| name |
The name of the CloudFront distribution |
string |
n/a |
yes |
| subdomain |
A DNS subdomain for this distribution |
string |
n/a |
yes |
| zone_id |
ID of the Route53 zone in which to create the subdomain record |
string |
n/a |
yes |
| additional_redirect_uris |
Additional login redirect URLs |
list(string) |
null |
no |
| aliases |
Extra CNAMEs (alternate domain names), if any, for this distribution |
list(string) |
[] |
no |
| allowed_methods |
Controls which HTTP methods CloudFront processes and forwards |
list(string) |
[ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] |
no |
| application_logo |
Relative path to the application logo image |
string |
null |
no |
| authentication |
Whether to protect the cloudfront distribution behind an Okta application |
bool |
false |
no |
| block_public_acls |
Whether Amazon S3 should block public ACLs for this bucket |
bool |
true |
no |
| block_public_policy |
Whether Amazon S3 should block public bucket policies for this bucket |
bool |
true |
no |
| bucket_lifecycle_rule |
List of maps containing lifecycle management configuration settings for this bucket |
any |
[] |
no |
| bucket_policy |
The bucket policy to merge with the Cloudfront permissions |
string |
null |
no |
| cached_methods |
Controls whether CloudFront caches the response to requests |
list(string) |
[ "GET", "HEAD" ] |
no |
| certificate_arn |
The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution |
string |
null |
no |
| comment |
Any comments you want to include about the distribution |
string |
null |
no |
| compress |
Whether you want CloudFront to automatically compress content for web requests |
bool |
false |
no |
| cookie_domain |
The domain to set the authentication cookie on |
string |
null |
no |
| cors_allowed_headers |
Specifies which headers are allowed |
list(string) |
[ "*" ] |
no |
| cors_allowed_methods |
Specifies which methods are allowed |
list(string) |
[ "GET" ] |
no |
| cors_allowed_origins |
Specifies which origins are allowed |
list(string) |
[] |
no |
| cors_expose_headers |
Specifies expose header in the response |
list(string) |
[ "ETag" ] |
no |
| cors_max_age_seconds |
Specifies time (in seconds) the browser can cache the response for a preflight request |
number |
3600 |
no |
| custom_error_response |
List of one or more custom error response elements |
list(object({ error_caching_min_ttl = string error_code = string response_code = string response_page_path = string })) |
[] |
no |
| default_root_object |
The object that you want CloudFront to return |
string |
"index.html" |
no |
| default_ttl |
Default amount of time (in seconds) that an object is in a CloudFront cache |
number |
3600 |
no |
| deployment_arn |
A resource ARN that can be used to deploy content to the origin bucket |
string |
null |
no |
| enabled |
Whether the distribution is enabled to accept requests for content |
bool |
true |
no |
| force_destroy |
A boolean indicating all resources (and their data) should be deleted on destroy |
bool |
false |
no |
| forward_cookies |
Specifies whether you want CloudFront to forward cookies |
string |
"none" |
no |
| forward_headers |
Specifies the headers you want CloudFront to vary upon for this cache behavior |
list(string) |
[ "Access-Control-Request-Headers", "Access-Control-Request-Method", "Origin" ] |
no |
| forward_query_strings |
Specifies whether you want CloudFront to forward query strings |
bool |
false |
no |
| geo_restriction_locations |
The country codes for which you want CloudFront to whitelist or blacklist your content |
list(string) |
null |
no |
| geo_restriction_type |
The method that you want to use to restrict distribution of your content by country |
string |
"none" |
no |
| hide_ios |
Do not display the Okta application icon to users on mobile app |
bool |
false |
no |
| hide_web |
Do not display the Okta application icon to users |
bool |
false |
no |
| ignore_public_acls |
Whether Amazon S3 should ignore public ACLs for this bucket |
bool |
true |
no |
| ipv6_enabled |
Whether IPv6 is enabled for the distribution |
bool |
false |
no |
| kms_key_arn |
The ARN of the KMS key used for all encryption: SSM SecureString parameters, Lambda CloudWatch log group, and S3 origin bucket |
string |
null |
no |
| lambda_function_association |
A config block that triggers a lambda function with specific actions |
list(object({ event_type = string include_body = bool lambda_arn = string })) |
[] |
no |
| logging |
Logging configuration, logging is disabled by default. |
object({ target_bucket = string target_prefix = string output_format = optional(string, "parquet") }) |
null |
no |
| login_uri_path |
Optional path to the login URL |
string |
null |
no |
| max_ttl |
Maximum amount of time (in seconds) that an object is in a CloudFront cache |
number |
86400 |
no |
| min_ttl |
Minimum amount of time that you want objects to stay in CloudFront caches |
number |
0 |
no |
| minimum_protocol_version |
The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections |
string |
"TLSv1.2_2021" |
no |
| okta_app_name |
The Okta OIDC application name |
string |
null |
no |
| okta_existing_app_id |
ID of an existing Okta application to use. If set, the module will not create a new Okta app. |
string |
null |
no |
| okta_existing_client_id |
Client ID of the existing Okta application. Required when okta_existing_app_id is set. |
string |
null |
no |
| okta_existing_client_secret |
Client secret of the existing Okta application. Required when okta_existing_app_id is set. |
string |
null |
no |
| okta_groups |
The default groups assigned to the Okta OIDC application |
list(string) |
[] |
no |
| okta_org_name |
The Okta organization for the OIDC application |
string |
null |
no |
| okta_spa |
Set to true if this is a single page web application |
bool |
false |
no |
| origin_path |
A path that CloudFront uses to request your content from a specific directory |
string |
"" |
no |
| permissions_boundary_arn |
ARN of the IAM permissions boundary policy for the authentication Lambda execution role |
string |
null |
no |
| price_class |
Price class for this distribution |
string |
"PriceClass_100" |
no |
| redirect_uri_path |
Path to the login redirect URL |
string |
"_callback" |
no |
| region |
The AWS region where resources will be created; if omitted the default provider region is used |
string |
null |
no |
| restrict_public_buckets |
Whether Amazon S3 should restrict public bucket policies for this bucket |
bool |
true |
no |
| tags |
A mapping of tags to assign to all resources |
map(string) |
{} |
no |
| use_regional_endpoint |
Whether to use a regional instead of the global endpoint address |
bool |
false |
no |
| viewer_protocol_policy |
Use this element to specify the protocol that users can use to access the files |
string |
"redirect-to-https" |
no |
| wait_for_deployment |
Whether to wait for the deployment of the CloudFront Distribution to be complete |
bool |
true |
no |