bucket_name |
Name of S3 bucket |
string |
n/a |
yes |
bucket_object_ownership |
Specify object ownership method. Possible values: BucketOwnerPreferred, ObjectWriter or BucketOwnerEnforced |
string |
"BucketOwnerEnforced" |
no |
bucket_policy |
Resource policy to apply on S3 bucket. Leave it blank to generate one automatically |
string |
"" |
no |
force_destroy |
Empty bucket contents before deleting S3 bucket |
bool |
true |
no |
kms_key |
Alias/ARN/ID of KMS key for S3 SSE encryption |
string |
"alias/aws/s3" |
no |
origin_path |
CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin |
string |
"" |
no |
default_root_object |
The object that you want CloudFront to return when an end user requests the root URL |
string |
"index.html" |
no |
cnames |
Access CloudFront using alternate domain names, if any |
list(string) |
[] |
no |
web_acl_id |
For ACL created via WAFv2 provide ACL ARN and for ACL created via WAFv1 provide ACL Id |
string |
null |
no |
lambda_functions |
A config block that triggers a lambda function with specific actions (maximum 4){ event_type = The specific event to trigger this function. Possible values: viewer-request, origin-request, viewer-response, origin-response lambda_arn = ARN of the Lambda function to trigger upon certain event include_body = When set to true it exposes the request body to the lambda function. Required ONLY for request event } |
list(object({ event_type = string lambda_arn = string include_body = optional(bool) })) |
[] |
no |
cloudfront_functions |
A config block that triggers a CloudFront function with specific actions (maximum 2){ event_type = The specific event to trigger this function. Possible values: viewer-request, viewer-response function_arn = ARN of the CloudFront function to trigger upon certain event } |
list(object({ event_type = string function_arn = string })) |
[] |
no |
price_class |
The price class for this distribution. Possible Values: PriceClass_All, PriceClass_200, PriceClass_100 |
string |
"PriceClass_All" |
no |
ssl_support_method |
Specifies how you want CloudFront to serve HTTPS requests. Required if using custom certificate. Possible Values: vip or sni-only |
string |
"sni-only" |
no |
ssl_cert_protocol_version |
The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Required if using custom certificate. Possible Values: SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018, TLSv1.2_2019 or TLSv1.2_2021 |
string |
"TLSv1.2_2021" |
no |
geo_restriction_type |
The method that you want to use to restrict distribution of your content by country. Possible Values: none, whitelist, or blacklist |
string |
"none" |
no |
geo_restriction_locations |
The ISO 3166-1-alpha-2 country codes for which you to either whitelist or blacklist CloudFront content |
list(string) |
[] |
no |
custom_error_responses |
One or more custom error response elements (multiples allowed){ error_caching_min_ttl = The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated error_code = The 4xx or 5xx HTTP status code that you want to customize response_code = The HTTP status code that you want CloudFront to return with the custom error page to the viewer response_page_path = The path of the custom error page. Example: /404.html. Make sure the file 404.html is present within the origin } |
list(object({ error_code = number error_caching_min_ttl = optional(number) response_code = optional(number) response_page_path = optional(string) })) |
[] |
no |
access_logging |
The logging configuration that controls how logs are written to your distribution{ bucket = The Amazon S3 bucket to store the access logs in. Example: bucketname.s3.amazonaws.com include_cookies = Specifies whether you want CloudFront to include cookies in access logs prefix = An optional string that you want CloudFront to prefix to the access log filenames for this distribution } |
object({ bucket = string include_cookies = optional(bool) prefix = optional(string) }) |
null |
no |
tags |
Key Value pair to assign to CloudFront and S3 bucket |
map(any) |
{} |
no |
comment |
Description/Comments about distribution |
string |
"Managed by terrablocks" |
no |
hosted_zone |
Name of hosted zone to add DNS records if cnames are provided |
string |
null |
no |
website_domains |
Map different domain names than domain(s) specified in cnames variable for your CloudFront distribution. If left blank domain names provided in cnames are used |
list(string) |
[] |
no |