Merge pull request #1 from Geartrixy/master

Initial commit
zoitech · Aug 9, 2018 · cea68f2 · cea68f2
2 parents 3387ac6 + 2498553
commit cea68f2
Show file tree

Hide file tree

Showing 4 changed files with 215 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -1 +1,59 @@
-# terraform-aws-cloudfront
+# AWS Application Load Balancer Module
+Terraform module which sets up a CloudFront distribution with logging into S3.
+
+The following resources are created:
+* CloudFront
+
+
+## Usage
+### Specify this Module as Source
+```hcl
+module "my_cloudfront" {
+  source = "git::https://github.com/zoitech/terraform-aws-cloudfront.git"
+
+  # Or to specifiy a particular module version:
+  source = "git::https://github.com/zoitech/terraform-aws-cloudfront.git?ref=v0.0.1"
+```
+### Usage Example
+```
+module "my_cloudfront" {
+  source          = "git::https://github.com/zoitech/terraform-aws-cloudfront.git"
+  dns_domain_name = "mydomain.s3.amazonaws.com"
+  origin_path     = "/mypath"
+  origin_id       = "s3-myorigin"
+
+  #s3_origin_config - origin_access_identity
+  state_enabled       = true
+  is_ipv6_enabled     = false
+  comment             = "Environment=Prod"
+  default_root_object = "index.html"
+
+  # Logging into S3
+  logging_config_include_cookies = false
+  logging_config_bucket          = "mylogbucket.s3.amazonaws.com"
+  logging_config_prefix          = "s3-my-origin-id"
+
+  # Aliases 
+  aliases = ["myalias.mywebsite.com"]
+
+  # Default Cache Behavior Settings
+  default_cache_behavior_allowed_methods = ["GET", "HEAD"]
+  default_cache_behavior_cached_methods  = ["GET", "HEAD"]
+  target_origin_id                       = "s3-my-origin-id"
+  viewer_protocol_policy                 = "redirect-to-https"
+  price_class                            = "PriceClass_100"
+
+  # Geo Restrictions
+  restriction_type = "none"
+
+  # Certificate
+  acm_certificate_arn      = "${data.aws_acm_certificate.my_acm_certificate.arn}"
+  minimum_protocol_version = "TLSv1.1_2016"
+  ssl_support_method       = "sni-only"
+}
+```
+
+#### Outputs
+The following outputs are possible:
+* domain_name  (The domain name corresponding to the distribution. For example: d604721fxaaqy9.cloudfront.net)
+* hosted_zone_id (The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.)
diff --git a/cloudfront.tf b/cloudfront.tf
@@ -0,0 +1,57 @@
+resource "aws_cloudfront_distribution" "distribution" {
+  origin {
+    domain_name = "${var.dns_domain_name}"
+    origin_id   = "${var.origin_id}"
+
+    # s3_origin_config {
+    #   origin_access_identity = "origin-access-identity/cloudfront/ABCDEFG1234567"
+    # }
+  }
+
+  enabled             = "${var.state_enabled}"
+  is_ipv6_enabled     = "${var.is_ipv6_enabled}"
+  comment             = "${var.comment}"
+  default_root_object = "${var.default_root_object}"
+
+  logging_config {
+    include_cookies = "${var.logging_config_include_cookies}" #The logging configuration that controls how logs are written to your distribution (maximum one).
+    bucket          = "${var.logging_config_bucket}"
+    prefix          = "${var.logging_config_prefix}"
+  }
+
+  aliases = "${var.aliases}" #list
+
+  default_cache_behavior {
+    allowed_methods  = "${var.default_cache_behavior_allowed_methods}" #list
+    cached_methods   = "${var.default_cache_behavior_cached_methods}"  #list
+    target_origin_id = "${var.target_origin_id}"
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "${var.viewer_protocol_policy}"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+
+  price_class = "${var.price_class}"
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "${var.restriction_type}"
+      locations        = "${var.restriction_locations}"
+    }
+  }
+
+  viewer_certificate {
+    acm_certificate_arn = "${var.acm_certificate_arn}"
+    minimum_protocol_version = "${var.minimum_protocol_version}"
+    ssl_support_method = "${var.ssl_support_method}"
+  }
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,6 @@
+output "domain_name" {
+  value = "${aws_cloudfront_distribution.distribution.domain_name}"
+}
+output "hosted_zone_id" {
+  value = "${aws_cloudfront_distribution.distribution.hosted_zone_id}"
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,93 @@
+variable "dns_domain_name" {
+  description = "(Required) - The DNS domain name of either the S3 bucket, or web site of your custom origin."
+}
+
+variable "origin_path" {
+  description = "(Optional) - An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin."
+  default     = ""
+}
+
+variable "origin_id" {
+  description = "(Required) - A unique identifier for the origin."
+}
+
+variable "state_enabled" {
+  description = "(Required) - Whether the distribution is enabled to accept end user requests for content."
+  default     = true
+}
+
+variable "is_ipv6_enabled" {
+  description = "(Optional) - Whether the IPv6 is enabled for the distribution."
+  default     = false
+}
+
+variable "comment" {
+  description = "(Optional) - Any comments you want to include about the distribution."
+}
+
+variable "default_root_object" {
+  description = "(Optional) - The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL."
+  default     = "index.html"
+}
+
+variable "logging_config_include_cookies" {
+  description = "(Optional) - Specifies whether you want CloudFront to include cookies in access logs (default: false)."
+  default     = false
+}
+
+variable "logging_config_bucket" {
+  description = "(Required) - The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com."
+}
+
+variable "logging_config_prefix" {
+  description = "(Optional) - An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/."
+}
+
+variable "aliases" {
+  type        = "list"
+  description = "(Optional) - Extra CNAMEs (alternate domain names), if any, for this distribution."
+}
+
+variable "default_cache_behavior_allowed_methods" {
+  type        = "list"
+  description = "(Required) - Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin."
+}
+
+variable "default_cache_behavior_cached_methods" {
+  type        = "list"
+  description = "(Required) - Controls whether CloudFront caches the response to requests using the specified HTTP methods."
+}
+
+variable "target_origin_id" {
+  description = "(Required) - The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior."
+}
+
+variable "viewer_protocol_policy" {
+  description = "(Required) - Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https."
+}
+
+variable "price_class" {
+  description = "(Optional) - The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100"
+}
+
+variable "restriction_type" {
+  description = "(Required) - The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist."
+  default     = "none"
+}
+
+variable "restriction_locations" {
+  type        = "list"
+  description = "(Optional) - The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist)."
+  default     = []
+}
+
+variable "acm_certificate_arn" {
+  description = "The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1."
+}
+
+variable "minimum_protocol_version" {
+ description = "The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified."
+} 
+variable "ssl_support_method" {
+ description = "Specifies how you want CloudFront to serve HTTPS requests. One of vip or sni-only. Required if you specify acm_certificate_arn or iam_certificate_id. NOTE: vip causes CloudFront to use a dedicated IP address and may incur extra charges."
+}