You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/distribution/README.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -67,6 +67,7 @@ This module creates following resources.
67
67
| <aname="input_ssl_security_policy"></a> [ssl\_security\_policy](#input\_ssl\_security\_policy)| (Optional) The security policy determines the SSL or TLS protocol and the specific ciphers that CloudFront uses for HTTPS connections with viewers (clients). Valid values are `SSLv3`, `TLSv1`, `TLSv1_2016`, `TLSv1.1_2016`, `TLSv1.2_2018`, `TLSv1.2_2019`, `TLSv1.2_2021`, `TLSv1.2_2025`, `TLSv1.3_2025`. Only `SSLv3` or `TLSv1` can be specified if `ssl_support_method` is `VIP`. Can only be set if `ssl_certificate_provider` is not `CLOUDFRONT`. Defaults to `TLSv1`. |`string`|`"TLSv1"`| no |
68
68
| <aname="input_ssl_support_method"></a> [ssl\_support\_method](#input\_ssl\_support\_method)| (Optional) The method how you want CloudFront to serve HTTPS requests. Valid values are `VIP`, `SNI_ONLY`, `STATIC_IP`. Can only be set if `ssl_certificate_provider` is not `CLOUDFRONT`. Defaults to `SNI_ONLY`.<br/> `SNI_ONLY` - The distribution accepts HTTPS connections from only viewers that support SNI(Server Name Indication). This is recommended.<br/> `VIP` - The distribution accepts HTTPS connections from all viewers including those that dont support SNI. This is not recommended, and results in additional monthly charges from CloudFront.<br/> `STATIC_IP` - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a usecase that requires static IP addresses for a distribution, contact CloudFront through the AWS Support Center. |`string`|`"SNI_ONLY"`| no |
69
69
| <aname="input_tags"></a> [tags](#input\_tags)| (Optional) A map of tags to add to all resources. |`map(string)`|`{}`| no |
70
+
| <a name="input_vpc_origins"></a> [vpc\_origins](#input\_vpc\_origins) | (Optional) A configuration for VPC origins of the distribution. Each key defines a name of each vpc origin. Each value of `vpc_origins` as defined below.<br/> (Required) `vpc_origin` - The ID of VPC Origin.<br/> (Required) `host` - The DNS domain name of either the web site of your vpc origin.<br/> (Optional) `path` - The URL path to append to `host` which the origin domain name for origin requests. Enter the directory path, beginning with a slash (/). Do not add a slash (/) at the end of the path.<br/> (Optional) `custom_headers` - A map of custom HTTP headers to include in all requests to the origin. Each key/value is mapping to HTTP header `name`/`value`.<br/> (Optional) `origin_shield` - Origin Shield is an additional caching layer that can help reduce the load on your origin and help protect its availability. `origin_shield` block as defined below.<br/> (Required) `enabled` - Whether to enable Origin Shield. Defaults to `false`.<br/> (Required) `region` - The AWS Region for Origin Shield. To specify a region. For example, specify the US East (Ohio) region as `us-east-2`.<br/> (Optional) `connection_attempts` - The number of times that CloudFront attempts to connect to the origin, from `1` to `3`. Defaults to `3`.<br/> (Optional) `connection_timeout` - The number of seconds that CloudFront waits for a response from the origin, from `1` to `10`. Defaults to `10`.<br/> (Optional) `keepalive_timeout` - The number of seconds that CloudFront maintains an idle connection with the origin, from `1` to `120`. But, the maximum can be changed arbitrarily by AWS Support to a much higher value. Defaults to `5`.<br/> (Optional) `response_timeout` - The number of seconds that CloudFront waits for a response from the origin, from `1` to `120`. Defaults to `30`.<br/> (Optional) `response_completion_timeout` - A timeout that measures the total duration from when CloudFront begins fetching content from your origin until the last byte is received. This timeout encompasses the entire origin operation, including connection time, request transfer, and response transfer. The number of seconds CloudFront should wait for the complete origin response. Must be greater than or equal to the current `response_timeout` (minimum 30 seconds). Defaults to `0`, which means no timeout is set. | <pre>map(object({<br/> vpc_origin = string<br/> host = string<br/> path = optional(string)<br/> custom_headers = optional(map(string), {})<br/> origin_shield = optional(object({<br/> enabled = bool<br/> region = string<br/> }))<br/> connection_attempts = optional(number, 3)<br/> connection_timeout = optional(number, 10)<br/> keepalive_timeout = optional(number, 5)<br/> response_timeout = optional(number, 30)<br/> response_completion_timeout = optional(number, 0)<br/> }))</pre> | `{}` | no |
70
71
| <aname="input_waf_web_acl"></a> [waf\_web\_acl](#input\_waf\_web\_acl)| (Optional) The ARN of a web ACL on WAFv2 to associate with this distribution. Example: `aws_wafv2_web_acl.example.arn`. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have `waf:GetWebACL` permissions assigned. |`string`|`null`| no |
71
72
| <aname="input_wait_for_deployment_enabled"></a> [wait\_for\_deployment\_enabled](#input\_wait\_for\_deployment\_enabled)| (Optional) Whether to wait for the distribution status to change from `InProgress` to `Deployed`. Skip the deployment waiting process if disabled. Defaults to `true`. |`bool`|`true`| no |
Copy file name to clipboardExpand all lines: modules/distribution/variables.tf
+55Lines changed: 55 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -257,6 +257,61 @@ variable "s3_origins" {
257
257
}
258
258
}
259
259
260
+
variable"vpc_origins" {
261
+
description=<<EOF
262
+
(Optional) A configuration for VPC origins of the distribution. Each key defines a name of each vpc origin. Each value of `vpc_origins` as defined below.
