This module deploys a CloudFront distribution as a Content Distribution Network
(CDN) in front of an S3 bucket. This reduces latency for your users, by caching your
static content in servers around the world. It also allows you to use SSL with the static content in an S3 bucket.
Check out vars.tf for all parameters you can set for this module.
Public vs private S3 buckets
This module can work with two types of S3 buckets:
Public S3 bucket: You can use this module to deploy CloudFront in front of an S3 bucket that has been configured
as a website. This configuration allows you to
configure custom routing
rules,
custom error documents and other useful
features for running a static website. The disadvantage is that you have to make your S3 bucket publicly
accessible,
which means users who know the URL could access the bucket directly, bypassing CloudFront. Despite this minor
limitation, we recommend this option for most users, as it provides the best experience for running a website on S3.
To use this option, set the s3_bucket_is_public_website parameter to true and set the bucket_website_endpoint
parameter to the publicly-accessible endpoint for your S3 website.
Private S3 bucket: You can use this module to deploy CloudFront in front of a standard, private S3 bucket. The
advantage of this is that users can only access the contents of the S3 bucket by going via CloudFront (they can't
access the S3 bucket directly). The disadvantage is that you cannot use any of the S3 website features, such as
routing rules and custom error pages. This option is recommended if you have to keep the contents of the S3 bucket
secure (see also Serving Private Content through
CloudFront). To use this
option, set the s3_bucket_is_public_website parameter to false and make sure to configure the IAM permissions
for your S3 bucket to allow access from the CloudFront distributions Origin Access Identity, which is accessible
via the cloudfront_origin_access_identity_iam_arn output variable.
NOTE: For some reason, the Private S3 bucket option currently ONLY works in us-east1. In all other regions, you
get 403: Access Denied errors. We are still investigating why, but for the time being, deploy your entire static
website in us-east-1 and things will work fine.
How do I test my website?
This module outputs the domain name of your website using the cloudfront_domain_name output variable.
By default, the domain name will be of the form:
<ID>.cloudfront.net
Where ID is a unique ID generated for your CloudFront distribution. For example:
d111111abcdef8.cloudfront.net
If you set var.create_route53_entry to true, then this module will create a DNS A record in Route
53 for your CloudFront distribution with the domain name in
var.domain_name, and you will be able to use that custom domain name to access your bucket instead of the
amazonaws.com domain.
How do I configure HTTPS (SSL)?
If you are using the default .cloudfront.net domain name, then you can use it with HTTPS with no extra changes:
https://<ID>.cloudfront.net
If you are using a custom domain name, to use HTTPS, you need to specify the ARN of either an AWS Certificate Manager
(ACM) certificate via the acm_certificate_arn parameter or a
custom certificate in IAM via the
iam_certificate_id parameter. We recommend using ACM certs as they are free, very quick to set up, and best of all,
AWS automatically renews them for you.
NOTE: If you set either acm_certificate_arn or iam_certificate_id you must set use_cloudfront_default_certificate
to false.
Origin Group Support
This module can also create a CloudFront distribution that uses an Origin Group to serve content. The primary purpose of this is to have secondary bucket(s), which serve as a failover bucket in the event your primary bucket and/or its contents are not accessible.
How To Configure
To use the Origin Group feature, you will need to provide values for the following variables:
failover_buckets
failover_bucket_website_endpoints (if making a public site)
Limitations
To create a CloudFront distribution with Terraform, you use the aws_cloudfront_distribution
resource.
Unfortunately, this resource primarily consists of "inline blocks", which do not work well in Terraform modules, as
there is no way to create them dynamically based on the module's inputs.
As a results, the CloudFront distribution in this module is limited to a fixed set of settings that should work for
most use cases, but is not particularly flexible. In particular, the limitations are as follows:
Only one origin—an S3 bucket—is supported
(origin is an inline
block). You specify the bucket to use via the bucket_name parameter.
Only one set of geo restrictions is supported
(geo_restrictions
is an inline block). You can optionally specify the restrictions via the geo_restriction_type and
geo_locations_list parameters.
