| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | >= 4.0.0 |
| okta | >= 4.0.0 |
| Name | Version |
|---|---|
| aws | >= 4.0.0 |
| aws.cloudfront | >= 4.0.0 |
| okta | >= 4.0.0 |
| tls | n/a |
| Name | Source | Version |
|---|---|---|
| authentication | github.com/schubergphilis/terraform-aws-mcaf-lambda | v0.3.3 |
| origin_bucket | github.com/schubergphilis/terraform-aws-mcaf-s3 | v0.8.0 |
| Name | Type |
|---|---|
| aws_acm_certificate.default | resource |
| aws_acm_certificate_validation.default | resource |
| aws_cloudfront_distribution.default | resource |
| aws_cloudfront_origin_access_identity.default | resource |
| aws_route53_record.cloudfront | resource |
| aws_route53_record.validation | resource |
| aws_ssm_parameter.client_id | resource |
| aws_ssm_parameter.client_secret | resource |
| aws_ssm_parameter.cookie_domain | resource |
| aws_ssm_parameter.okta_org_name | resource |
| aws_ssm_parameter.private_key | resource |
| aws_ssm_parameter.public_key | resource |
| aws_ssm_parameter.redirect_uri | resource |
| okta_app_group_assignments.default | resource |
| okta_app_oauth.default | resource |
| tls_private_key.default | resource |
| aws_iam_policy_document.authentication | data source |
| aws_iam_policy_document.origin_bucket | data source |
| aws_region.current | data source |
| aws_route53_zone.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | The name of the CloudFront distribution | string |
n/a | yes |
| subdomain | A DNS subdomain for this distribution | string |
n/a | yes |
| tags | A mapping of tags to assign to all resources | map(string) |
n/a | yes |
| zone_id | ID of the Route53 zone in which to create the subdomain record | string |
n/a | yes |
| additional_redirect_uris | Additional login redirect URLs | list(string) |
null |
no |
| aliases | Extra CNAMEs (alternate domain names), if any, for this distribution | list(string) |
[] |
no |
| allowed_methods | Controls which HTTP methods CloudFront processes and forwards | list(string) |
[ |
no |
| application_logo | Relative path to the application logo image | string |
null |
no |
| authentication | Whether to protect the cloudfront distribution behind an Okta application | bool |
false |
no |
| block_public_acls | Whether Amazon S3 should block public ACLs for this bucket | bool |
true |
no |
| block_public_policy | Whether Amazon S3 should block public bucket policies for this bucket | bool |
true |
no |
| bucket_policy | The bucket policy to merge with the Cloudfront permissions | string |
null |
no |
| cached_methods | Controls whether CloudFront caches the response to requests | list(string) |
[ |
no |
| certificate_arn | The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution | string |
null |
no |
| comment | Any comments you want to include about the distribution | string |
null |
no |
| compress | Whether you want CloudFront to automatically compress content for web requests | bool |
false |
no |
| cookie_domain | The domain to set the authentication cookie on | string |
null |
no |
| cors_allowed_headers | Specifies which headers are allowed | list(string) |
[ |
no |
| cors_allowed_methods | Specifies which methods are allowed | list(string) |
[ |
no |
| cors_allowed_origins | Specifies which origins are allowed | list(string) |
[] |
no |
| cors_expose_headers | Specifies expose header in the response | list(string) |
[ |
no |
| cors_max_age_seconds | Specifies time (in seconds) the browser can cache the response for a preflight request | number |
3600 |
no |
| custom_error_response | List of one or more custom error response elements | list(object({ |
[] |
no |
| default_root_object | The object that you want CloudFront to return | string |
"index.html" |
no |
| default_ttl | Default amount of time (in seconds) that an object is in a CloudFront cache | number |
3600 |
no |
| deployment_arn | A resource ARN that can be used to deploy content to the origin bucket | string |
null |
no |
| enabled | Whether the distribution is enabled to accept requests for content | bool |
true |
no |
| force_destroy | A boolean indicating all resources (and their data) should be deleted on destroy | bool |
false |
no |
| forward_cookies | Specifies whether you want CloudFront to forward cookies | string |
"none" |
no |
| forward_headers | Specifies the headers you want CloudFront to vary upon for this cache behavior | list(string) |
[ |
no |
| forward_query_strings | Specifies whether you want CloudFront to forward query strings | bool |
false |
no |
| geo_restriction_locations | The country codes for which you want CloudFront to whitelist or blacklist your content | list(string) |
null |
no |
| geo_restriction_type | The method that you want to use to restrict distribution of your content by country | string |
"none" |
no |
| hide_ios | Do not display the Okta application icon to users on mobile app | bool |
false |
no |
| hide_web | Do not display the Okta application icon to users | bool |
false |
no |
| ignore_public_acls | Whether Amazon S3 should ignore public ACLs for this bucket | bool |
true |
no |
| ipv6_enabled | Whether IPv6 is enabled for the distribution | bool |
false |
no |
| lambda_function_association | A config block that triggers a lambda function with specific actions | list(object({ |
[] |
no |
| logging | Enables logging for this distribution | bool |
true |
no |
| login_uri_path | Optional path to the login URL | string |
null |
no |
| max_ttl | Maximum amount of time (in seconds) that an object is in a CloudFront cache | number |
86400 |
no |
| min_ttl | Minimum amount of time that you want objects to stay in CloudFront caches | number |
0 |
no |
| minimum_protocol_version | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections | string |
"TLSv1.1_2016" |
no |
| okta_app_name | The Okta OIDC application name | string |
null |
no |
| okta_groups | The default groups assigned to the Okta OIDC application | list(string) |
[] |
no |
| okta_org_name | The Okta organization for the OIDC application | string |
null |
no |
| okta_spa | Set to true if this is a single page web application | bool |
false |
no |
| origin_path | A path that CloudFront uses to request your content from a specific directory | string |
"" |
no |
| price_class | Price class for this distribution | string |
"PriceClass_100" |
no |
| redirect_uri_path | Path to the login redirect URL | string |
"_callback" |
no |
| restrict_public_buckets | Whether Amazon S3 should restrict public bucket policies for this bucket | bool |
true |
no |
| use_regional_endpoint | Whether to use a regional instead of the global endpoint address | bool |
false |
no |
| viewer_protocol_policy | Use this element to specify the protocol that users can use to access the files | string |
"redirect-to-https" |
no |
| wait_for_deployment | Whether to wait for the deployment of the CloudFront Distribution to be complete | bool |
true |
no |
| Name | Description |
|---|---|
| application_fqdn | Custom FQDN pointing to the distributed application |
| arn | ARN of the CloudFront distribution |
| bucket_arn | ARN of the origin bucket |
| bucket_name | Name of the origin bucket |
| distribution_fqdn | FQDN pointing to the distribution |
| etag | Current version of the distribution's information |
| id | ID of the CloudFront distribution |
| jwt_public_key | The JWT public key |
| okta_client_id | Okta App Client ID |
| status | Current status of the distribution |