-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
303 lines (255 loc) · 11.6 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
# Environment and tagging.
variable "environment" {
description = "Application environment for which this is being created. one of: ('Development', 'Integration', 'PreProduction', 'Production', 'QA', 'Staging', 'Test')"
type = "string"
default = "Development"
}
variable "tags" {
description = "Custom tags to apply to all resources."
type = "map"
default = {}
}
# ###################################################
# Enable Logging
# If you enable logging the bucket must already exist. You will get an error if you try
# to use a dynamic bucket like "${aws_s3_bucket.cloudfront_log_s3bucket.bucket_domain_name}"
# You must use something like bucket = "MyExistingbucket"
variable "bucket_logging" {
description = "Enable logging to an S3 Bucket. If this is set you must configure below."
type = "string"
default = false
}
# ###################################################
# Top-Level parameters
variable "aliases" {
description = "Extra CNAMEs (alternate domain names), if any, for this distribution. (OPTIONAL)"
type = "list"
default = []
}
variable "ordered_cache_behavior" {
description = "An ordered list of cache behaviors resource for this distribution. (OPTIONAL)"
type = "list"
default = []
}
variable "comment" {
description = "Any comments you want to include about the distribution. (OPTIONAL)"
type = "string"
default = ""
}
variable "default_root_object" {
description = "The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL."
type = "string"
default = ""
}
variable "enabled" {
description = "Whether the distribution is enabled to accept end user requests for content."
type = "string"
default = true
}
variable "is_ipv6_enabled" {
description = "Whether the IPv6 is enabled for the distribution. (OPTIONAL)"
type = "string"
default = false
}
variable "http_version" {
description = "The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2."
type = "string"
default = "http2"
}
variable "price_class" {
description = "The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100."
type = "string"
default = "PriceClass_All"
}
# Default Cache Behavior
variable "allowed_methods" {
description = "HTTP methods that CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. Allowed values are: [\"HEAD\", \"GET\"], [\"GET\", \"HEAD\", \"OPTIONS\"], or [\"DELETE\", \"GET\", \"HEAD\", \"OPTIONS\", \"PATCH\", \"POST\", \"PUT\"]."
type = "list"
default = ["HEAD", "GET"]
}
variable "cached_methods" {
description = "HTTP methods for which CloudFront caches responses. Allowed values are: [\"HEAD\", \"GET\"] or [\"GET\", \"HEAD\", \"OPTIONS\"]."
type = "list"
default = ["HEAD", "GET"]
}
variable "compress" {
description = "Indicates whether CloudFront automatically compresses certain files for this cache behavior. (OPTIONAL)"
type = "string"
default = false
}
variable "default_ttl" {
description = "The default time in seconds that objects stay in CloudFront caches before CloudFront forwards another request to your custom origin to determine whether the object has been updated."
type = "string"
default = "3600"
}
# Removing this property due to issues dynamically providing these values. Will be reenabled
# after release of terraform v0.12 and support for dynamic config blocks.
#
# variable "lambdas" {
# description = "A map of lambda functions and triggers. See https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_LambdaFunctionAssociation.html"
# type = "list"
# default = []
# }
variable "max_ttl" {
description = "The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. (OPTIONAL)"
type = "string"
default = "86400"
}
variable "min_ttl" {
description = "The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. (OPTIONAL)"
type = "string"
default = "0"
}
variable "path_pattern" {
description = "The pattern to which an ordered cache behavior applies."
type = "string"
}
variable "smooth_streaming" {
description = "Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. (OPTIONAL)"
type = "string"
default = false
}
variable "target_origin_id" {
description = "The ID value of the origin to which you want CloudFront to route requests when a request matches the value of the PathPattern property."
type = "string"
}
variable "trusted_signers" {
description = "he AWS accounts, if any, that you want to allow to create signed URLs for private content. (OPTIONAL)"
type = "list"
default = []
}
variable "viewer_protocol_policy" {
description = "the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https."
