Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update cloudfront policies module #26

Merged
merged 1 commit into from
Nov 30, 2023
Merged

Update cloudfront policies module #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions modules/cache-policy/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,14 @@ This module creates following resources.

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.19 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.19.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.28.0 |

## Modules

Expand Down
4 changes: 2 additions & 2 deletions modules/cache-policy/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
terraform {
required_version = ">= 1.5"
required_version = ">= 1.6"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.22"
version = ">= 5.19"
}
}
}
12 changes: 6 additions & 6 deletions modules/origin-request-policy/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,14 @@ This module creates following resources.

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.19 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.19.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.28.0 |

## Modules

Expand All @@ -34,9 +34,9 @@ No modules.
|------|-------------|------|---------|:--------:|
| <a name="input_name"></a> [name](#input\_name) | (Required) A unique name to identify the CloudFront Origin Request Policy. | `string` | n/a | yes |
| <a name="input_description"></a> [description](#input\_description) | (Optional) The description of the origin request policy. | `string` | `"Managed by Terraform."` | no |
| <a name="input_forwarding_cookies"></a> [forwarding\_cookies](#input\_forwarding\_cookies) | (Optional) A configuration for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.<br> (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.<br> (Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST`. | <pre>object({<br> behavior = optional(string, "NONE")<br> items = optional(set(string), [])<br> })</pre> | `{}` | no |
| <a name="input_forwarding_headers"></a> [forwarding\_headers](#input\_forwarding\_headers) | (Optional) A configuration for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.<br> (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.<br> (Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. | <pre>object({<br> behavior = optional(string, "NONE")<br> items = optional(set(string), [])<br> })</pre> | `{}` | no |
| <a name="input_forwarding_query_strings"></a> [forwarding\_query\_strings](#input\_forwarding\_query\_strings) | (Optional) A configuration for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.<br> (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.<br> (Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST`. | <pre>object({<br> behavior = optional(string, "NONE")<br> items = optional(set(string), [])<br> })</pre> | `{}` | no |
| <a name="input_forwarding_cookies"></a> [forwarding\_cookies](#input\_forwarding\_cookies) | (Optional) A configuration for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.<br> (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`, `BLACKLIST`. Defaults to `NONE`.<br> (Optional) `items` - A list of cookie names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST`. | <pre>object({<br> behavior = optional(string, "NONE")<br> items = optional(set(string), [])<br> })</pre> | `{}` | no |
| <a name="input_forwarding_headers"></a> [forwarding\_headers](#input\_forwarding\_headers) | (Optional) A configuration for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.<br> (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.<br> (Optional) `items` - A list of header names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. | <pre>object({<br> behavior = optional(string, "NONE")<br> items = optional(set(string), [])<br> })</pre> | `{}` | no |
| <a name="input_forwarding_query_strings"></a> [forwarding\_query\_strings](#input\_forwarding\_query\_strings) | (Optional) A configuration for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.<br> (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.<br> (Optional) `items` - A list of query string names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST`. | <pre>object({<br> behavior = optional(string, "NONE")<br> items = optional(set(string), [])<br> })</pre> | `{}` | no |

## Outputs

Expand Down
6 changes: 3 additions & 3 deletions modules/origin-request-policy/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ resource "aws_cloudfront_origin_request_policy" "this" {
cookie_behavior = local.behaviors[var.forwarding_cookies.behavior]

dynamic "cookies" {
for_each = contains(["WHITELIST"], var.forwarding_cookies.behavior) ? [var.forwarding_cookies] : []
for_each = contains(["WHITELIST", "BLACKLIST"], var.forwarding_cookies.behavior) ? [var.forwarding_cookies] : []

content {
items = cookies.value.items
Expand All @@ -42,7 +42,7 @@ resource "aws_cloudfront_origin_request_policy" "this" {
header_behavior = local.behaviors[var.forwarding_headers.behavior]

dynamic "headers" {
for_each = contains(["WHITELIST", "ALL_VIEWER_AND_CLOUDFRONT_WHITELIST"], var.forwarding_headers.behavior) ? [var.forwarding_headers] : []
for_each = contains(["WHITELIST", "BLACKLIST", "ALL_VIEWER_AND_CLOUDFRONT_WHITELIST"], var.forwarding_headers.behavior) ? [var.forwarding_headers] : []

content {
items = headers.value.items
Expand All @@ -53,7 +53,7 @@ resource "aws_cloudfront_origin_request_policy" "this" {
query_string_behavior = local.behaviors[var.forwarding_query_strings.behavior]

dynamic "query_strings" {
for_each = contains(["WHITELIST"], var.forwarding_query_strings.behavior) ? [var.forwarding_query_strings] : []
for_each = contains(["WHITELIST", "BLACKLIST"], var.forwarding_query_strings.behavior) ? [var.forwarding_query_strings] : []

content {
items = query_strings.value.items
Expand Down
24 changes: 12 additions & 12 deletions modules/origin-request-policy/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ variable "description" {
variable "forwarding_cookies" {
description = <<EOF
(Optional) A configuration for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.
(Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.
(Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST`.
(Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`, `BLACKLIST`. Defaults to `NONE`.
(Optional) `items` - A list of cookie names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST`.
EOF
type = object({
behavior = optional(string, "NONE")
Expand All @@ -24,16 +24,16 @@ variable "forwarding_cookies" {
nullable = false

validation {
condition = contains(["NONE", "WHITELIST", "ALL"], var.forwarding_cookies.behavior)
error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, and `ALL`."
condition = contains(["NONE", "WHITELIST", "ALL", "BLACKLIST"], var.forwarding_cookies.behavior)
error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, `ALL`, and `BLACKLIST`."
}
}

variable "forwarding_headers" {
description = <<EOF
(Optional) A configuration for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.
(Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.
(Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`.
(Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.
(Optional) `items` - A list of header names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`.
EOF
type = object({
behavior = optional(string, "NONE")
Expand All @@ -43,16 +43,16 @@ variable "forwarding_headers" {
nullable = false

validation {
condition = contains(["NONE", "WHITELIST", "ALL_VIEWER", "ALL_VIEWER_AND_CLOUDFRONT_WHITELIST"], var.forwarding_headers.behavior)
error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`."
condition = contains(["NONE", "WHITELIST", "BLACKLIST", "ALL_VIEWER", "ALL_VIEWER_AND_CLOUDFRONT_WHITELIST"], var.forwarding_headers.behavior)
error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`."
}
}

variable "forwarding_query_strings" {
description = <<EOF
(Optional) A configuration for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.
(Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.
(Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST`.
(Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.
(Optional) `items` - A list of query string names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST`.
EOF
type = object({
behavior = optional(string, "NONE")
Expand All @@ -62,7 +62,7 @@ variable "forwarding_query_strings" {
nullable = false

validation {
condition = contains(["NONE", "WHITELIST", "ALL"], var.forwarding_query_strings.behavior)
error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, and `ALL`."
condition = contains(["NONE", "WHITELIST", "BLACKLIST", "ALL"], var.forwarding_query_strings.behavior)
error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, `BLACKLIST`, and `ALL`."
}
}
4 changes: 2 additions & 2 deletions modules/origin-request-policy/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
terraform {
required_version = ">= 1.5"
required_version = ">= 1.6"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.22"
version = ">= 5.19"
}
}
}
Loading