Terraform Modules Template

Requirements

Name	Version
terraform	>= 1.3
aws	>= 4.50

Providers

Name	Version
aws	>= 4.50

Modules

Name	Source	Version
acm	terraform-aws-modules/acm/aws	~> 4.3.0
cdn	terraform-aws-modules/cloudfront/aws	~> 3.1.0
s3	terraform-aws-modules/s3-bucket/aws	~> 3.5.0

Resources

Name	Type
aws_cloudfront_function.viewer_request	resource
aws_route53_record.acm	resource
aws_route53_record.domain	resource
aws_s3_bucket_policy.docs	resource
aws_cloudfront_cache_policy.this	data source
aws_cloudfront_origin_request_policy.this	data source
aws_cloudfront_response_headers_policy.this	data source
aws_iam_policy_document.s3_policy	data source
aws_iam_policy_document.s3_policy_merge	data source

Inputs

Name	Description	Type	Default	Required
acl	Private or Public ACL	string	"private"	no
acm_key_algorithm	ACM certificate algorithm	string	"EC_prime256v1"	no
attach_policy	Controls if S3 bucket should have bucket policy attached (set to true to use value of policy as bucket policy)	bool	true	no
block_public_acls	Whether Amazon S3 should block public ACLs for this bucket.	bool	true	no
block_public_policy	Whether Amazon S3 should block public bucket policies for this bucket.	bool	true	no
bucket_name	bucket name	string	""	no
certificate_settings	CloudFront certificate settings	any	{ "minimum_protocol_version": "TLSv1.2_2021", "ssl_support_method": "sni-only" }	no
cors_rule	List of maps containing rules for Cross-Origin Resource Sharing for S3 bucket.	any	{ "cors_rule": { "allowed_headers": [ "" ], "allowed_methods": [ "PUT", "POST", "GET", "DELETE" ], "allowed_origins": [ "" ], "expose_headers": [ "ETag" ], "max_age_seconds": 3000 } }	no
create_origin_access_identity	Whether Amazon S3 should restrict public bucket policies for this bucket.	bool	true	no
custom_error_response	Custom error response settings, if any	list(any)	[ { "error_code": 404, "response_code": 404, "response_page_path": "/errors/404.html" }, { "error_code": 403, "response_code": 403, "response_page_path": "/errors/403.html" } ]	no
default_cache_behavior	The default cache behavior for this distribution	any	{}	no
default_index_function_name	Name of the CloudFront Function to create for index page redirection	string	"default_viewer_request"	no
default_root_object	Default root object	string	"index.html"	no
domains	Domains to update DNS records for amd create ACM certificates	map(object({ # Key is arbitrary and not used dns_zone_id = optional(string) domain = string create_alias_record = optional(bool, true) include_in_acm = optional(bool, false) create_acm_record = optional(bool, true) }))	{}	no
geo_restriction	Geo-restriction settings, if any	any	{}	no
ignore_public_acls	Whether Amazon S3 should ignore public ACLs for this bucket.	bool	true	no
lifecycle_rule	List of maps containing configuration of object lifecycle management.	any	[]	no
logging	Map containing access bucket logging configuration.	map(string)	{}	no
ordered_cache_behavior	An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.	any	[]	no
origin	One or more origins for this distribution (multiples allowed).	any	{}	no
origin_access_identities	Map of CloudFront origin access identities (value as a comment)	map(string)	{}	no
origin_path	Origin path to a specific directory in s3	string	""	no
policy	A valid bucket policy JSON document (Optional)	string	""	no
price_class	The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100	string	"PriceClass_All"	no
restrict_public_buckets	Whether Amazon S3 should restrict public bucket policies for this bucket.	bool	true	no
server_side_encryption_configuration	Map containing server-side encryption configuration.	any	{}	no
versioning	Map containing versioning configuration.	map(string)	{ "enabled": true }	no
wait_for_deployment	Whether Amazon S3 should restrict public bucket policies for this bucket.	bool	false	no
web_acl_id	A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.	string	""	no
website	Map containing static web-site hosting or redirect configuration.	any	{ "error_document": "error.html", "index_document": "index.html" }	no

Outputs

Name	Description
cloudfront_distribution_arn	The ARN (Amazon Resource Name) for the distribution.
cloudfront_distribution_domain_name	The domain name corresponding to the distribution.
cloudfront_distribution_hosted_zone_id	Route53 Zone ID for the Cloudfront Distribution
cloudfront_distribution_id	The Arn of the cloudfront distribution
cloudfront_origin_access_identity_iam_arns	The IAM arns of the origin access identities created
s3_bucket_arn	The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
s3_bucket_bucket_domain_name	The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
s3_bucket_bucket_regional_domain_name	The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
s3_bucket_id	The name of the bucket.