Only one default cache behavior is supported
(cache behaviors
is an inline block). You can control the default cache settings using a number of parameters, including
cached_methods, default_ttl, min_ttl, max_ttl, and many others (see vars.tf for the full list).
Only two error responses are supported
(error responses
is an inline block). You can specify the 404 and 500 response paths using the error_document_404 and
error_document_500 parameters, respectively.
You can not specify specify query string parameters to cache
(query_string_cache_keys
is an inline block nested in an inline block).
custom_header is not
yet supported as it consists of inline blocks in an inline block.
If configuring an Origin Group, due to an AWS limitation, only "GET", "HEAD", and "OPTIONS" methods are allowed for caching
If you absolutely need some of these features, the only solution available for now is to copy and paste this module
into your own codebase, using it as a guide, and adding the tweaks you need.
Questions? Ask away.
We're here to talk about our services, answer any questions, give advice, or just to chat.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"ba7ce7fb3d16e6b36edcc70804c83c9c374e4974"},{"name":"post-upgrade-test-results.sh","path":".circleci/post-upgrade-test-results.sh","sha":"a4867e8fbdc334b7a90259568ee41ea577fbe764"},{"name":"set-upgrade-test-vars.sh","path":".circleci/set-upgrade-test-vars.sh","sha":"cffb014a3a9a7fb92f5acdd7931cb6b7571ac26c"}]},{"name":".github","children":[{"name":"ISSUE_TEMPLATE","children":[{"name":"bug_report.md","path":".github/ISSUE_TEMPLATE/bug_report.md","sha":"d2e87e27c601e423865ed660ec697082470ca60f"},{"name":"feature_request.md","path":".github/ISSUE_TEMPLATE/feature_request.md","sha":"023a33099be2336476930c96e17ff1ba5dc55348"}]},{"name":"pull_request_template.md","path":".github/pull_request_template.md","sha":"6b100e40e323b5b07f40ed30616277c51c9f4b9e"}]},{"name":".gitignore","path":".gitignore","sha":"aefaef0f6bfce67d33d546e00f98075aa1c21844"},{"name":".pre-commit-config.yaml","path":".pre-commit-config.yaml","sha":"23068872ca60d7f40ae10c05ea8e5915d04056dc"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"70e040248a707df97162f4607621dcbb99fdc689"},{"name":"LICENSE.txt","path":"LICENSE.txt","sha":"f4e3d9bd4717a044ed31ad847a300eee74371a78"},{"name":"README.md","path":"README.md","sha":"d4a23f35f54a390ca83e66646b48101858369896"},{"name":"examples","children":[{"name":"bin","children":[{"name":"s3-upload.sh","path":"examples/bin/s3-upload.sh","sha":"616167707b12a9ed678286f6829d06ae39b8bfb0"}]},{"name":"cloudfront-s3-private-origin-group","children":[{"name":"README.md","path":"examples/cloudfront-s3-private-origin-group/README.md","sha":"eb67a232f842fa217e11124523ec06d3bb2e6b90"},{"name":"main.tf","path":"examples/cloudfront-s3-private-origin-group/main.tf","sha":"edb238b90791fe0f84a7bfc7f3f39f8056090fc5"},{"name":"outputs.tf","path":"examples/cloudfront-s3-private-origin-group/outputs.tf","sha":"7ad8a7de25248890dd41ec74575fb18e206cf93b"},{"name":"variables.tf","path":"examples/cloudfront-s3-private-origin-group/variables.tf","sha":"461237b7ed653c66d77e0f16ef3a0f904c6c056f"}]},{"name":"cloudfront-s3-private-with-custom-bucket-policy","children":[{"name":"README.md","path":"examples/cloudfront-s3-private-with-custom-bucket-policy/README.md","sha":"9fd41cc48b1b127c68c2bf80bcfb4f77ad4c1498"},{"name":"main.tf","path":"examples/cloudfront-s3-private-with-custom-bucket-policy/main.tf","sha":"3767e769ab58c968c0f6833a62b689c170d0d887"},{"name":"outputs.tf","path":"examples/cloudfront-s3-private-with-custom-bucket-policy/outputs.tf","sha":"4028b7c112eb547208079b450305f8560d451deb"},{"name":"s3-bucket-policies.yaml","path":"examples/cloudfront-s3-private-with-custom-bucket-policy/s3-bucket-policies.