Terraform module provisions CloudFront CDN resource on AWS.
We eat, drink, sleep and most importantly love DevOps. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure.
This module is basically combination of Terraform open source and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself.
We have fifty plus terraform modules. A few of them are comepleted and are available for open source usage while a few others are in progress.
This module has a few dependencies:
- Terraform 1.x.x
- Go
- github.com/stretchr/testify/assert
- github.com/gruntwork-io/terratest/modules/terraform
IMPORTANT: Since the master branch used in source varies based on new modifications, we suggest that you use the release versions here.
Here are some examples of how you can use this module in your inventory structure:
module "cdn" {
source = "clouddrove/cloudfront-cdn/aws"
version = "1.0.1"
name = "basic-cdn"
environment = "test"
label_order = ["name", "environment"]
enabled_bucket = true
compress = false
aliases = ["clouddrove.com"]
bucket_name = "test-bucket"
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["GET", "HEAD"]
acm_certificate_arn = "arn:aws:acm:eu-west-1:xxxxxxxxxxxx:certificate/xxxxxx-xxxx-xxxxx-xxxx"
} module "cdn" {
source = "clouddrove/cloudfront-cdn/aws"
version = "1.0.1"
name = "secure-cdn"
environment = "test"
label_order = ["name", "environment"]
aliases = ["clouddrove.com"]
bucket_name = "test-bucket"
viewer_protocol_policy = "redirect-to-https"
compress = false
allowed_methods = ["GET", "HEAD"]
acm_certificate_arn = "arn:aws:acm:eu-west-1:xxxxxxxxxxxx:certificate/xxxxxx-xxxx-xxxxx-xxxx"
trusted_signers = ["self"]
public_key_enable = true
public_key = "./../cdn.pem"
} module "cdn" {
source = "clouddrove/cloudfront-cdn/aws"
version = "1.0.1"
name = "domain-cdn"
environment = "test"
label_order = ["name", "environment"]
custom_domain = true
compress = false
aliases = ["clouddrove.com"]
domain_name = "clouddrove.com"
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["GET", "HEAD"]
acm_certificate_arn = "arn:aws:acm:eu-west-1:xxxxxxxxxxxx:certificate/xxxxxx-xxxx-xxxxx-xxxx"
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| acm_certificate_arn | Existing ACM Certificate ARN. | string |
"" |
no |
| aliases | List of FQDN's - Used to set the Alternate Domain Names (CNAMEs) setting on Cloudfront. | list(string) |
[] |
no |
| allowed_methods | List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for AWS CloudFront. | list(string) |
[ |
no |
| attributes | Additional attributes (e.g. 1). |
list(any) |
[] |
no |
| bucket_name | A unique identifier for the origin. | string |
"" |
no |
| cached_methods | List of cached methods (e.g. GET, PUT, POST, DELETE, HEAD). | list(string) |
[ |
no |
| cdn_enabled | Select Enabled if you want to created CloudFront. | bool |
true |
no |
| comment | Comment for the origin access identity. | string |
"Managed by Clouddrove" |
no |
| compress | Compress content for web requests that include Accept-Encoding: gzip in the request header. | bool |
false |
no |
| custom_domain | If cdn create with custom Domain. | bool |
false |
no |
| default_root_object | Object that CloudFront return when requests the root URL. | string |
"index.html" |
no |
| default_ttl | Default amount of time (in seconds) that an object is in a CloudFront cache. | number |
60 |
no |
| delimiter | Delimiter to be used between organization, environment, name and attributes. |
string |
"-" |
no |
| domain_name | The DNS domain name of your custom origin (e.g. clouddrove.com). | string |
"" |
no |
| enabled | Select Enabled if you want CloudFront to begin processing requests as soon as the distribution is created, or select Disabled if you do not want CloudFront to begin processing requests after the distribution is created. | bool |
true |
no |
| enabled_bucket | If cdn create with s3 bucket. | bool |
false |
no |
| environment | Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| error_caching_min_ttl | the value of errro caching min ttl | string |
"10" |
no |
| error_code | List of forwarded cookie names. | string |
"403" |
no |
| forward_cookies | Time in seconds that browser can cache the response for S3 bucket. | string |
"none" |
no |
| forward_cookies_whitelisted_names | List of forwarded cookie names. | list(any) |
[] |
no |
| forward_header_values | A list of whitelisted header values to forward to the origin. | list(string) |
[ |
no |
| forward_query_string | Forward query strings to the origin that is associated with this cache behavior. | bool |
false |
