{"id":46573329,"url":"https://github.com/ministryofjustice/cloud-platform-terraform-cloudfront","last_synced_at":"2026-03-07T09:03:24.101Z","repository":{"id":139191659,"uuid":"572635264","full_name":"ministryofjustice/cloud-platform-terraform-cloudfront","owner":"ministryofjustice","description":"CloudFront distribution for use on the Cloud Platform","archived":false,"fork":false,"pushed_at":"2025-12-02T16:07:12.000Z","size":89,"stargazers_count":1,"open_issues_count":4,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-12-03T21:55:25.671Z","etag":null,"topics":["cloud-platform-engineering"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ministryofjustice.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-11-30T17:39:46.000Z","updated_at":"2025-12-01T10:15:59.000Z","dependencies_parsed_at":"2024-08-29T15:01:13.630Z","dependency_job_id":"70834425-dae6-4f64-8a62-a2381b244d2d","html_url":"https://github.com/ministryofjustice/cloud-platform-terraform-cloudfront","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":"ministryofjustice/cloud-platform-terraform-template","purl":"pkg:github/ministryofjustice/cloud-platform-terraform-cloudfront","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcloud-platform-terraform-cloudfront","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcloud-platform-terraform-cloudfront/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcloud-platform-terraform-cloudfront/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcloud-platform-terraform-cloudfront/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ministryofjustice","download_url":"https://codeload.github.com/ministryofjustice/cloud-platform-terraform-cloudfront/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcloud-platform-terraform-cloudfront/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30210373,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-07T09:02:10.694Z","status":"ssl_error","status_checked_at":"2026-03-07T09:02:08.429Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-platform-engineering"],"created_at":"2026-03-07T09:03:23.485Z","updated_at":"2026-03-07T09:03:24.086Z","avatar_url":"https://github.com/ministryofjustice.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cloud-platform-terraform-cloudfront\n\n[![Releases](https://img.shields.io/github/v/release/ministryofjustice/cloud-platform-terraform-cloudfront.svg)](https://github.com/ministryofjustice/cloud-platform-terraform-cloudfront/releases)\n\nThis Terraform module will create an [Amazon CloudFront](https://aws.amazon.com/cloudfront/) distribution to use with an S3 origin for use on the Cloud Platform.\n\n## Usage\n\n```hcl\nmodule \"cloudfront\" {\n  source = \"github.com/ministryofjustice/cloud-platform-terraform-cloudfront?ref=version\" # use the latest release\n\n  # Configuration\n  bucket_id          = module.s3.bucket_name\n  bucket_domain_name = module.s3.bucket_domain_name\n\n  # Tags\n  business_unit          = var.business_unit\n  application            = var.application\n  is_production          = var.is_production\n  team_name              = var.team_name\n  namespace              = var.namespace\n  environment_name       = var.environment\n  infrastructure_support = var.infrastructure_support\n  service_area           = var.service_area\n\n  # Ordered cache behaviors (optional)\n  enable_ordered_cache_behavior = true # Default is false\n\n  ordered_cache_behavior = {\n    path_pattern = \"/images/*\"\n    # Optional parameters\n    # cache_policy_id = \"4135ea2d-6df8-44a3-9df3-4b5a84be39ad\" ### CachingDisabled\n  }\n}\n```\nSee the [examples/](examples/) folder for more information.\n\n\ncache policy id can be changed to match your requirements. Here is the documentation on [CloudFront cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache.html#cache-policy-overview).