Update cloudfront policies module

tedilabs · Nov 30, 2023 · 8193cb0 · 8193cb0
1 parent 50dead6
commit 8193cb0
Show file tree

Hide file tree

Showing 11 changed files with 69 additions and 39 deletions.
diff --git a/modules/cache-policy/README.md b/modules/cache-policy/README.md
@@ -9,14 +9,14 @@ This module creates following resources.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.19 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.28.0 |
 
 ## Modules
 

diff --git a/modules/cache-policy/versions.tf b/modules/cache-policy/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.5"
+  required_version = ">= 1.6"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.22"
+      version = ">= 5.19"
     }
   }
 }
diff --git a/modules/origin-request-policy/README.md b/modules/origin-request-policy/README.md
@@ -9,14 +9,14 @@ This module creates following resources.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.19 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.28.0 |
 
 ## Modules
 
@@ -34,9 +34,9 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_name"></a> [name](#input\_name) | (Required) A unique name to identify the CloudFront Origin Request Policy. | `string` | n/a | yes |
 | <a name="input_description"></a> [description](#input\_description) | (Optional) The description of the origin request policy. | `string` | `"Managed by Terraform."` | no |
-| <a name="input_forwarding_cookies"></a> [forwarding\_cookies](#input\_forwarding\_cookies) | (Optional) A configuration for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.<br>    (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_forwarding_headers"></a> [forwarding\_headers](#input\_forwarding\_headers) | (Optional) A configuration for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.<br>    (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.<br>    (Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_forwarding_query_strings"></a> [forwarding\_query\_strings](#input\_forwarding\_query\_strings) | (Optional) A configuration for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.<br>    (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_forwarding_cookies"></a> [forwarding\_cookies](#input\_forwarding\_cookies) | (Optional) A configuration for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.<br>    (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`, `BLACKLIST`. Defaults to `NONE`.<br>    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_forwarding_headers"></a> [forwarding\_headers](#input\_forwarding\_headers) | (Optional) A configuration for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.<br>    (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.<br>    (Optional) `items` - A list of header names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_forwarding_query_strings"></a> [forwarding\_query\_strings](#input\_forwarding\_query\_strings) | (Optional) A configuration for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.<br>    (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of query string names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
 
 ## Outputs
 

diff --git a/modules/origin-request-policy/main.tf b/modules/origin-request-policy/main.tf
@@ -31,7 +31,7 @@ resource "aws_cloudfront_origin_request_policy" "this" {
     cookie_behavior = local.behaviors[var.forwarding_cookies.behavior]
 
     dynamic "cookies" {
-      for_each = contains(["WHITELIST"], var.forwarding_cookies.behavior) ? [var.forwarding_cookies] : []
+      for_each = contains(["WHITELIST", "BLACKLIST"], var.forwarding_cookies.behavior) ? [var.forwarding_cookies] : []
 
       content {
         items = cookies.value.items
@@ -42,7 +42,7 @@ resource "aws_cloudfront_origin_request_policy" "this" {
     header_behavior = local.behaviors[var.forwarding_headers.behavior]
 
     dynamic "headers" {
-      for_each = contains(["WHITELIST", "ALL_VIEWER_AND_CLOUDFRONT_WHITELIST"], var.forwarding_headers.behavior) ? [var.forwarding_headers] : []
+      for_each = contains(["WHITELIST", "BLACKLIST", "ALL_VIEWER_AND_CLOUDFRONT_WHITELIST"], var.forwarding_headers.behavior) ? [var.forwarding_headers] : []
 
       content {
         items = headers.value.items
@@ -53,7 +53,7 @@ resource "aws_cloudfront_origin_request_policy" "this" {
     query_string_behavior = local.behaviors[var.forwarding_query_strings.behavior]
 
     dynamic "query_strings" {
-      for_each = contains(["WHITELIST"], var.forwarding_query_strings.behavior) ? [var.forwarding_query_strings] : []
+      for_each = contains(["WHITELIST", "BLACKLIST"], var.forwarding_query_strings.behavior) ? [var.forwarding_query_strings] : []
 
       content {
         items = query_strings.value.items

diff --git a/modules/origin-request-policy/variables.tf b/modules/origin-request-policy/variables.tf
@@ -13,8 +13,8 @@ variable "description" {
 variable "forwarding_cookies" {
   description = <<EOF
   (Optional) A configuration for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.
-    (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.
-    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST`.
+    (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`, `BLACKLIST`. Defaults to `NONE`.
+    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST`.
   EOF
   type = object({
     behavior = optional(string, "NONE")
@@ -24,16 +24,16 @@ variable "forwarding_cookies" {
   nullable = false
 
   validation {
-    condition     = contains(["NONE", "WHITELIST", "ALL"], var.forwarding_cookies.behavior)
-    error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, and `ALL`."
+    condition     = contains(["NONE", "WHITELIST", "ALL", "BLACKLIST"], var.forwarding_cookies.behavior)
+    error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, `ALL`, and `BLACKLIST`."
   }
 }
 
 variable "forwarding_headers" {
   description = <<EOF
   (Optional) A configuration for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.
-    (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.
-    (Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`.
+    (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.
+    (Optional) `items` - A list of header names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`.
   EOF
   type = object({
     behavior = optional(string, "NONE")
@@ -43,16 +43,16 @@ variable "forwarding_headers" {
   nullable = false
 
   validation {
-    condition     = contains(["NONE", "WHITELIST", "ALL_VIEWER", "ALL_VIEWER_AND_CLOUDFRONT_WHITELIST"], var.forwarding_headers.behavior)
-    error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`."
+    condition     = contains(["NONE", "WHITELIST", "BLACKLIST", "ALL_VIEWER", "ALL_VIEWER_AND_CLOUDFRONT_WHITELIST"], var.forwarding_headers.behavior)
+    error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`."
   }
 }
 
 variable "forwarding_query_strings" {
   description = <<EOF
   (Optional) A configuration for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.
-    (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.
-    (Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST`.
+    (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.
+    (Optional) `items` - A list of query string names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST`.
   EOF
   type = object({
     behavior = optional(string, "NONE")
@@ -62,7 +62,7 @@ variable "forwarding_query_strings" {
   nullable = false
 
   validation {
-    condition     = contains(["NONE", "WHITELIST", "ALL"], var.forwarding_query_strings.behavior)
-    error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, and `ALL`."
+    condition     = contains(["NONE", "WHITELIST", "BLACKLIST", "ALL"], var.forwarding_query_strings.behavior)
+    error_message = "Valid values for `behavior` are `NONE`, `WHITELIST`, `BLACKLIST`, and `ALL`."
   }
 }
diff --git a/modules/origin-request-policy/versions.tf b/modules/origin-request-policy/versions.tf
@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.5"
+  required_version = ">= 1.6"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.22"
+      version = ">= 5.19"
     }
   }
 }