From 8193cb0cb444902a62cbd900042e71bc10cfd780 Mon Sep 17 00:00:00 2001 From: Byungjin Park Date: Thu, 30 Nov 2023 18:52:00 +0900 Subject: [PATCH] Update cloudfront policies module --- modules/cache-policy/README.md | 6 ++--- modules/cache-policy/versions.tf | 4 ++-- modules/origin-request-policy/README.md | 12 +++++----- modules/origin-request-policy/main.tf | 6 ++--- modules/origin-request-policy/variables.tf | 24 ++++++++++---------- modules/origin-request-policy/versions.tf | 4 ++-- modules/response-headers-policy/README.md | 8 ++++--- modules/response-headers-policy/main.tf | 24 ++++++++++++++++---- modules/response-headers-policy/outputs.tf | 7 +++++- modules/response-headers-policy/variables.tf | 9 ++++++++ modules/response-headers-policy/versions.tf | 4 ++-- 11 files changed, 69 insertions(+), 39 deletions(-) diff --git a/modules/cache-policy/README.md b/modules/cache-policy/README.md index 86eb034..88a4187 100644 --- a/modules/cache-policy/README.md +++ b/modules/cache-policy/README.md @@ -9,14 +9,14 @@ This module creates following resources. | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.5 | -| [aws](#requirement\_aws) | >= 4.22 | +| [terraform](#requirement\_terraform) | >= 1.6 | +| [aws](#requirement\_aws) | >= 5.19 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.19.0 | +| [aws](#provider\_aws) | 5.28.0 | ## Modules diff --git a/modules/cache-policy/versions.tf b/modules/cache-policy/versions.tf index 16131a3..0c5b06a 100644 --- a/modules/cache-policy/versions.tf +++ b/modules/cache-policy/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.5" + required_version = ">= 1.6" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.22" + version = ">= 5.19" } } } diff --git a/modules/origin-request-policy/README.md b/modules/origin-request-policy/README.md index 5975388..b9cc4b7 100644 --- a/modules/origin-request-policy/README.md +++ b/modules/origin-request-policy/README.md @@ -9,14 +9,14 @@ This module creates following resources. | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.5 | -| [aws](#requirement\_aws) | >= 4.22 | +| [terraform](#requirement\_terraform) | >= 1.6 | +| [aws](#requirement\_aws) | >= 5.19 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.19.0 | +| [aws](#provider\_aws) | 5.28.0 | ## Modules @@ -34,9 +34,9 @@ No modules. |------|-------------|------|---------|:--------:| | [name](#input\_name) | (Required) A unique name to identify the CloudFront Origin Request Policy. | `string` | n/a | yes | | [description](#input\_description) | (Optional) The description of the origin request policy. | `string` | `"Managed by Terraform."` | no | -| [forwarding\_cookies](#input\_forwarding\_cookies) | (Optional) A configuration for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.
(Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.
(Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST`. |
object({
behavior = optional(string, "NONE")
items = optional(set(string), [])
})
| `{}` | no | -| [forwarding\_headers](#input\_forwarding\_headers) | (Optional) A configuration for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.
(Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.
(Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. |
object({
behavior = optional(string, "NONE")
items = optional(set(string), [])
})
| `{}` | no | -| [forwarding\_query\_strings](#input\_forwarding\_query\_strings) | (Optional) A configuration for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.
(Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.
(Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST`. |
object({
behavior = optional(string, "NONE")
items = optional(set(string), [])
})
| `{}` | no | +| [forwarding\_cookies](#input\_forwarding\_cookies) | (Optional) A configuration for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.
(Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`, `BLACKLIST`. Defaults to `NONE`.
(Optional) `items` - A list of cookie names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST`. |
object({
behavior = optional(string, "NONE")
items = optional(set(string), [])
})
| `{}` | no | +| [forwarding\_headers](#input\_forwarding\_headers) | (Optional) A configuration for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.
(Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.
(Optional) `items` - A list of header names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. |
object({
behavior = optional(string, "NONE")
items = optional(set(string), [])
})
| `{}` | no | +| [forwarding\_query\_strings](#input\_forwarding\_query\_strings) | (Optional) A configuration for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.
(Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.
(Optional) `items` - A list of query string names. It only takes effect when `behavior` are `WHITELIST`, `BLACKLIST`. |
object({
behavior = optional(string, "NONE")
items = optional(set(string), [])
})
| `{}` | no | ## Outputs diff --git a/modules/origin-request-policy/main.tf b/modules/origin-request-policy/main.tf index c708dcb..7c9780c 100644 --- a/modules/origin-request-policy/main.tf +++ b/modules/origin-request-policy/main.tf @@ -31,7 +31,7 @@ resource "aws_cloudfront_origin_request_policy" "this" { cookie_behavior = local.behaviors[var.forwarding_cookies.behavior] dynamic "cookies" { - for_each = contains(["WHITELIST"], var.forwarding_cookies.behavior) ? [var.forwarding_cookies] : [] + for_each = contains(["WHITELIST", "BLACKLIST"], var.forwarding_cookies.behavior) ? [var.forwarding_cookies] : [] content { items = cookies.value.items @@ -42,7 +42,7 @@ resource "aws_cloudfront_origin_request_policy" "this" { header_behavior = local.behaviors[var.forwarding_headers.behavior] dynamic "headers" { - for_each = contains(["WHITELIST", "ALL_VIEWER_AND_CLOUDFRONT_WHITELIST"], var.forwarding_headers.behavior) ? [var.forwarding_headers] : [] + for_each = contains(["WHITELIST", "BLACKLIST", "ALL_VIEWER_AND_CLOUDFRONT_WHITELIST"], var.forwarding_headers.behavior) ? [var.forwarding_headers] : [] content { items = headers.value.items @@ -53,7 +53,7 @@ resource "aws_cloudfront_origin_request_policy" "this" { query_string_behavior = local.behaviors[var.forwarding_query_strings.behavior] dynamic "query_strings" { - for_each = contains(["WHITELIST"], var.forwarding_query_strings.behavior) ? [var.forwarding_query_strings] : [] + for_each = contains(["WHITELIST", "BLACKLIST"], var.forwarding_query_strings.behavior) ? [var.forwarding_query_strings] : [] content { items = query_strings.value.items diff --git a/modules/origin-request-policy/variables.tf b/modules/origin-request-policy/variables.tf index 4217175..43f66e1 100644 --- a/modules/origin-request-policy/variables.tf +++ b/modules/origin-request-policy/variables.tf @@ -13,8 +13,8 @@ variable "description" { variable "forwarding_cookies" { description = < [terraform](#requirement\_terraform) | >= 1.5 | -| [aws](#requirement\_aws) | >= 4.22 | +| [terraform](#requirement\_terraform) | >= 1.6 | +| [aws](#requirement\_aws) | >= 5.19 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.19.0 | +| [aws](#provider\_aws) | 5.28.0 | ## Modules @@ -40,6 +40,7 @@ No modules. | [description](#input\_description) | (Optional) The description of the origin request policy. | `string` | `"Managed by Terraform."` | no | | [frame\_options\_header](#input\_frame\_options\_header) | (Optional) A configuration for `X-Frame-Options` header in HTTP responses sent from CloudFront. The `X-Frame-Options` HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a ``, `