\n\n- [Main Cache Policy Documentation](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html)\n- [Using Managed Cache Policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html)\n- [List of AWS Managed Cache Policies (with IDs)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html#managed-cache-policies-list)\n- [Creating Custom Cache Policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cache-key-create-cache-policy.html)\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.2.5 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 4.0.0 |\n| \u003ca name=\"requirement_random\"\u003e\u003c/a\u003e [random](#requirement\\_random) | \u003e= 3.0.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | \u003e= 4.0.0 |\n| \u003ca name=\"provider_random\"\u003e\u003c/a\u003e [random](#provider\\_random) | \u003e= 3.0.0 |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_cloudfront_distribution.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |\n| [aws_cloudfront_key_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_key_group) | resource |\n| [aws_cloudfront_origin_access_control.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_access_control) | resource |\n| [aws_cloudfront_public_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_public_key) | resource |\n| [aws_s3_bucket_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |\n| [random_id.id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |\n| [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_ssm_parameter.prisoner_content_hub](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_aliases\"\u003e\u003c/a\u003e [aliases](#input\\_aliases) | Extra CNAMEs (alternate domain names), if any, for this distribution. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_aliases_cert_arn\"\u003e\u003c/a\u003e [aliases\\_cert\\_arn](#input\\_aliases\\_cert\\_arn) | ACM certificate ARN for the aliases | `string` | `null` | no |\n| \u003ca name=\"input_application\"\u003e\u003c/a\u003e [application](#input\\_application) | Application name | `string` | n/a | yes |\n| \u003ca name=\"input_attach_bucket_policy\"\u003e\u003c/a\u003e [attach\\_bucket\\_policy](#input\\_attach\\_bucket\\_policy) | n/a | `bool` | `true` | no |\n| \u003ca name=\"input_bucket_domain_name\"\u003e\u003c/a\u003e [bucket\\_domain\\_name](#input\\_bucket\\_domain\\_name) | S3 bucket domain name to serve content from | `string` | n/a | yes |\n| \u003ca name=\"input_bucket_id\"\u003e\u003c/a\u003e [bucket\\_id](#input\\_bucket\\_id) | S3 bucket ID to serve content from (used to automatically create the appropriate policy) | `string` | n/a | yes |\n| \u003ca name=\"input_business_unit\"\u003e\u003c/a\u003e [business\\_unit](#input\\_business\\_unit) | Area of the MOJ responsible for the service | `string` | n/a | yes |\n| \u003ca name=\"input_custom_error_response\"\u003e\u003c/a\u003e [custom\\_error\\_response](#input\\_custom\\_error\\_response) | One or more custom error response elements | `list(any)` | `[]` | no |\n| \u003ca name=\"input_default_cache_behavior\"\u003e\u003c/a\u003e [default\\_cache\\_behavior](#input\\_default\\_cache\\_behavior) | Default cache behaviour | `map(any)` | `{}` | no |\n| \u003ca name=\"input_default_root_object\"\u003e\u003c/a\u003e [default\\_root\\_object](#input\\_default\\_root\\_object) | Object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. | `string` | `null` | no |\n| \u003ca name=\"input_enable_ordered_cache_behavior\"\u003e\u003c/a\u003e [enable\\_ordered\\_cache\\_behavior](#input\\_enable\\_ordered\\_cache\\_behavior) | Whether to enable ordered cache behavior | `bool` | `false` | no |\n| \u003ca name=\"input_environment_name\"\u003e\u003c/a\u003e [environment\\_name](#input\\_environment\\_name) | Environment name | `string` | n/a | yes |\n| \u003ca name=\"input_geo_restriction\"\u003e\u003c/a\u003e [geo\\_restriction](#input\\_geo\\_restriction) | Geographical restrictions | `map(any)` | `{}` | no |\n| \u003ca name=\"input_infrastructure_support\"\u003e\u003c/a\u003e [infrastructure\\_support](#input\\_infrastructure\\_support) | The team responsible for managing the infrastructure. Should be of the form \u003cteam-name\u003e (\u003cteam-email\u003e) | `string` | n/a | yes |\n| \u003ca name=\"input_ip_allow_listing_environment\"\u003e\u003c/a\u003e [ip\\_allow\\_listing\\_environment](#input\\_ip\\_allow\\_listing\\_environment) | [Prisoner Content Hub only]: specify the environment name to restrict CloudFront to a preset IP allow-list, either `development`, `staging`, `production`. Leave empty for unrestricted access. | `string` | `null` | no |\n| \u003ca name=\"input_is_production\"\u003e\u003c/a\u003e [is\\_production](#input\\_is\\_production) | Whether this is used for production or not | `string` | n/a | yes |\n| \u003ca name=\"input_namespace\"\u003e\u003c/a\u003e [namespace](#input\\_namespace) | Namespace name | `string` | n/a | yes |\n| \u003ca name=\"input_opt_in_xsiam_logging\"\u003e\u003c/a\u003e [opt\\_in\\_xsiam\\_logging](#input\\_opt\\_in\\_xsiam\\_logging) | If set to true, it will send cloudfront logs to an S3 bucket and send them to Cortex XSIAM. | `bool` | `false` | no |\n| \u003ca name=\"input_ordered_cache_behavior\"\u003e\u003c/a\u003e [ordered\\_cache\\_behavior](#input\\_ordered\\_cache\\_behavior) | Ordered cache behavior configuration. Must include path\\_pattern. Optional: allowed\\_methods, cached\\_methods, compress, default\\_ttl, max\\_ttl, min\\_ttl, cache\\_policy\\_id, response\\_headers\\_policy\\_id | `map(any)` | `{}` | no |\n| \u003ca name=\"input_origin\"\u003e\u003c/a\u003e [origin](#input\\_origin) | Origin configuration (origin.connection\\_attempts, origin.connection\\_timeout) | `map(any)` | `{}` | no |\n| \u003ca name=\"input_price_class\"\u003e\u003c/a\u003e [price\\_class](#input\\_price\\_class) | Price Class to use | `string` | `\"PriceClass_All\"` | no |\n| \u003ca name=\"input_service_area\"\u003e\u003c/a\u003e [service\\_area](#input\\_service\\_area) | The MOJ service area this application supports | `string` | n/a | yes |\n| \u003ca name=\"input_team_name\"\u003e\u003c/a\u003e [team\\_name](#input\\_team\\_name) | Team name | `string` | n/a | yes |\n| \u003ca name=\"input_trusted_public_keys\"\u003e\u003c/a\u003e [trusted\\_public\\_keys](#input\\_trusted\\_public\\_keys) | Public key in PEM format. Including --- BEGIN PUBLIC KEY --- and --- END PUBLIC KEY ---. Optional comment. | \u003cpre\u003elist(object({\u003cbr/\u003e    encoded_key = string\u003cbr/\u003e    comment     = string\u003cbr/\u003e    associate   = bool\u003cbr/\u003e  }))\u003c/pre\u003e | `[]` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_cloudfront_hosted_zone_id\"\u003e\u003c/a\u003e [cloudfront\\_hosted\\_zone\\_id](#output\\_cloudfront\\_hosted\\_zone\\_id) | The CloudFront Route 53 zone ID |\n| \u003ca name=\"output_cloudfront_public_keys\"\u003e\u003c/a\u003e [cloudfront\\_public\\_keys](#output\\_cloudfront\\_public\\_keys) | The CloudFront public key IDs, with reference to the public key's comment, defaults to first 8 characters of it's sha256. |\n| \u003ca name=\"output_cloudfront_url\"\u003e\u003c/a\u003e [cloudfront\\_url](#output\\_cloudfront\\_url) | The CloudFront distrubtion domain name |\n\u003c!-- END_TF_DOCS --\u003e\n\n## Tags\n\nSome of the inputs for this module are tags. All infrastructure resources must be tagged to meet the MOJ Technical Guidance on [Documenting owners of infrastructure](https://technical-guidance.service.justice.gov.uk/documentation/standards/documenting-infrastructure-owners.html).\n\nYou should use your namespace variables to populate these. See the [Usage](#usage) section for more information.\n\n## Reading Material\n\n- [Cloud Platform user guide](https://user-guide.cloud-platform.service.justice.gov.uk/#cloud-platform-user-guide)\n- [Amazon CloudFront developer guide](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fministryofjustice%2Fcloud-platform-terraform-cloudfront","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fministryofjustice%2Fcloud-platform-terraform-cloudfront","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fministryofjustice%2Fcloud-platform-terraform-cloudfront/lists"}