yaml","sha":"50f2f62efc50de0f0e5185b1ba975b35cf727f4b"},{"name":"variables.tf","path":"examples/cloudfront-s3-private-with-custom-bucket-policy/variables.tf","sha":"6718f677373e403a0544c600506f885363b04f70"}]},{"name":"cloudfront-s3-private-with-function","children":[{"name":"README.md","path":"examples/cloudfront-s3-private-with-function/README.md","sha":"7af9c93026f727a340aac477c8d83f4a28ec51ce"},{"name":"function","children":[{"name":"index.js","path":"examples/cloudfront-s3-private-with-function/function/index.js","sha":"3e17c169478322745df5b62e61631ab57ceca6a0"}]},{"name":"main.tf","path":"examples/cloudfront-s3-private-with-function/main.tf","sha":"4962f319ee1e29f6bb0c51d1dc2f17e0fb937033"},{"name":"outputs.tf","path":"examples/cloudfront-s3-private-with-function/outputs.tf","sha":"4028b7c112eb547208079b450305f8560d451deb"},{"name":"variables.tf","path":"examples/cloudfront-s3-private-with-function/variables.tf","sha":"1b04323d35a6184e912ed5440ed24955308bfdfe"}]},{"name":"cloudfront-s3-private","children":[{"name":"README.md","path":"examples/cloudfront-s3-private/README.md","sha":"9fd41cc48b1b127c68c2bf80bcfb4f77ad4c1498"},{"name":"main.tf","path":"examples/cloudfront-s3-private/main.tf","sha":"946ea609e9416bd0f12a6e9802de4f802df9cbe4"},{"name":"outputs.tf","path":"examples/cloudfront-s3-private/outputs.tf","sha":"4028b7c112eb547208079b450305f8560d451deb"},{"name":"variables.tf","path":"examples/cloudfront-s3-private/variables.tf","sha":"1b04323d35a6184e912ed5440ed24955308bfdfe"}]},{"name":"cloudfront-s3-public-origin-group","children":[{"name":"README.md","path":"examples/cloudfront-s3-public-origin-group/README.md","sha":"80e5a99578d8c9eba230531ac040a8e82aebfebd"},{"name":"main.tf","path":"examples/cloudfront-s3-public-origin-group/main.tf","sha":"0cbf672abccd9c40db2056b471014d6a2586942e"},{"name":"outputs.tf","path":"examples/cloudfront-s3-public-origin-group/outputs.tf","sha":"8882441bc7e074e7e77b8e8bf79332bacf7008a6"},{"name":"variables.tf","path":"examples/cloudfront-s3-public-origin-group/variables.tf","sha":"3d74b609cfcc43cceaedcc6cc285c78b51696724"}]},{"name":"cloudfront-s3-public","children":[{"name":"README.md","path":"examples/cloudfront-s3-public/README.md","sha":"aed32ebaa3e145939ee0e027125583200673c104"},{"name":"lambda","children":[{"name":"index.py","path":"examples/cloudfront-s3-public/lambda/index.py","sha":"f9a4c9c0965ed79eb1ad015c7050a0dde2a1ef74"}]},{"name":"main.tf","path":"examples/cloudfront-s3-public/main.tf","sha":"d78efe63594d79f4d15ceaa78b60aad492d1ffca"},{"name":"outputs.tf","path":"examples/cloudfront-s3-public/outputs.tf","sha":"4028b7c112eb547208079b450305f8560d451deb"},{"name":"variables.tf","path":"examples/cloudfront-s3-public/variables.tf","sha":"495258d706da659dbaa1fa914428f9bf7f206da5"}]},{"name":"example-website","children":[{"name":"README.md","path":"examples/example-website/README.md","sha":"359ae6d06f8e77244f18c42704637b8e6ef498c6"},{"name":"error.html","path":"examples/example-website/error.html","sha":"0a959f6cec57577c7c167d362c143e31f215b07c"},{"name":"grunty.png","path":"examples/example-website/grunty.png","sha":"fa4bab8d46d843cd22b20f16bcda72e9d4c86680"},{"name":"index.html","path":"examples/example-website/index.html","sha":"a1457ee18744c564fe0b19b1b1ee1f97434f901d"},{"name":"subfolder","children":[{"name":"index.html","path":"examples/example-website/subfolder/index.html","sha":"496cf61adeb14592511894ceb6250c5b0545b0e7"}]}]},{"name":"s3-static-website","children":[{"name":"README.md","path":"examples/s3-static-website/README.md","sha":"a2d9c34b338551214ccf7df40d63bfa98ae5bae6"},{"name":"main.tf","path":"examples/s3-static-website/main.tf","sha":"555a2d59ed3ab5692666d96bb4a62633c10cb802"},{"name":"outputs.tf","path":"examples/s3-static-website/outputs.tf","sha":"266783