@@ -49,7 +49,7 @@ provider "aws" {
4949
5050module "static_site" {
5151 source = "thu-san/static-site/aws"
52- version = "~> 1.2 "
52+ version = "~> 2.0 "
5353
5454 s3_bucket_name = "my-awesome-site-bucket"
5555 cloudfront_distribution_name = "my-awesome-site"
@@ -79,7 +79,7 @@ provider "aws" {
7979}
8080
8181module "static_site" {
82- source = "git::https://github.com/thu-san/terraform-aws-static-site.git?ref=v1.1.1 "
82+ source = "git::https://github.com/thu-san/terraform-aws-static-site.git?ref=v2.0.0 "
8383
8484 s3_bucket_name = "my-awesome-site-bucket"
8585 cloudfront_distribution_name = "my-awesome-site"
@@ -309,6 +309,90 @@ This creates a CloudFront function that automatically appends the specified root
309309
310310This allows you to have different default files for the root and subfolders if needed.
311311
312+ ### CloudFront Cache Policies
313+
314+ This module uses AWS managed "CachingOptimized" cache policy by default when ` cache_policy_id ` is not specified. You can override it by specifying a different policy using data sources to reference AWS managed policies by name:
315+
316+ ``` hcl
317+ # Example: Using the default behavior (CachingOptimized)
318+ module "static_site" {
319+ source = "path/to/terraform-aws-static-site"
320+
321+ s3_bucket_name = "my-site-bucket"
322+ cloudfront_distribution_name = "my-site"
323+
324+ # cache_policy_id is optional - defaults to CachingOptimized
325+
326+ providers = {
327+ aws = aws
328+ aws.us_east_1 = aws.us_east_1
329+ }
330+ }
331+ ```
332+
333+ ``` hcl
334+ # Example: Disable caching
335+ data "aws_cloudfront_cache_policy" "caching_disabled" {
336+ name = "Managed-CachingDisabled"
337+ }
338+
339+ module "static_site" {
340+ source = "path/to/terraform-aws-static-site"
341+
342+ s3_bucket_name = "my-site-bucket"
343+ cloudfront_distribution_name = "my-site"
344+
345+ cache_policy_id = data.aws_cloudfront_cache_policy.caching_disabled.id
346+
347+ providers = {
348+ aws = aws
349+ aws.us_east_1 = aws.us_east_1
350+ }
351+ }
352+ ```
353+
354+ ``` hcl
355+ # Example: Custom cache and origin request policies
356+ data "aws_cloudfront_cache_policy" "caching_optimized" {
357+ name = "Managed-CachingOptimized"
358+ }
359+
360+ data "aws_cloudfront_origin_request_policy" "cors_s3_origin" {
361+ name = "Managed-CORS-S3Origin"
362+ }
363+
364+ module "static_site" {
365+ source = "path/to/terraform-aws-static-site"
366+
367+ s3_bucket_name = "my-site-bucket"
368+ cloudfront_distribution_name = "my-site"
369+
370+ cache_policy_id = data.aws_cloudfront_cache_policy.caching_optimized.id
371+ origin_request_policy_id = data.aws_cloudfront_origin_request_policy.cors_s3_origin.id
372+
373+ providers = {
374+ aws = aws
375+ aws.us_east_1 = aws.us_east_1
376+ }
377+ }
378+ ```
379+
380+ Available AWS managed policies:
381+ - ** Cache Policies** :
382+ - ` Managed-CachingDisabled ` - No caching, all requests go to origin
383+ - ` Managed-CachingOptimized ` - Optimized for cache hit ratio (default)
384+ - ` Managed-CachingOptimizedForUncompressedObjects ` - For already compressed content
385+
386+ - ** Origin Request Policies** :
387+ - ` Managed-CORS-S3Origin ` - For CORS requests to S3 origins
388+ - ` Managed-AllViewer ` - Forwards all headers, cookies, and query strings
389+ - ` Managed-CORS-CustomOrigin ` - For CORS requests to custom origins
390+
391+ - ** Response Headers Policies** :
392+ - ` Managed-CORS-With-Preflight ` - CORS headers for preflight requests
393+ - ` Managed-CORS-with-preflight-and-SecurityHeadersPolicy ` - CORS + security headers
394+ - ` Managed-SecurityHeadersPolicy ` - Common security headers
395+
312396### With Custom Error Pages (SPA Support)
313397
314398Configure custom error responses for CloudFront, essential for Single Page Applications (SPAs) that use client-side routing:
@@ -473,9 +557,12 @@ module "static_site" {
473557| cloudfront_function_associations | List of CloudFront function associations for the default cache behavior | ` list(object) ` | ` [] ` | no |
474558| default_root_object | The object that CloudFront returns when requests point to root URL | ` string ` | ` "index.html" ` | no |
475559| subfolder_root_object | When set, creates a CloudFront function to serve this file as the default object for subfolder requests | ` string ` | ` "" ` | no |
476- | skip_certificate_validation | Skip ACM certificate DNS validation records (useful for testing) | ` bool ` | ` false ` | no |
477- | custom_error_responses | List of custom error response configurations for CloudFront (see examples for SPA routing) | ` list(object) ` | ` [] ` | no |
478- | tags | Tags to apply to all resources | ` map(string) ` | ` {} ` | no |
560+ | skip_certificate_validation | Skip ACM certificate DNS validation records (useful for testing) | ` bool ` | ` false ` | no |
561+ | custom_error_responses | List of custom error response configurations for CloudFront (see examples for SPA routing) | ` list(object) ` | ` [] ` | no |
562+ | cache_policy_id | The ID of the CloudFront cache policy to use. Defaults to 'CachingOptimized' when null | ` string ` | ` null ` | no |
563+ | origin_request_policy_id | The ID of the CloudFront origin request policy to use | ` string ` | ` null ` | no |
564+ | response_headers_policy_id | The ID of the CloudFront response headers policy to use | ` string ` | ` null ` | no |
565+ | tags | Tags to apply to all resources | ` map(string) ` | ` {} ` | no |
479566
480567## Outputs
481568
@@ -497,6 +584,7 @@ module "static_site" {
497584| lambda_log_group_arn | ARN of the Lambda CloudWatch Log Group |
498585| sqs_queue_url | URL of the SQS queue for cache invalidation |
499586| sqs_queue_arn | ARN of the SQS queue for cache invalidation |
587+ | subfolder_root_object_function_arn | ARN of the CloudFront function for subfolder root object handling |
500588
501589## Architecture
502590
0 commit comments