S3, CloudFront, Dynamic Lambda@Edge functions. Based on Terraform AWS modules
data "aws_caller_identity" "current" {}
data "aws_region" "current" {}
locals {
logging_bucket_name = "access-logs-${md5(format("%s-%s", data.aws_caller_identity.current.account_id, data.aws_region.current.name))}"
s3_bucket_name = "web-service-${md5(format("%s-%s", data.aws_caller_identity.current.account_id, data.aws_region.current.name))}"
}
module "website" {
source = "../"
acm_domain_name = "*.example.com"
aliases = ["tewfew23d23as.example.com", "zs3ft6ers3as.example.com"]
logging_bucket_name = local.logging_bucket_name
s3_bucket_name = local.s3_bucket_name
forwarded_values_query_string = true
include_cookies = true
custom_error_response = {
error404 = {
error_code = 404
error_caching_min_ttl = 300
response_code = 200
response_page_path = "/404/index.html"
}
}
lambda_origin_response = {
create = true
function_name = "addResponseHeaders"
description = "Response Headers for CloudFront and S3"
handler = "index.handler"
runtime = "nodejs12.x"
source_path = "./functions/addResponseHeaders"
role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/lambda_at_edge"
}
s3_cors_rules = [
{
allowed_methods = ["GET"]
allowed_origins = ["https://api.example.com"]
allowed_headers = ["Authorization", "Content-Length"]
expose_headers = []
max_age_seconds = 3000
}
]
tags = {}
}| Name | Version |
|---|---|
| terraform | >= 0.13.1 |
| aws | ~> 3.69 |
| external | >= 1.0 |
| local | >= 1.0 |
| null | >= 2.0 |
| Name | Version |
|---|---|
| aws | ~> 3.69 |
| aws.us-east-1 | ~> 3.69 |
| random | n/a |
| Name | Source | Version |
|---|---|---|
| cloudfront | terraform-aws-modules/cloudfront/aws | 2.9.2 |
| lambda_origin_request | terraform-aws-modules/lambda/aws | 2.34.0 |
| lambda_origin_response | terraform-aws-modules/lambda/aws | 2.34.0 |
| lambda_viewer_request | terraform-aws-modules/lambda/aws | 2.34.0 |
| lambda_viewer_response | terraform-aws-modules/lambda/aws | 2.34.0 |
| s3_bucket | terraform-aws-modules/s3-bucket/aws | 2.14.1 |
| Name | Type |
|---|---|
| random_uuid.lambda_origin_request | resource |
| random_uuid.lambda_origin_response | resource |
| random_uuid.lambda_viewer_request | resource |
| random_uuid.lambda_viewer_response | resource |
| aws_acm_certificate.this | data source |
| aws_iam_policy_document.s3_policy | data source |
| aws_iam_role.lambda_origin_request | data source |
| aws_iam_role.lambda_origin_response | data source |
| aws_iam_role.lambda_viewer_request | data source |
| aws_iam_role.lambda_viewer_response | data source |
| aws_s3_bucket.logging | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| acm_domain_name | Domain names used to find TLS certificate | string |
n/a | yes |
| aliases | Alternate domain names for cloudfront distribution | list(string) |
n/a | yes |
| cloudwatch_logs_retention_in_days | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | number |
14 |
no |
| create | Controls whether resources should be created | bool |
true |
no |
| create_monitoring_subscription | If enabled, the resource for monitoring subscription for CloudFront will created. | bool |
false |
no |
| custom_error_response | One or more custom error response elements | any |
{} |
no |
| forwarded_values_query_string | Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior. | bool |
false |
no |
| include_cookies | Specifies whether you want CloudFront to include cookies in access logs | bool |
false |
no |
| index_document | Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders. | string |
"index.html" |
no |
| lambda_origin_request | Lambda configuration for origin-request | object({ |
{ |
no |
| lambda_origin_response | Lambda configuration for origin-response | object({ |
{ |
no |
| lambda_viewer_request | Lambda configuration for viewer-request | object({ |
{ |
no |
| lambda_viewer_response | Lambda configuration for viewer-response | object({ |
{ |
no |
| logging_bucket_name | S3 bucket name for access logs | string |
n/a | yes |
| minimum_protocol_version | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can TLSv1.2_2019 or TLSv1.2_2021 | string |
"TLSv1.2_2019" |
no |
| price_class | The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100 | string |
"PriceClass_100" |
no |
| retain_on_delete | Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. | bool |
false |
no |
| s3_bucket_name | Name for S3 Bucket | string |
n/a | yes |
| s3_versioning | Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. | bool |
false |
no |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
| Name | Description |
|---|---|
| cloudfront_distribution_id | The identifier for the CloudFront distribution |
| s3_bucket_id | The name of the S3 bucket |