fdf9ce2641bb2714ad1e9ada8e7b56f018"},{"name":"variables.tf","path":"examples/s3-static-website/variables.tf","sha":"03f9fb0227c14930cf32e3f38ef0bdf820506a9d"}]}]},{"name":"modules","children":[{"name":"_docs","children":[{"name":"s3-architecture.png","path":"modules/_docs/s3-architecture.png","sha":"24664de39064d5c6767105b75d002bddf763ff82"},{"name":"s3.png","path":"modules/_docs/s3.png","sha":"667a181c90817858914551e9b2fa376fa1c8f177"}]},{"name":"s3-cloudfront","children":[{"name":"README.md","path":"modules/s3-cloudfront/README.md","sha":"ee62c57a95de32148da765bb56217bbe41a9ae5f","toggled":true},{"name":"main.tf","path":"modules/s3-cloudfront/main.tf","sha":"6dcc140be99efb9a83517a6002084896abb270ef"},{"name":"outputs.tf","path":"modules/s3-cloudfront/outputs.tf","sha":"0944924a43237d2cf1faa8ff38311523a1167c7a"},{"name":"variables.tf","path":"modules/s3-cloudfront/variables.tf","sha":"9ab3e54295b98be37171a155100ceca2fabd3205"}],"toggled":true},{"name":"s3-static-website","children":[{"name":"README.adoc","path":"modules/s3-static-website/README.adoc","sha":"3ea276e35d3b46836af9adc09fd40e95105d1ad3"},{"name":"core-concepts.md","path":"modules/s3-static-website/core-concepts.md","sha":"6831fb0e8e930349314c03dd0db5ca16a0703dc5"},{"name":"main.tf","path":"modules/s3-static-website/main.tf","sha":"da104f922a6263d4802b22c2ab060410532494da"},{"name":"outputs.tf","path":"modules/s3-static-website/outputs.tf","sha":"107a021aa4acf2f6ff1e254aa8727ceaf080fce2"},{"name":"variables.tf","path":"modules/s3-static-website/variables.tf","sha":"4aa3211010aee89bf541bb933233beb12c6d825e"}]}],"toggled":true},{"name":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","path":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","sha":"ae586c0fe830819580e1009d41a9074f16e65bed"},{"name":"test","children":[{"name":"README.md","path":"test/README.md","sha":"2b6dbdbf2af81a41b0b7105894f8ec1746bf8ae8"},{"name":"go.mod","path":"test/go.mod","sha":"7829d4579a6c54d1558a2db134bb980ddc674573"},{"name":"go.sum","path":"test/go.sum","sha":"2fa320c78869cb6fb982638cb8e17463cd4c4fd9"},{"name":"s3_cloudfront_canonical_user_test.go","path":"test/s3_cloudfront_canonical_user_test.go","sha":"83c3998b4d5901a0acb58d04eab18006e8dc3dbf"},{"name":"s3_cloudfront_custom_bucket_policy_test.go","path":"test/s3_cloudfront_custom_bucket_policy_test.go","sha":"eab324cd58d6e6803d641b0387acf1ead1e98ef5"},{"name":"s3_cloudfront_function_test.go","path":"test/s3_cloudfront_function_test.go","sha":"eb310d955465b5b0cb3bfc07532dd84ed1efcce2"},{"name":"s3_cloudfront_origin_group_test.go","path":"test/s3_cloudfront_origin_group_test.go","sha":"f6fb71fdc0a5afe17ebfb05df5f7dbc06b1cde5d"},{"name":"s3_cloudfront_test.go","path":"test/s3_cloudfront_test.go","sha":"8bcfe80fb45e14f83a6ef850be7cfc3d0d68b617"},{"name":"s3_static_website_test.go","path":"test/s3_static_website_test.go","sha":"ffc233a8c20259a4665132af20a2b0fbd470c041"},{"name":"test_helpers.go","path":"test/test_helpers.go","sha":"c04949e9f103ae8c63e5d629daccb10d40e28868"},{"name":"upgrades","children":[{"name":"upgrade_test.go","path":"test/upgrades/upgrade_test.go","sha":"a09ac360075309566b4823b516e94c6e8ce8c511"}]},{"name":"validation","children":[{"name":"validate_all_modules_and_examples_test.go","path":"test/validation/validate_all_modules_and_examples_test.go","sha":"33d73c385b64c4fc870033e99427e683c31dc45a"}]}]}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"s-3-cloud-front-module\">S3 CloudFront Module</h1><div class=\"preview__body--border\"></div><p>This module deploys a <a href=\"https://aws.amazon.com/cloudfront/\" class=\"preview__body--description--blue\" target=\"_blank\">CloudFront</a> distribution as a Content Distribution Network\n(CDN) in front of an <a href=\"https://aws.amazon.com/s3/\" class=\"preview__body--description--blue\" target=\"_blank\">S3 bucket</a>. This reduces latency for your users, by caching your\nstatic content in servers around the world. It also allows you to use SSL with the static content in an S3 bucket.