no |
| geo_restriction_locations | List of country codes for which CloudFront either to distribute content (whitelist) or not distribute your content (blacklist). | list(string) |
[] |
no |
| geo_restriction_type | Method that use to restrict distribution of your content by country: none, whitelist, or blacklist. |
string |
"none" |
no |
| http_version | The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2. | string |
"http2" |
no |
| is_ipv6_enabled | State of CloudFront IPv6. | bool |
true |
no |
| label_order | Label order, e.g. name,application. |
list(any) |
[] |
no |
| managedby | ManagedBy, eg 'CloudDrove'. | string |
"hello@clouddrove.com" |
no |
| max_ttl | Maximum amount of time (in seconds) that an object is in a CloudFront cache. | number |
31536000 |
no |
| min_ttl | Minimum amount of time that you want objects to stay in CloudFront caches. | number |
0 |
no |
| minimum_protocol_version | Cloudfront TLS minimum protocol version. | string |
"TLSv1" |
no |
| name | Name (e.g. app or cluster). |
string |
"" |
no |
| origin_force_destroy | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. true or false). |
bool |
false |
no |
| origin_http_port | The HTTP port the custom origin listens on. | number |
80 |
no |
| origin_https_port | The HTTPS port the custom origin listens on. | number |
443 |
no |
| origin_keepalive_timeout | The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase. | number |
60 |
no |
| origin_path | An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. It must begin with a /. Do not add a / at the end of the path. | string |
"" |
no |
| origin_protocol_policy | The origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer. | string |
"match-viewer" |
no |
| origin_read_timeout | The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase. | number |
60 |
no |
| origin_ssl_protocols | The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. | list(string) |
[ |
no |
| price_class | Price class for this distribution: PriceClass_All, PriceClass_200, PriceClass_100. |
string |
"PriceClass_100" |
no |
| public_key | It encoded public key that you want to add to CloudFront to use with features like field-level encryption. | string |
"" |
no |
| public_key_enable | Public key enable or disable. | bool |
false |
no |
| repository | Terraform current module repo | string |
"https://github.com/clouddrove/terraform-aws-cloudfront-cdn" |
no |
| response_code | page not found code | string |
"404" |
no |
| response_page_path | The path of the custom error page (for example, /custom_404.html). | string |
"/index.html" |
no |
| smooth_streaming | Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. | bool |
false |
no |
| ssl_support_method | Specifies how you want CloudFront to serve HTTPS requests. One of vip or sni-only. |
string |
"sni-only" |
no |
| tags | Additional tags (e.g. map(BusinessUnit,XYZ). |
map(any) |
{} |
no |
| trusted_signers | The AWS accounts, if any, that you want to allow to create signed URLs for private content. | list(string) |
[] |
no |
| viewer_protocol_policy | Allow-all, redirect-to-https. | string |
"" |
no |
| web_acl_id | Web ACL ID that can be attached to the Cloudfront distribution. | string |
"" |
no |
| Name | Description |
|---|---|
| access_identity_etag | The current version of the origin access identity's information. |
| access_identity_id | The identifier for the distribution. |
| arn | The ARN (Amazon Resource Name) for the distribution. |
| domain_name | The domain name corresponding to the distribution. |
| etag | The current version of the distribution's information. |
| hosted_zone_id | The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. |
| id | The identifier for the distribution. |
| pubkey_etag | The current version of the public key. |
| pubkey_id | The identifier for the public key. |
| status | The current status of the distribution. |
| tags | A mapping of tags to assign to the resource. |
In this module testing is performed with terratest and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a GO environment in your system.
You need to run the following command in the testing folder:
go test -run TestIf you come accross a bug or have any feedback, please log it in our issue tracker, or feel free to drop us an email at hello@clouddrove.com.
If you have found it worth your time, go ahead and give us a ★ on our GitHub!
At CloudDrove, we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering.
We are The Cloud Experts!
We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.