From 37f514e63d300564ea902d1bd4d03ce1ed288da9 Mon Sep 17 00:00:00 2001 From: "ZOI\\graham.geary" Date: Thu, 9 Aug 2018 19:48:15 +0200 Subject: [PATCH 1/7] added cloudfront.tf --- cloudfront.tf | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 cloudfront.tf diff --git a/cloudfront.tf b/cloudfront.tf new file mode 100644 index 0000000..705429d --- /dev/null +++ b/cloudfront.tf @@ -0,0 +1,57 @@ +resource "aws_cloudfront_distribution" "distribution" { + origin { + domain_name = "${var.dns_domain_name}" + origin_id = "${var.origin_id}" + + # s3_origin_config { + # origin_access_identity = "origin-access-identity/cloudfront/ABCDEFG1234567" + # } + } + + enabled = "${var.state_enabled}" + is_ipv6_enabled = "${var.is_ipv6_enabled}" + comment = "${var.comment}" + default_root_object = "${var.default_root_object}" + + logging_config { + include_cookies = "${var.logging_config_include_cookies}" #The logging configuration that controls how logs are written to your distribution (maximum one). + bucket = "${var.logging_config_bucket}" + prefix = "${var.logging_config_prefix}" + } + + aliases = "${var.aliases}" #list + + default_cache_behavior { + allowed_methods = "${var.default_cache_behavior_allowed_methods}" #list + cached_methods = "${var.default_cache_behavior_cached_methods}" #list + target_origin_id = "${var.target_origin_id}" + + forwarded_values { + query_string = false + + cookies { + forward = "none" + } + } + + viewer_protocol_policy = "${var.viewer_protocol_policy}" + min_ttl = 0 + default_ttl = 3600 + max_ttl = 86400 + } + + price_class = "${var.price_class}" + + restrictions { + geo_restriction { + restriction_type = "${var.restriction_type}" + locations = "${var.restriction_locations}" + } + } + + viewer_certificate { + acm_certificate_arn = "${var.acm_certificate_arn}" + minimum_protocol_version = "${var.minimum_protocol_version}" + ssl_support_method = "${var.ssl_support_method}" + } +} From 6c3f597c0414e497cca0768ae59e41c587297588 Mon Sep 17 00:00:00 2001 From: "ZOI\\graham.geary" Date: Thu, 9 Aug 2018 19:48:24 +0200 Subject: [PATCH 2/7] added outputs.tf --- outputs.tf | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 outputs.tf diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..c406b7c --- /dev/null +++ b/outputs.tf @@ -0,0 +1,6 @@ +output "domain_name" { + value = "${aws_cloudfront_distribution.distribution.domain_name}" +} +output "hosted_zone_id" { + value = "${aws_cloudfront_distribution.distribution.hosted_zone_id}" +} \ No newline at end of file From c8597d295071efabd5ea6f3c665e91378cb65683 Mon Sep 17 00:00:00 2001 From: "ZOI\\graham.geary" Date: Thu, 9 Aug 2018 19:48:36 +0200 Subject: [PATCH 3/7] added variables.tf --- variables.tf | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 variables.tf diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..87b3a86 --- /dev/null +++ b/variables.tf @@ -0,0 +1,93 @@ +variable "dns_domain_name" { + description = "(Required) - The DNS domain name of either the S3 bucket, or web site of your custom origin." +} + +variable "origin_path" { + description = "(Optional) - An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin." + default = "" +} + +variable "origin_id" { + description = "(Required) - A unique identifier for the origin." +} + +variable "state_enabled" { + description = "(Required) - Whether the distribution is enabled to accept end user requests for content." + default = true +} + +variable "is_ipv6_enabled" { + description = "(Optional) - Whether the IPv6 is enabled for the distribution." + default = false +} + +variable "comment" { + description = "(Optional) - Any comments you want to include about the distribution." +} + +variable "default_root_object" { + description = "(Optional) - The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL." + default = "index.html" +} + +variable "logging_config_include_cookies" { + description = "(Optional) - Specifies whether you want CloudFront to include cookies in access logs (default: false)." + default = false +} + +variable "logging_config_bucket" { + description = "(Required) - The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com." +} + +variable "logging_config_prefix" { + description = "(Optional) - An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/." +} + +variable "aliases" { + type = "list" + description = "(Optional) - Extra CNAMEs (alternate domain names), if any, for this distribution." +} + +variable "default_cache_behavior_allowed_methods" { + type = "list" + description = "(Required) - Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin." +} + +variable "default_cache_behavior_cached_methods" { + type = "list" + description = "(Required) - Controls whether CloudFront caches the response to requests using the specified HTTP methods." +} + +variable "target_origin_id" { + description = "(Required) - The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior." +} + +variable "viewer_protocol_policy" { + description = "(Required) - Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https." +} + +variable "price_class" { + description = "(Optional) - The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100" +} + +variable "restriction_type" { + description = "(Required) - The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist." + default = "none" +} + +variable "restriction_locations" { + type = "list" + description = "(Optional) - The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist)." + default = [] +} + +variable "acm_certificate_arn" { + description = "The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1." +} + +variable "minimum_protocol_version" { + description = "The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified." +} +variable "ssl_support_method" { + description = "Specifies how you want CloudFront to serve HTTPS requests. One of vip or sni-only. Required if you specify acm_certificate_arn or iam_certificate_id. NOTE: vip causes CloudFront to use a dedicated IP address and may incur extra charges." +} From a846f40d361ff64c3a7c889edacff4b3c631a2d5 Mon Sep 17 00:00:00 2001 From: "ZOI\\graham.geary" Date: Thu, 9 Aug 2018 20:44:56 +0200 Subject: [PATCH 4/7] added README.md --- README.md | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3be600f..0a389e1 100644 --- a/README.md +++ b/README.md @@ -1 +1,53 @@ -# terraform-aws-cloudfront +# AWS Application Load Balancer Module +Terraform module which sets up a CloudFront distribution with logging into S3. + +The following resources are created: +* CloudFront + + +## Usage +### Specify this Module as Source +```hcl +module "alb" { + source = "git::https://github.com/zoitech/terraform-aws-cloudfront.git" + + # Or to specifiy a particular module version: + source = "git::https://github.com/zoitech/terraform-aws-cloudfront.git?ref=v0.0.1" +``` +### Usage Example +module "my_cloudfront" { + source = "git::https://github.com/zoitech/terraform-aws-cloudfront.git" + dns_domain_name = "mydomain.s3.amazonaws.com" + origin_path = "/mypath" + origin_id = "s3-myorigin" + + #s3_origin_config - origin_access_identity + state_enabled = true + is_ipv6_enabled = false + comment = "Environment=Prod" + default_root_object = "index.html" + + # Logging into S3 + logging_config_include_cookies = false + logging_config_bucket = "mylogbucket.s3.amazonaws.com" + logging_config_prefix = "s3-my-origin-id" + + # Aliases + aliases = ["myalias.mywebsite.com"] + + # Default Cache Behavior Settings + default_cache_behavior_allowed_methods = ["GET", "HEAD"] + default_cache_behavior_cached_methods = ["GET", "HEAD"] + target_origin_id = "s3-my-origin-id" + viewer_protocol_policy = "redirect-to-https" + price_class = "PriceClass_100" + + # Geo Restrictions + restriction_type = "none" + + # Certificate + acm_certificate_arn = "${data.aws_acm_certificate.my_acm_certificate.arn}" + minimum_protocol_version = "TLSv1.1_2016" + ssl_support_method = "sni-only" +} + From 70c2012e0031cc482c4dbcdb9be128c4a327c315 Mon Sep 17 00:00:00 2001 From: "ZOI\\graham.geary" Date: Thu, 9 Aug 2018 20:46:20 +0200 Subject: [PATCH 5/7] amended readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0a389e1..0e47a44 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ module "alb" { source = "git::https://github.com/zoitech/terraform-aws-cloudfront.git?ref=v0.0.1" ``` ### Usage Example +``` module "my_cloudfront" { source = "git::https://github.com/zoitech/terraform-aws-cloudfront.git" dns_domain_name = "mydomain.s3.amazonaws.com" @@ -50,4 +51,4 @@ module "my_cloudfront" { minimum_protocol_version = "TLSv1.1_2016" ssl_support_method = "sni-only" } - +``` \ No newline at end of file From b4ff8c156a6028a2233fc96064da53237e736a40 Mon Sep 17 00:00:00 2001 From: "ZOI\\graham.geary" Date: Thu, 9 Aug 2018 20:47:54 +0200 Subject: [PATCH 6/7] amended readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0e47a44..722b4d1 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ The following resources are created: ## Usage ### Specify this Module as Source ```hcl -module "alb" { +module "my_cloudfront" { source = "git::https://github.com/zoitech/terraform-aws-cloudfront.git" # Or to specifiy a particular module version: From 2498553ee0bc7828cd75bc6a40f1a7111a758d77 Mon Sep 17 00:00:00 2001 From: "ZOI\\graham.geary" Date: Thu, 9 Aug 2018 20:54:41 +0200 Subject: [PATCH 7/7] added outputs to readme --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 722b4d1..87e57c8 100644 --- a/README.md +++ b/README.md @@ -51,4 +51,9 @@ module "my_cloudfront" { minimum_protocol_version = "TLSv1.1_2016" ssl_support_method = "sni-only" } -``` \ No newline at end of file +``` + +#### Outputs +The following outputs are possible: +* domain_name (The domain name corresponding to the distribution. For example: d604721fxaaqy9.cloudfront.net) +* hosted_zone_id (The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.) \ No newline at end of file