263
+
(Required) `vpc_origin` - The ID of VPC Origin.
264
+
(Required) `host` - The DNS domain name of either the web site of your vpc origin.
265
+
(Optional) `path` - The URL path to append to `host` which the origin domain name for origin requests. Enter the directory path, beginning with a slash (/). Do not add a slash (/) at the end of the path.
266
+
(Optional) `custom_headers` - A map of custom HTTP headers to include in all requests to the origin. Each key/value is mapping to HTTP header `name`/`value`.
267
+
(Optional) `origin_shield` - Origin Shield is an additional caching layer that can help reduce the load on your origin and help protect its availability. `origin_shield` block as defined below.
268
+
(Required) `enabled` - Whether to enable Origin Shield. Defaults to `false`.
269
+
(Required) `region` - The AWS Region for Origin Shield. To specify a region. For example, specify the US East (Ohio) region as `us-east-2`.
270
+
(Optional) `connection_attempts` - The number of times that CloudFront attempts to connect to the origin, from `1` to `3`. Defaults to `3`.
271
+
(Optional) `connection_timeout` - The number of seconds that CloudFront waits for a response from the origin, from `1` to `10`. Defaults to `10`.
272
+
(Optional) `keepalive_timeout` - The number of seconds that CloudFront maintains an idle connection with the origin, from `1` to `120`. But, the maximum can be changed arbitrarily by AWS Support to a much higher value. Defaults to `5`.
273
+
(Optional) `response_timeout` - The number of seconds that CloudFront waits for a response from the origin, from `1` to `120`. Defaults to `30`.
274
+
(Optional) `response_completion_timeout` - A timeout that measures the total duration from when CloudFront begins fetching content from your origin until the last byte is received. This timeout encompasses the entire origin operation, including connection time, request transfer, and response transfer. The number of seconds CloudFront should wait for the complete origin response. Must be greater than or equal to the current `response_timeout` (minimum 30 seconds). Defaults to `0`, which means no timeout is set.
275
+
EOF
276
+
type=map(object({
277
+
vpc_origin =string
278
+
host =string
279
+
path =optional(string)
280
+
custom_headers =optional(map(string), {})
281
+
origin_shield =optional(object({
282
+
enabled =bool
283
+
region =string
284
+
}))
285
+
connection_attempts =optional(number, 3)
286
+
connection_timeout =optional(number, 10)
287
+
keepalive_timeout =optional(number, 5)
288
+
response_timeout =optional(number, 30)
289
+
response_completion_timeout =optional(number, 0)
290
+
}))
291
+
default={}
292
+
nullable=false
293
+
294
+
validation {
295
+
condition=alltrue([
296
+
fororigininvar.vpc_origins:
297
+
alltrue([
298
+
substr(origin.path, 0, 1) =="/",
299
+
substr(origin.path, -1, 0) !="/"
300
+
])
301
+
iforigin.path!=null
302
+
])
303
+
error_message="The value for `path` must begins with a slash and do not end with a slash."
error_message="The value of `response_completion_timeout` must be greater than or equal to the value of `response_timeout` when `response_completion_timeout` is set."
312
+
}
313
+
}
314
+
260
315
variable"custom_origins" {
261
316
description=<<EOF
262
317
(Optional) A configuration for custom origins of the distribution. Each key defines a name of each custom origin. Each value of `custom_origins` as defined below.
0 commit comments