feat(origin-access-control): support aws v6

Author: posquit0

modules/origin-access-control/README.md

@@ -9,14 +9,14 @@ This module creates following resources.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.19 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.12 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.20 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.26.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 6.24.0 |
 
 ## Modules
 
@@ -33,14 +33,15 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_name"></a> [name](#input\_name) | (Required) A name to identify the origin access control. | `string` | n/a | yes |
+| <a name="input_origin_type"></a> [origin\_type](#input\_origin\_type) | (Required) The type of origin that this origin access control is for. Valid values are `LAMBDA`, `MEDIAPACKAGE_V2`, `MEDIASTORE` and `S3`. | `string` | n/a | yes |
 | <a name="input_description"></a> [description](#input\_description) | (Optional) A description of the origin access control. | `string` | `"Managed by Terraform."` | no |
-| <a name="input_origin_type"></a> [origin\_type](#input\_origin\_type) | (Optional) The type of origin that this origin access control is for. Valid values are `S3` and `MEDIASTORE`. Defaults to `S3`. | `string` | `"S3"` | no |
-| <a name="input_signing_behavior"></a> [signing\_behavior](#input\_signing\_behavior) | (Optional) Specify which requests CloudFront signs (adds authentication information to). Valid values are `ALWAYS`, `NEVER`, `NO_OVERRIDE`. Defaults to `ALWAYS`.<br>    `ALWAYS` - CloudFront signs all origin requests, overwriting the `Authorization` header from the viewer request if one exists.<br>    `NEVER` - CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.<br>    `NO_OVERRIDE` - If the viewer request doesn't contain the `Authorization` header, then CloudFront signs the origin request. If the viewer request contains the Authorization header, then CloudFront doesn't sign the origin request and instead passes along the Authorization header from the viewer request. | `string` | `"ALWAYS"` | no |
+| <a name="input_signing_behavior"></a> [signing\_behavior](#input\_signing\_behavior) | (Optional) Specify which requests CloudFront signs (adds authentication information to). Valid values are `ALWAYS`, `NEVER`, `NO_OVERRIDE`. Defaults to `ALWAYS`.<br/>    `ALWAYS` - CloudFront signs all origin requests, overwriting the `Authorization` header from the viewer request if one exists.<br/>    `NEVER` - CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.<br/>    `NO_OVERRIDE` - If the viewer request doesn't contain the `Authorization` header, then CloudFront signs the origin request. If the viewer request contains the Authorization header, then CloudFront doesn't sign the origin request and instead passes along the Authorization header from the viewer request. | `string` | `"ALWAYS"` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
+| <a name="output_arn"></a> [arn](#output\_arn) | The ARN of the origin access control. |
 | <a name="output_description"></a> [description](#output\_description) | The description of the origin access control. |
 | <a name="output_etag"></a> [etag](#output\_etag) | The current version of the origin access control. |
 | <a name="output_id"></a> [id](#output\_id) | The ID of the origin access control. |

modules/origin-access-control/main.tf

@@ -13,6 +13,12 @@ locals {
     "NEVER"       = "never"
     "NO_OVERRIDE" = "no-override"
   }
+  origin_types = {
+    "LAMBDA"          = "lambda"
+    "MEDIAPACKAGE_V2" = "mediapackagev2"
+    "MEDIASTORE"      = "mediastore"
+    "S3"              = "s3"
+  }
 }
 
 
@@ -24,7 +30,7 @@ resource "aws_cloudfront_origin_access_control" "this" {
   name        = var.name
   description = var.description
 
-  origin_access_control_origin_type = lower(var.origin_type)
+  origin_access_control_origin_type = local.origin_types[var.origin_type]
   signing_behavior                  = local.signing_behaviors[var.signing_behavior]
   signing_protocol                  = "sigv4"
 }

modules/origin-access-control/outputs.tf

@@ -1,3 +1,8 @@
+output "arn" {
+  description = "The ARN of the origin access control."
+  value       = aws_cloudfront_origin_access_control.this.arn
+}
+
 output "id" {
   description = "The ID of the origin access control."
   value       = aws_cloudfront_origin_access_control.this.id
@@ -20,7 +25,10 @@ output "description" {
 
 output "origin_type" {
   description = "The type of origin that this origin access control is for."
-  value       = upper(aws_cloudfront_origin_access_control.this.origin_access_control_origin_type)
+  value = {
+    for k, v in local.origin_types :
+    v => k
+  }[aws_cloudfront_origin_access_control.this.origin_access_control_origin_type]
 }
 
 output "signing_behavior" {

modules/origin-access-control/variables.tf

@@ -12,14 +12,13 @@ variable "description" {
 }
 
 variable "origin_type" {
-  description = "(Optional) The type of origin that this origin access control is for. Valid values are `S3` and `MEDIASTORE`. Defaults to `S3`."
+  description = "(Required) The type of origin that this origin access control is for. Valid values are `LAMBDA`, `MEDIAPACKAGE_V2`, `MEDIASTORE` and `S3`."
   type        = string
-  default     = "S3"
   nullable    = false
 
   validation {
-    condition     = contains(["S3", "MEDIASTORE"], var.origin_type)
-    error_message = "Valid values for `origin_type` are `S3` and `MEDIASTORE`."
+    condition     = contains(["LAMBDA", "MEDIAPACKAGE_V2", "MEDIASTORE", "S3"], var.origin_type)
+    error_message = "Valid values for `origin_type` are `LAMBDA`, `MEDIAPACKAGE_V2`, `MEDIASTORE` and `S3`."
   }
 }
 

modules/origin-access-control/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.6"
+  required_version = ">= 1.12"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.19"
+      version = ">= 6.20"
     }
   }
 }