</p>\n<p>See the <a href=\"/repos/v0.16.0/package-static-assets/modules/s3-static-website\" class=\"preview__body--description--blue\">s3-static-website module</a> for how to deploy static content in an S3 bucket.</p>\n<h2 class=\"preview__body--subtitle\" id=\"quick-start\">Quick Start</h2>\n<ul>\n<li>See the <a href=\"/repos/v0.16.0/package-static-assets/examples/cloudfront-s3-public\" class=\"preview__body--description--blue\">cloudfront-s3-public</a> and\n<a href=\"/repos/v0.16.0/package-static-assets/examples/cloudfront-s3-private\" class=\"preview__body--description--blue\">cloudfront-s3-private</a> examples for working sample code.</li>\n<li>Check out <a href=\"/repos/v0.16.0/package-static-assets/modules/s3-cloudfront/vars.tf\" class=\"preview__body--description--blue\">vars.tf</a> for all parameters you can set for this module.</li>\n</ul>\n<h2 class=\"preview__body--subtitle\" id=\"public-vs-private-s-3-buckets\">Public vs private S3 buckets</h2>\n<p>This module can work with two types of S3 buckets:</p>\n<ul>\n<li>\n<p><strong>Public S3 bucket</strong>: You can use this module to deploy CloudFront in front of an S3 bucket that has been configured\nas a <a href=\"http://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html\" class=\"preview__body--description--blue\" target=\"_blank\">website</a>. This configuration allows you to\nconfigure <a href=\"http://docs.aws.amazon.com/AmazonS3/latest/dev/HowDoIWebsiteConfiguration.html#configure-bucket-as-website-routing-rule-syntax\" class=\"preview__body--description--blue\" target=\"_blank\">custom routing\nrules</a>,\n<a href=\"http://docs.aws.amazon.com/AmazonS3/latest/dev/CustomErrorDocSupport.html\" class=\"preview__body--description--blue\" target=\"_blank\">custom error documents</a> and other useful\nfeatures for running a static website. The disadvantage is that you have to <a href=\"http://docs.aws.amazon.com/AmazonS3/latest/dev/HostingWebsiteOnS3Setup.html#step2-add-bucket-policy-make-content-public\" class=\"preview__body--description--blue\" target=\"_blank\">make your S3 bucket publicly\naccessible</a>,\nwhich means users who know the URL could access the bucket directly, bypassing CloudFront. Despite this minor\nlimitation, we recommend this option for most users, as it provides the best experience for running a website on S3.\nTo use this option, set the <code>s3_bucket_is_public_website</code> parameter to <code>true</code> and set the <code>bucket_website_endpoint</code>\nparameter to the publicly-accessible endpoint for your S3 website.</p>\n</li>\n<li>\n<p><strong>Private S3 bucket</strong>: You can use this module to deploy CloudFront in front of a standard, private S3 bucket. The\nadvantage of this is that users can only access the contents of the S3 bucket by going via CloudFront (they can't\naccess the S3 bucket directly). The disadvantage is that you cannot use any of the S3 website features, such as\nrouting rules and custom error pages. This option is recommended if you have to keep the contents of the S3 bucket\nsecure (see also <a href=\"http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html\" class=\"preview__body--description--blue\" target=\"_blank\">Serving Private Content through\nCloudFront</a>). To use this\noption, set the <code>s3_bucket_is_public_website</code> parameter to <code>false</code> and make sure to configure the IAM permissions\nfor your S3 bucket to allow access from the CloudFront distributions Origin Access Identity, which is accessible\nvia the <code>cloudfront_origin_access_identity_iam_arn</code> output variable.