Name | Version |
---|---|
terraform | >= 0.13 |
aws | >= 4.0.0 |
okta | >= 4.0.0 |
Name | Version |
---|---|
aws | >= 4.0.0 |
aws.cloudfront | >= 4.0.0 |
okta | >= 4.0.0 |
tls | n/a |
Name | Source | Version |
---|---|---|
authentication | github.com/schubergphilis/terraform-aws-mcaf-lambda | v0.3.3 |
origin_bucket | github.com/schubergphilis/terraform-aws-mcaf-s3 | v0.10.1 |
Name | Type |
---|---|
aws_acm_certificate.default | resource |
aws_acm_certificate_validation.default | resource |
aws_cloudfront_distribution.default | resource |
aws_cloudfront_origin_access_identity.default | resource |
aws_route53_record.cloudfront | resource |
aws_route53_record.validation | resource |
aws_ssm_parameter.client_id | resource |
aws_ssm_parameter.client_secret | resource |
aws_ssm_parameter.cookie_domain | resource |
aws_ssm_parameter.okta_org_name | resource |
aws_ssm_parameter.private_key | resource |
aws_ssm_parameter.public_key | resource |
aws_ssm_parameter.redirect_uri | resource |
okta_app_group_assignments.default | resource |
okta_app_oauth.default | resource |
tls_private_key.default | resource |
aws_iam_policy_document.authentication | data source |
aws_iam_policy_document.origin_bucket | data source |
aws_region.current | data source |
aws_route53_zone.current | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
name | The name of the CloudFront distribution | string |
n/a | yes |
subdomain | A DNS subdomain for this distribution | string |
n/a | yes |
tags | A mapping of tags to assign to all resources | map(string) |
n/a | yes |
zone_id | ID of the Route53 zone in which to create the subdomain record | string |
n/a | yes |
additional_redirect_uris | Additional login redirect URLs | list(string) |
null |
no |
aliases | Extra CNAMEs (alternate domain names), if any, for this distribution | list(string) |
[] |
no |
allowed_methods | Controls which HTTP methods CloudFront processes and forwards | list(string) |
[ |
no |
application_logo | Relative path to the application logo image | string |
null |
no |
authentication | Whether to protect the cloudfront distribution behind an Okta application | bool |
false |
no |
block_public_acls | Whether Amazon S3 should block public ACLs for this bucket | bool |
true |
no |
block_public_policy | Whether Amazon S3 should block public bucket policies for this bucket | bool |
true |
no |
bucket_lifecycle_rule | List of maps containing lifecycle management configuration settings for this bucket | any |
[] |
no |
bucket_policy | The bucket policy to merge with the Cloudfront permissions | string |
null |
no |
cached_methods | Controls whether CloudFront caches the response to requests | list(string) |
[ |
no |
certificate_arn | The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution | string |
null |
no |
comment | Any comments you want to include about the distribution | string |
null |
no |
compress | Whether you want CloudFront to automatically compress content for web requests | bool |
false |
no |
cookie_domain | The domain to set the authentication cookie on | string |
null |
no |
cors_allowed_headers | Specifies which headers are allowed | list(string) |
[ |
no |
cors_allowed_methods | Specifies which methods are allowed | list(string) |
[ |
no |
cors_allowed_origins | Specifies which origins are allowed | list(string) |
[] |
no |
cors_expose_headers | Specifies expose header in the response | list(string) |
[ |
no |
cors_max_age_seconds | Specifies time (in seconds) the browser can cache the response for a preflight request | number |
3600 |
no |
custom_error_response | List of one or more custom error response elements | list(object({ |
[] |
no |
default_root_object | The object that you want CloudFront to return | string |
"index.html" |
no |
default_ttl | Default amount of time (in seconds) that an object is in a CloudFront cache | number |
3600 |
no |
deployment_arn | A resource ARN that can be used to deploy content to the origin bucket | string |
null |
no |
enabled | Whether the distribution is enabled to accept requests for content | bool |
true |
no |
force_destroy | A boolean indicating all resources (and their data) should be deleted on destroy | bool |
false |
no |
forward_cookies | Specifies whether you want CloudFront to forward cookies | string |
"none" |
no |
forward_headers | Specifies the headers you want CloudFront to vary upon for this cache behavior | list(string) |
[ |
no |
forward_query_strings | Specifies whether you want CloudFront to forward query strings | bool |
false |
no |
geo_restriction_locations | The country codes for which you want CloudFront to whitelist or blacklist your content | list(string) |
null |
no |
geo_restriction_type | The method that you want to use to restrict distribution of your content by country | string |
"none" |
no |
hide_ios | Do not display the Okta application icon to users on mobile app | bool |
false |
no |
hide_web | Do not display the Okta application icon to users | bool |
false |
no |
ignore_public_acls | Whether Amazon S3 should ignore public ACLs for this bucket | bool |
true |
no |
ipv6_enabled | Whether IPv6 is enabled for the distribution | bool |
false |
no |
lambda_function_association | A config block that triggers a lambda function with specific actions | list(object({ |
[] |
no |
logging | Enables logging for this distribution | bool |
true |
no |
login_uri_path | Optional path to the login URL | string |
null |
no |
max_ttl | Maximum amount of time (in seconds) that an object is in a CloudFront cache | number |
86400 |
no |
min_ttl | Minimum amount of time that you want objects to stay in CloudFront caches | number |
0 |
no |
minimum_protocol_version | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections | string |
"TLSv1.2_2018" |
no |
okta_app_name | The Okta OIDC application name | string |
null |
no |
okta_groups | The default groups assigned to the Okta OIDC application | list(string) |
[] |
no |
okta_org_name | The Okta organization for the OIDC application | string |
null |
no |
okta_spa | Set to true if this is a single page web application | bool |
false |
no |
origin_path | A path that CloudFront uses to request your content from a specific directory | string |
"" |
no |
price_class | Price class for this distribution | string |
"PriceClass_100" |
no |
redirect_uri_path | Path to the login redirect URL | string |
"_callback" |
no |
restrict_public_buckets | Whether Amazon S3 should restrict public bucket policies for this bucket | bool |
true |
no |
use_regional_endpoint | Whether to use a regional instead of the global endpoint address | bool |
false |
no |
viewer_protocol_policy | Use this element to specify the protocol that users can use to access the files | string |
"redirect-to-https" |
no |
wait_for_deployment | Whether to wait for the deployment of the CloudFront Distribution to be complete | bool |
true |
no |
Name | Description |
---|---|
application_fqdn | Custom FQDN pointing to the distributed application |
arn | ARN of the CloudFront distribution |
bucket_arn | ARN of the origin bucket |
bucket_name | Name of the origin bucket |
distribution_fqdn | FQDN pointing to the distribution |
etag | Current version of the distribution's information |
id | ID of the CloudFront distribution |
jwt_public_key | The JWT public key |
okta_client_id | Okta App Client ID |
status | Current status of the distribution |