n\nAfter creating these files, for running tests associated with the primitive/segment, run\n\n```\nmake check\n```\n\nIf `make check` target is successful, developer is good to commit the code to primitive/segment's git repo.\n\n`make check` target\n\n- runs `terraform commands` to `lint`,`validate` and `plan` terraform code.\n- runs `conftests`. `conftests` make sure `policy` checks are successful.\n- runs `terratest`. This is integration test suit.\n- runs `opa` tests\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | ~\u003e 1.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | ~\u003e 5.0 |\n| \u003ca name=\"requirement_random\"\u003e\u003c/a\u003e [random](#requirement\\_random) | ~\u003e 3.6 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | 5.73.0 |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_cloudfront_distribution.cloudfront_distribution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_aliases\"\u003e\u003c/a\u003e [aliases](#input\\_aliases) | Extra CNAMEs (alternate domain names), if any, for this distribution. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_comment\"\u003e\u003c/a\u003e [comment](#input\\_comment) | Any comments you want to include about the distribution. | `string` | `null` | no |\n| \u003ca name=\"input_continuous_deployment_policy_id\"\u003e\u003c/a\u003e [continuous\\_deployment\\_policy\\_id](#input\\_continuous\\_deployment\\_policy\\_id) | Identifier of a continuous deployment policy. This argument should only be set on a production distribution. See the aws\\_cloudfront\\_continuous\\_deployment\\_policy resource for additional details: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_continuous_deployment_policy | `string` | `null` | no |\n| \u003ca name=\"input_custom_error_response\"\u003e\u003c/a\u003e [custom\\_error\\_response](#input\\_custom\\_error\\_response) | One or more custom error response elements. | \u003cpre\u003elist(object({\u003cbr\u003e    error_caching_min_ttl = optional(number, null)\u003cbr\u003e    error_code            = number\u003cbr\u003e    response_code         = optional(number, null)\u003cbr\u003e    response_page_path    = optional(string, null)\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_default_cache_behavior\"\u003e\u003c/a\u003e [default\\_cache\\_behavior](#input\\_default\\_cache\\_behavior) | Default cache behavior for this distribution. | \u003cpre\u003eobject({\u003cbr\u003e    allowed_methods           = optional(list(string), [\"GET\", \"HEAD\", \"OPTIONS\"])\u003cbr\u003e    cached_methods            = optional(list(string), [\"GET\", \"HEAD\"])\u003cbr\u003e    cache_policy_id           = string\u003cbr\u003e    compress                  = optional(bool, false)\u003cbr\u003e    default_ttl               = optional(number, null)\u003cbr\u003e    field_level_encryption_id = optional(string, null)\u003cbr\u003e    lambda_function_association = optional(list(object({\u003cbr\u003e      event_type   = string\u003cbr\u003e      function_arn = string\u003cbr\u003e    })), [])\u003cbr\u003e    function_association = optional(list(object({\u003cbr\u003e      event_type   = string\u003cbr\u003e      function_arn = string\u003cbr\u003e    })), [])\u003cbr\u003e    max_ttl                    = optional(number, null)\u003cbr\u003e    min_ttl                    = optional(number, null)\u003cbr\u003e    origin_request_policy_id   = optional(string, null)\u003cbr\u003e    realtime_log_config_arn    = optional(string, null)\u003cbr\u003e    response_headers_policy_id = optional(string, null)\u003cbr\u003e    smooth_streaming           = optional(bool, null)\u003cbr\u003e    target_origin_id           = string\u003cbr\u003e    trusted_key_groups         = optional(list(string), [])\u003cbr\u003e    trusted_signers            = optional(list(string), [])\u003cbr\u003e    viewer_protocol_policy     = optional(string, \"redirect-to-https\")\u003cbr\u003e  })\u003c/pre\u003e | n/a | yes |\n| \u003ca name=\"input_default_root_object\"\u003e\u003c/a\u003e [default\\_root\\_object](#input\\_default\\_root\\_object) | Object that you want CloudFront to return (e.g. `index.html`) when an end user requests the root URL. | `string` | `null` | no |\n| \u003ca name=\"input_enabled\"\u003e\u003c/a\u003e [enabled](#input\\_enabled) | Whether the distribution is enabled to accept end user requests for