</p>\n</li>\n</ul>\n<p><strong>NOTE</strong>: For some reason, the Private S3 bucket option currently ONLY works in <code>us-east1</code>. In all other regions, you\nget 403: Access Denied errors. We are still investigating why, but for the time being, deploy your entire static\nwebsite in <code>us-east-1</code> and things will work fine.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-i-test-my-website\">How do I test my website?</h2>\n<p>This module outputs the domain name of your website using the <code>cloudfront_domain_name</code> output variable.</p>\n<p>By default, the domain name will be of the form:</p>\n<pre><<span class=\"hljs-selector-tag\">ID</span>><span class=\"hljs-selector-class\">.cloudfront</span><span class=\"hljs-selector-class\">.net</span>\n</pre>\n<p>Where <code>ID</code> is a unique ID generated for your CloudFront distribution. For example:</p>\n<pre><span class=\"hljs-selector-tag\">d111111abcdef8</span><span class=\"hljs-selector-class\">.cloudfront</span><span class=\"hljs-selector-class\">.net</span>\n</pre>\n<p>If you set <code>var.create_route53_entry</code> to true, then this module will create a DNS A record in <a href=\"https://aws.amazon.com/route53/\" class=\"preview__body--description--blue\" target=\"_blank\">Route\n53</a> for your CloudFront distribution with the domain name in\n<code>var.domain_name</code>, and you will be able to use that custom domain name to access your bucket instead of the\n<code>amazonaws.com</code> domain.</p>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-i-configure-https-ssl\">How do I configure HTTPS (SSL)?</h2>\n<p>If you are using the default <code>.cloudfront.net</code> domain name, then you can use it with HTTPS with no extra changes:</p>\n<pre><span class=\"hljs-symbol\">https:</span><span class=\"hljs-comment\">//<ID>.cloudfront.net</span>\n</pre>\n<p>If you are using a custom domain name, to use HTTPS, you need to specify the ARN of either an <a href=\"https://aws.amazon.com/certificate-manager/\" class=\"preview__body--description--blue\" target=\"_blank\">AWS Certificate Manager\n(ACM)</a> certificate via the <code>acm_certificate_arn</code> parameter or a\ncustom <a href=\"http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html\" class=\"preview__body--description--blue\" target=\"_blank\">certificate in IAM</a> via the\n<code>iam_certificate_id</code> parameter. We recommend using ACM certs as they are free, very quick to set up, and best of all,\nAWS automatically renews them for you.</p>\n<p><strong>NOTE</strong>: If you set either <code>acm_certificate_arn</code> or <code>iam_certificate_id</code> you must set <code>use_cloudfront_default_certificate</code>\nto <code>false</code>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"origin-group-support\">Origin Group Support</h2>\n<p>This module can also create a CloudFront distribution that uses an Origin Group to serve content. The primary purpose of this is to have secondary bucket(s), which serve as a failover bucket in the event your primary bucket and/or its contents are not accessible.</p>\n<h3 class=\"preview__body--subtitle\" id=\"how-to-configure\">How To Configure</h3>\n<p>To use the Origin Group feature, you will need to provide values for the following variables:</p>\n<ul>\n<li>failover_buckets</li>\n<li>failover_bucket_website_endpoints (if making a public site)</li>\n</ul>\n<h2 class=\"preview__body--subtitle\" id=\"limitations\">Limitations</h2>\n<p>To create a CloudFront distribution with Terraform, you use the <a href=\"https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#viewer-certificate-arguments\" class=\"preview__body--description--blue\" target=\"_blank\">aws_cloudfront_distribution\nresource</a>.