AWS CloudFront Terraform module
Terraform module which creates AWS CloudFront resources with all (or almost all) features provided by Terraform AWS provider.
CloudFront distribution with versioning enabled
module "cdn" {
source = " terraform-aws-modules/cloudfront/aws"
aliases = [" cdn.example.com" ]
comment = " My awesome CloudFront"
enabled = true
is_ipv6_enabled = true
price_class = " PriceClass_All"
retain_on_delete = false
wait_for_deployment = false
create_origin_access_identity = true
origin_access_identities = {
s3_bucket_one = " My awesome CloudFront can access"
}
logging_config = {
bucket = " logs-my-cdn.s3.amazonaws.com"
}
origin = {
something = {
domain_name = " something.example.com"
custom_origin_config = {
http_port = 80
https_port = 443
origin_protocol_policy = " match-viewer"
origin_ssl_protocols = [" TLSv1" ]
}
}
s3_one = {
domain_name = " my-s3-bycket.s3.amazonaws.com"
s3_origin_config = {
origin_access_identity = " s3_bucket_one"
}
}
}
default_cache_behavior = {
target_origin_id = " something"
viewer_protocol_policy = " allow-all"
allowed_methods = [" GET" , " HEAD" , " OPTIONS" ]
cached_methods = [" GET" , " HEAD" ]
compress = true
query_string = true
}
ordered_cache_behavior = [
{
path_pattern = " /static/*"
target_origin_id = " s3_one"
viewer_protocol_policy = " redirect-to-https"
allowed_methods = [" GET" , " HEAD" , " OPTIONS" ]
cached_methods = [" GET" , " HEAD" ]
compress = true
query_string = true
}
]
viewer_certificate = {
acm_certificate_arn = " arn:aws:acm:us-east-1:135367859851:certificate/1032b155-22da-4ae0-9f69-e206f825458b"
ssl_support_method = " sni-only"
}
}
Complete - Complete example which creates AWS CloudFront distribution and integrates it with other terraform-aws-modules to create additional resources: S3 buckets, Lambda Functions, CloudFront Functions, ACM Certificate, Route53 Records.
Name
Version
aws
>= 3.41.0
No modules.
Name
Description
Type
Default
Required
aliases
Extra CNAMEs (alternate domain names), if any, for this distribution.
list(string)
null
no
comment
Any comments you want to include about the distribution.
string
null
no
create_distribution
Controls if CloudFront distribution should be created
bool
true
no
create_origin_access_identity
Controls if CloudFront origin access identity should be created
bool
false
no
custom_error_response
One or more custom error response elements
any
{}
no
default_cache_behavior
The default cache behavior for this distribution
any
null
no
default_root_object
The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
string
null
no
enabled
Whether the distribution is enabled to accept end user requests for content.
bool
true
no
geo_restriction
The restriction configuration for this distribution (geo_restrictions)
any
{}
no
http_version
The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
string
"http2"
no
is_ipv6_enabled
Whether the IPv6 is enabled for the distribution.
bool
null
no
logging_config
The logging configuration that controls how logs are written to your distribution (maximum one).
any
{}
no
ordered_cache_behavior
An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
any
[]
no
origin
One or more origins for this distribution (multiples allowed).
any
null
no
origin_access_identities
Map of CloudFront origin access identities (value as a comment)
map(string)
{}
no
origin_group
One or more origin_group for this distribution (multiples allowed).
any
{}
no
price_class
The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
string
null
no
retain_on_delete
Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards.
bool
false
no
tags
A map of tags to assign to the resource.
map(string)
null
no
viewer_certificate
The SSL configuration for this distribution
any
{ "cloudfront_default_certificate": true, "minimum_protocol_version": "TLSv1" }
no
wait_for_deployment
If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process.
bool
true
no
web_acl_id
If you're using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. If using WAFv2, provide the ARN of the web ACL.
string
null
no
Module is maintained by Anton Babenko with help from these awesome contributors .
Apache 2 Licensed. See LICENSE for full details.