content. Defaults to `true`. | `bool` | `true` | no |\n| \u003ca name=\"input_is_ipv6_enabled\"\u003e\u003c/a\u003e [is\\_ipv6\\_enabled](#input\\_is\\_ipv6\\_enabled) | Whether the IPv6 is enabled for the distribution. Defaults to `false`. | `bool` | `false` | no |\n| \u003ca name=\"input_http_version\"\u003e\u003c/a\u003e [http\\_version](#input\\_http\\_version) | Maximum HTTP version to support on the distribution. Allowed values are `http1.1`, `http2`, `http2and3` and `http3`. The default is `http2`. | `string` | `\"http2\"` | no |\n| \u003ca name=\"input_logging_config\"\u003e\u003c/a\u003e [logging\\_config](#input\\_logging\\_config) | The logging configuration that controls how logs are written to your distribution. | \u003cpre\u003eobject({\u003cbr\u003e    bucket          = string\u003cbr\u003e    include_cookies = optional(bool, false)\u003cbr\u003e    prefix          = optional(string, null)\u003cbr\u003e  })\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_ordered_cache_behavior\"\u003e\u003c/a\u003e [ordered\\_cache\\_behavior](#input\\_ordered\\_cache\\_behavior) | Ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0. | \u003cpre\u003elist(object({\u003cbr\u003e    allowed_methods           = optional(list(string), [\"GET\", \"HEAD\", \"OPTIONS\"])\u003cbr\u003e    cached_methods            = optional(list(string), [\"GET\", \"HEAD\"])\u003cbr\u003e    cache_policy_id           = optional(string, null)\u003cbr\u003e    compress                  = optional(bool, false)\u003cbr\u003e    default_ttl               = optional(number, null)\u003cbr\u003e    field_level_encryption_id = optional(string, null)\u003cbr\u003e    lambda_function_association = optional(list(object({\u003cbr\u003e      event_type   = string\u003cbr\u003e      function_arn = string\u003cbr\u003e      include_body = optional(bool, false)\u003cbr\u003e    })), [])\u003cbr\u003e    function_association = optional(list(object({\u003cbr\u003e      event_type   = string\u003cbr\u003e      function_arn = string\u003cbr\u003e    })), [])\u003cbr\u003e    max_ttl                    = optional(number, null)\u003cbr\u003e    min_ttl                    = optional(number, null)\u003cbr\u003e    origin_request_policy_id   = optional(string, null)\u003cbr\u003e    path_pattern               = optional(string, null)\u003cbr\u003e    realtime_log_config_arn    = optional(string, null)\u003cbr\u003e    response_headers_policy_id = optional(string, null)\u003cbr\u003e    smooth_streaming           = optional(bool, null)\u003cbr\u003e    target_origin_id           = string\u003cbr\u003e    trusted_key_groups         = optional(list(string), [])\u003cbr\u003e    trusted_signers            = optional(list(string), [])\u003cbr\u003e    viewer_protocol_policy     = optional(string, \"redirect-to-https\")\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_origin\"\u003e\u003c/a\u003e [origin](#input\\_origin) | Map of origins for this distribution. | \u003cpre\u003emap(object({\u003cbr\u003e    connection_attempts = optional(number, 3)\u003cbr\u003e    connection_timeout  = optional(number, 10)\u003cbr\u003e    custom_origin_config = optional(object({\u003cbr\u003e      http_port              = number\u003cbr\u003e      https_port             = number\u003cbr\u003e      origin_protocol_policy = optional(string, \"https-only\")\u003cbr\u003e      origin_ssl_protocols   = optional(list(string), [\"TLSv1.2\"])\u003cbr\u003e    }), null)\u003cbr\u003e    domain_name = string\u003cbr\u003e    custom_header = optional(list(object({\u003cbr\u003e      name  = string\u003cbr\u003e      value = string\u003cbr\u003e    })), [])\u003cbr\u003e    origin_access_control_id = optional(string, null)\u003cbr\u003e    origin_path              = optional(string, null)\u003cbr\u003e    origin_shield = optional(object({\u003cbr\u003e      enabled              = bool\u003cbr\u003e      origin_shield_region = string\u003cbr\u003e    }), null)\u003cbr\u003e    s3_origin_config = optional(object({\u003cbr\u003e      origin_access_identity = string\u003cbr\u003e    }), null)\u003cbr\u003e  }))\u003c/pre\u003e | n/a | yes |\n| \u003ca name=\"input_price_class\"\u003e\u003c/a\u003e [price\\_class](#input\\_price\\_class) | Price class for this distribution. One of `PriceClass_All`, `PriceClass_100`, `PriceClass_200`. Defaults to `PriceClass_All`. | `string` | `\"PriceClass_All\"` | no |\n| \u003ca name=\"input_geo_restrictions_locations\"\u003e\u003c/a\u003e [geo\\_restrictions\\_locations](#input\\_geo\\_restrictions\\_locations) | ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (`whitelist`) or not distribute your content (`blacklist`). If the type is specified as `none` an empty array can be used (default). | `list(string)` | `[]` | no |\n| \u003ca name=\"input_geo_restrictions_type\"\u003e\u003c/a\u003e [geo\\_restrictions\\_type](#input\\_geo\\_restrictions\\_type) | Method that you want to use to restrict distribution of your content by country: `none`, `whitelist`, or `blacklist`. | `string` | `\"none\"` | no |\n| \u003ca name=\"input_staging\"\u003e\u003c/a\u003e [staging](#input\\_staging) | A Boolean that indicates whether this is a staging distribution. Defaults to `false`. | `bool` | `false` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | Map of key-value pairs to associate with the resource. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_viewer_certificate\"\u003e\u003c/a\u003e [viewer\\_certificate](#input\\_viewer\\_certificate) | The SSL configuration for this distribution. Will use the cloudfront\\_default\\_certificate unless `acm_certificate_arn` or `iam_certificate_id` are specified (pick one; do not specify both). For specifics on configuration of minimum protocol versions, see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#viewer-certificate-arguments. | \u003cpre\u003eobject({\u003cbr\u003e    acm_certificate_arn      = optional(string, null)\u003cbr\u003e    iam_certificate_id       = optional(string, null)\u003cbr\u003e    minimum_protocol_version = optional(string, \"TLSv1\")\u003cbr\u003e    ssl_support_method       = optional(string, \"sni-only\")\u003cbr\u003e  })\u003c/pre\u003e | \u003cpre\u003e{\u003cbr\u003e  \"acm_certificate_arn\": null,\u003cbr\u003e  \"iam_certificate_id\": null,\u003cbr\u003e  \"minimum_protocol_version\": \"TLSv1\",\u003cbr\u003e  \"ssl_support_method\": null\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_web_acl_id\"\u003e\u003c/a\u003e [web\\_acl\\_id](#input\\_web\\_acl\\_id) | Unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws\\_wafv2\\_web\\_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws\\_waf\\_web\\_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. | `string` | `null` | no |\n| \u003ca name=\"input_retain_on_delete\"\u003e\u003c/a\u003e [retain\\_on\\_delete](#input\\_retain\\_on\\_delete) | Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. Default: `false`. | `bool` | `false` | no |\n| \u003ca name=\"input_wait_for_deployment\"\u003e\u003c/a\u003e [wait\\_for\\_deployment](#input\\_wait\\_for\\_deployment) | If enabled, the resource will wait for the distribution status to change from `InProgress` to `Deployed`. Setting this to `false` will skip the process. Default: `true`. | `bool` | `true` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_cloudfront_distribution_id\"\u003e\u003c/a\u003e [cloudfront\\_distribution\\_id](#output\\_cloudfront\\_distribution\\_id) | The ID of the CloudFront Distribution. |\n| \u003ca name=\"output_cloudfront_distribution_arn\"\u003e\u003c/a\u003e [cloudfront\\_distribution\\_arn](#output\\_cloudfront\\_distribution\\_arn) | The ARN of the CloudFront Distribution. |\n| \u003ca name=\"output_cloudfront_distribution_status\"\u003e\u003c/a\u003e [cloudfront\\_distribution\\_status](#output\\_cloudfront\\_distribution\\_status) | The deployment status of the CloudFront Distribution. |\n| \u003ca name=\"output_cloudfront_distribution_domain_name\"\u003e\u003c/a\u003e [cloudfront\\_distribution\\_domain\\_name](#output\\_cloudfront\\_distribution\\_domain\\_name) | The Domain Name of the CloudFront Distribution. |\n| \u003ca name=\"output_cloudfront_distribution_hosted_zone_id\"\u003e\u003c/a\u003e [cloudfront\\_distribution\\_hosted\\_zone\\_id](#output\\_cloudfront\\_distribution\\_hosted\\_zone\\_id) | The Hosted Zone ID of the CloudFront Distribution. |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaunchbynttdata%2Ftf-aws-module_primitive-cloudfront_distribution","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flaunchbynttdata%2Ftf-aws-module_primitive-cloudfront_distribution","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaunchbynttdata%2Ftf-aws-module_primitive-cloudfront_distribution/lists"}