type = "string"
}
variable "forward" {
description = "pecifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names"
type = "string"
default = "all"
}
variable "whitelisted_names" {
description = "If you have specified whitelist to forward, the whitelisted cookies that you want."
type = "list"
default = []
}
# Default Cache Behavior - Forwarded Values - Headers
variable "headers" {
description = "Specifies the headers that you want Amazon CloudFront to forward to the origin for this cache behavior. (OPTIONAL)"
type = "list"
default = []
}
# Default Cache Behavior - Forwarded Values - Query String
variable "query_string" {
description = "Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior."
type = "string"
default = false
}
# Default Cache Behavior - Forwarded Values - Query String Cache Keys
variable "query_string_cache_keys" {
description = "When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached. (OPTIONAL)"
type = "list"
default = []
}
# S3 Logging
variable "bucket" {
description = "The Amazon S3 bucket address where access logs are stored"
type = "string"
default = ""
}
variable "include_cookies" {
description = "Indicates whether CloudFront includes cookies in access logs."
type = "string"
default = false
}
variable "prefix" {
description = "Indicates whether CloudFront includes cookies in access logs."
type = "string"
default = ""
}
variable "domain_name" {
description = "The DNS domain name of either the S3 bucket, or web site of your custom origin."
type = "string"
default = ""
}
variable "custom_header" {
description = "One or more sub-resources with name and value parameters that specify header data that will be sent to the origin"
type = "list"
default = []
}
variable "origin_id" {
description = "An identifier for the origin. The value of Id must be unique within the distribution."
type = "string"
}
variable "origin_path" {
description = "The path that CloudFront uses to request content from an S3 bucket or custom origin. The combination of the DomainName and OriginPath properties must resolve to a valid path. The value must start with a slash mark (/) and cannot end with a slash mark. (OPTIONAL)"
type = "string"
default = ""
}
# Origin - S3 Origin
variable "origin_access_identity" {
description = "The CloudFront origin access identity to associate with the origin. You must specify the full origin ID"
type = "string"
default = ""
}
variable "origin_access_identity_provided" {
description = "origin_access_identity has been provided"
type = "string"
default = false
}
# Restrictions
variable "locations" {
description = "The two-letter, uppercase country code for a country that you want to include in your blacklist or whitelist."
type = "list"
default = []
}
variable "restriction_type" {
description = "The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist."
type = "string"
default = ""
}
# SSL: Certificate
variable "acm_certificate_arn" {
description = "The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1."
type = "string"
default = ""
}
variable "cloudfront_default_certificate" {
description = "if you want viewers to use HTTPS to request your objects and you're using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id."
type = "string"
default = ""
}
variable "iam_certificate_id" {
description = "The IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate."
type = "string"
default = ""
}
variable "minimum_protocol_version" {
description = "The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. See https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#minimum_protocol_version"
type = "string"
default = "TLSv1.2_2018"
}
variable "ssl_support_method" {
description = "Specifies how you want CloudFront to serve HTTPS requests. One of vip or sni-only. Required if you specify acm_certificate_arn or iam_certificate_id. NOTE: vip causes CloudFront to use a dedicated IP address and may incur extra charges."
type = "string"
default = "sni-only"
}
# WAF
variable "web_acl_id" {
description = "The AWS WAF web ACL to associate with this distribution."
type = "string"
default = ""
}
# Custom Error Response
# http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-error-pages.html#custom-error-pages-procedure
# https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#custom-error-response-arguments
#
# error_code (Required) - The 4xx or 5xx HTTP status code that you want to customize.
# error_caching_min_ttl (Optional) - The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.
# response_code (Optional) - The HTTP status code that you want CloudFront to return with the custom error page to the viewer.
# response_page_path (Optional) - The path of the custom error page (for example, /custom_404.html).
# Note, response_code and response_page_path must be used together, if either is specified.
variable "custom_error_response" {
description = "(Optional) - List of one or more custom error response element maps"
type = "list"
default = []
}