https://github.com/coolapso/terraform-aws-cloudfront-and-edge
Terraform module to serve static website from s3 with cloudfront and lambda@egde function for subdirectories
https://github.com/coolapso/terraform-aws-cloudfront-and-edge
Last synced: about 2 months ago
JSON representation
Terraform module to serve static website from s3 with cloudfront and lambda@egde function for subdirectories
- Host: GitHub
- URL: https://github.com/coolapso/terraform-aws-cloudfront-and-edge
- Owner: coolapso
- License: mit
- Created: 2024-02-17T21:24:35.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-07-02T21:28:30.000Z (almost 2 years ago)
- Last Synced: 2025-06-02T23:10:58.647Z (about 1 year ago)
- Language: HCL
- Size: 32.2 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Terraform AWS Cloudfront for s3
Fully written and tested using [OpenTofu](https://github.com/opentofu/opentofu)
Simple AWS Cloudfront to serve static websites from S3.
## Key features
* lambda@edge function if you want to serve content in subfolders without needing to provide the index.html,
for example: `https://foo.bar/somepage/`
* Custom error reponses
## TODO:
* Add tests
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.0 |
| [aws](#requirement\_aws) | >= 5.0.0 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 5.0.0 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [aws_cloudfront_cache_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_cache_policy) | resource |
| [aws_cloudfront_distribution.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
| [aws_cloudfront_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_function) | resource |
| [aws_cloudfront_origin_access_control.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_access_control) | resource |
| [aws_s3_bucket_policy.allow_cloudfront](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
| [aws_cloudfront_cache_policy.managed](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudfront_cache_policy) | data source |
| [aws_iam_policy_document.allow_cloudfront](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [acm\_certificate\_arn](#input\_acm\_certificate\_arn) | ACM Certificate ARN, must be us-east-1 | `string` | n/a | yes |
| [aliases](#input\_aliases) | Alternate domain names | `list(string)` | `null` | no |
| [allowed\_methods](#input\_allowed\_methods) | default cache behavior allowed methods | `list(string)` |
[
"GET",
"HEAD"
]
| no |
| [attach\_s3\_bucket\_policy](#input\_attach\_s3\_bucket\_policy) | attach a policy to s3 bucket to allow this distribution | `bool` | `true` | no |
| [cache\_policy\_comment](#input\_cache\_policy\_comment) | Cache policy Comment/description | `string` | `null` | no |
| [cache\_policy\_name](#input\_cache\_policy\_name) | The cache policy name | `string` | `null` | no |
| [cached\_methods](#input\_cached\_methods) | default cache behavior cached methods | `list(string)` | [
"GET",
"HEAD"
]
| no |
| [cloudfront\_origin\_description](#input\_cloudfront\_origin\_description) | Description for the origin | `string` | n/a | yes |
| [cloudfront\_origin\_name](#input\_cloudfront\_origin\_name) | The name of the cloudfront origin | `string` | n/a | yes |
| [cookies\_forwarding\_behavior](#input\_cookies\_forwarding\_behavior) | Whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. | `string` | `"none"` | no |
| [custom\_cache\_policy](#input\_custom\_cache\_policy) | If going to create a custom cache policy | `bool` | `false` | no |
| [custom\_edge\_function\_associations](#input\_custom\_edge\_function\_associations) | Edge functions to associate with the distribution | map(object({
event_type = string
function_arn = string
})) | `{}` | no |
| [custom\_error\_responses](#input\_custom\_error\_responses) | Custom error response definitions | list(object({
error_caching_min_ttl = optional(number)
error_code = optional(number)
response_code = optional(number)
response_page_path = optional(string)
})) | `null` | no |
| [default\_root\_object](#input\_default\_root\_object) | The default website root object | `string` | `null` | no |
| [default\_ttl](#input\_default\_ttl) | Default cache ttl | `number` | `1800` | no |
| [enable\_cloudfront\_origin\_access\_control](#input\_enable\_cloudfront\_origin\_access\_control) | enable/disable cloudfront origin access control | `bool` | `true` | no |
| [enable\_distribution](#input\_enable\_distribution) | Enables the cf distributuion | `bool` | `true` | no |
| [enable\_ipv6](#input\_enable\_ipv6) | Enables ipv6 for the cloudfront distributuion | `bool` | `true` | no |
| [enable\_noindex\_function](#input\_enable\_noindex\_function) | Enables lambda@edge function to serve files inside subfolders | `bool` | `true` | no |
| [geo\_restriction\_locations](#input\_geo\_restriction\_locations) | locations to apply restrictions to | `list(string)` | `[]` | no |
| [geo\_restriction\_type](#input\_geo\_restriction\_type) | whitelist/blacklist | `string` | `"none"` | no |
| [headers\_forwarding\_behavior](#input\_headers\_forwarding\_behavior) | Whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin | `string` | `"none"` | no |
| [managed\_cache\_policy\_name](#input\_managed\_cache\_policy\_name) | The default cache policy name | `string` | `null` | no |
| [max\_ttl](#input\_max\_ttl) | Max cache ttl | `number` | `3600` | no |
| [min\_ttl](#input\_min\_ttl) | Min cache ttl | `number` | `0` | no |
| [origin\_access\_identity](#input\_origin\_access\_identity) | CloudFront S3 origin configuration information | `string` | `null` | no |
| [price\_class](#input\_price\_class) | Price class for this distribution | `string` | `"PriceClass_All"` | no |
| [query\_string\_forwarding\_behavior](#input\_query\_string\_forwarding\_behavior) | Whether URL query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin | `string` | `"none"` | no |
| [s3\_bucket\_id](#input\_s3\_bucket\_id) | Name of s3 bucket | `string` | n/a | yes |
| [s3\_objects](#input\_s3\_objects) | The s3 onjects to allow access to ARN/objects | `list(any)` | n/a | yes |
| [s3\_origin\_id](#input\_s3\_origin\_id) | unique origin id | `string` | `"s3Website"` | no |
| [s3\_origin\_path](#input\_s3\_origin\_path) | objects origin path if using subfolders | `string` | `null` | no |
| [s3\_regional\_domain\_name](#input\_s3\_regional\_domain\_name) | The regional domain name of the bucket | `string` | n/a | yes |
| [ssl\_support\_method](#input\_ssl\_support\_method) | SSL support method to be used | `string` | `"sni-only"` | no |
| [tls\_minimum\_protocol\_version](#input\_tls\_minimum\_protocol\_version) | Minimum TLS version | `string` | `"TLSv1.2_2021"` | no |
| [viewer\_protocol\_policy](#input\_viewer\_protocol\_policy) | specify the protocol that users can use to access the files in the origin | `string` | `"redirect-to-https"` | no |
## Outputs
No outputs.