\nUnfortunately, this resource primarily consists of "inline blocks", which do not work well in Terraform modules, as\nthere is no way to create them dynamically based on the module's inputs.</p>\n<p>As a results, the CloudFront distribution in this module is limited to a fixed set of settings that should work for\nmost use cases, but is not particularly flexible. In particular, the limitations are as follows:</p>\n<ul>\n<li>\n<p>Only one origin—an S3 bucket—is supported\n(<a href=\"https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments\" class=\"preview__body--description--blue\" target=\"_blank\">origin</a> is an inline\nblock). You specify the bucket to use via the <code>bucket_name</code> parameter.</p>\n</li>\n<li>\n<p>Only one set of geo restrictions is supported\n(<a href=\"https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#restrictions-arguments\" class=\"preview__body--description--blue\" target=\"_blank\">geo_restrictions</a>\nis an inline block). You can optionally specify the restrictions via the <code>geo_restriction_type</code> and\n<code>geo_locations_list</code> parameters.</p>\n</li>\n<li>\n<p>Only one default cache behavior is supported\n(<a href=\"https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#cache-behavior-arguments\" class=\"preview__body--description--blue\" target=\"_blank\">cache behaviors</a>\nis an inline block). You can control the default cache settings using a number of parameters, including\n<code>cached_methods</code>, <code>default_ttl</code>, <code>min_ttl</code>, <code>max_ttl</code>, and many others (see <a href=\"/repos/v0.16.0/package-static-assets/modules/s3-cloudfront/vars.tf\" class=\"preview__body--description--blue\">vars.tf</a> for the full list).</p>\n</li>\n<li>\n<p>Only two error responses are supported\n(<a href=\"https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#custom-error-response-arguments\" class=\"preview__body--description--blue\" target=\"_blank\">error responses</a>\nis an inline block). You can specify the 404 and 500 response paths using the <code>error_document_404</code> and\n<code>error_document_500</code> parameters, respectively.</p>\n</li>\n<li>\n<p>You can not specify specify query string parameters to cache\n(<a href=\"https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#query_string_cache_keys\" class=\"preview__body--description--blue\" target=\"_blank\">query_string_cache_keys</a>\nis an inline block nested in an inline block).</p>\n</li>\n<li>\n<p><a href=\"https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#custom_header\" class=\"preview__body--description--blue\" target=\"_blank\">custom_header</a> is not\nyet supported as it consists of inline blocks in an inline block.</p>\n</li>\n<li>\n<p>If configuring an Origin Group, due to an AWS limitation, only "GET", "HEAD", and "OPTIONS" methods are allowed for caching</p>\n</li>\n</ul>\n<p>If you absolutely need some of these features, the only solution available for now is to copy and paste this module\ninto your own codebase, using it as a guide, and adding the tweaks you need.</p>\n","repoName":"package-static-assets","repoRef":"v0.15.9","serviceDescriptor":{"serviceName":"CloudFront","serviceRepoName":"package-static-assets","serviceRepoOrg":"gruntwork-io","serviceMainReadmePath":"/modules/s3-cloudfront","cloudProviders":["aws"],"description":"Deploy CloudFront as a CDN in front of your S3 bucket. Supports cache settings, Route 53 DNS entries, and TLS certs.","imageUrl":"cloudfront.png","licenseType":"subscriber","technologies":["Terraform"],"compliance":[],"tags":[""]},"serviceCategoryName":"Static content","fileName":"README.md","filePath":"/modules/s3-cloudfront","title":"Repo Browser: CloudFront","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}
.circleci
main.tf
