From a8aa18d7b9c1c542739780a6ec99b3cef43731ba Mon Sep 17 00:00:00 2001
From: mschfh <37435502+mschfh@users.noreply.github.com>
Date: Tue, 26 Mar 2024 11:59:46 -0500
Subject: [PATCH] Add support for realtime log config to ordered_cache (#295)
---
README.md | 2 +-
docs/terraform.md | 2 +-
main.tf | 1 +
variables.tf | 1 +
4 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 764d0048..0c69a4de 100644
--- a/README.md
+++ b/README.md
@@ -521,7 +521,7 @@ Available targets:
| [minimum\_protocol\_version](#input\_minimum\_protocol\_version) | Cloudfront TLS minimum protocol version.
If `var.acm_certificate_arn` is unset, only "TLSv1" can be specified. See: [AWS Cloudfront create-distribution documentation](https://docs.aws.amazon.com/cli/latest/reference/cloudfront/create-distribution.html)
and [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers) for more information.
Defaults to "TLSv1.2\_2019" unless `var.acm_certificate_arn` is unset, in which case it defaults to `TLSv1` | `string` | `""` | no |
| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
-| [ordered\_cache](#input\_ordered\_cache) | An ordered list of [cache behaviors](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#cache-behavior-arguments) resource for this distribution.
List in order of precedence (first match wins). This is in addition to the default cache policy.
Set `target_origin_id` to `""` to specify the S3 bucket origin created by this module. | list(object({
target_origin_id = string
path_pattern = string
allowed_methods = list(string)
cached_methods = list(string)
compress = bool
trusted_signers = list(string)
trusted_key_groups = list(string)
cache_policy_id = string
origin_request_policy_id = string
viewer_protocol_policy = string
min_ttl = number
default_ttl = number
max_ttl = number
response_headers_policy_id = string
forward_query_string = bool
forward_header_values = list(string)
forward_cookies = string
forward_cookies_whitelisted_names = list(string)
lambda_function_association = list(object({
event_type = string
include_body = bool
lambda_arn = string
}))
function_association = list(object({
event_type = string
function_arn = string
}))
})) | `[]` | no |
+| [ordered\_cache](#input\_ordered\_cache) | An ordered list of [cache behaviors](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#cache-behavior-arguments) resource for this distribution.
List in order of precedence (first match wins). This is in addition to the default cache policy.
Set `target_origin_id` to `""` to specify the S3 bucket origin created by this module. | list(object({
target_origin_id = string
path_pattern = string
allowed_methods = list(string)
cached_methods = list(string)
compress = bool
trusted_signers = list(string)
trusted_key_groups = list(string)
cache_policy_id = string
origin_request_policy_id = string
realtime_log_config_arn = optional(string)
viewer_protocol_policy = string
min_ttl = number
default_ttl = number
max_ttl = number
response_headers_policy_id = string
forward_query_string = bool
forward_header_values = list(string)
forward_cookies = string
forward_cookies_whitelisted_names = list(string)
lambda_function_association = list(object({
event_type = string
include_body = bool
lambda_arn = string
}))
function_association = list(object({
event_type = string
function_arn = string
}))
})) | `[]` | no |
| [origin\_bucket](#input\_origin\_bucket) | Name of an existing S3 bucket to use as the origin. If this is not provided, it will create a new s3 bucket using `var.name` and other context related inputs | `string` | `null` | no |
| [origin\_force\_destroy](#input\_origin\_force\_destroy) | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`) | `bool` | `false` | no |
| [origin\_groups](#input\_origin\_groups) | List of [Origin Groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#origin-group-arguments) to create in the distribution.
The values of `primary_origin_id` and `failover_origin_id` must correspond to origin IDs existing in `var.s3_origins` or `var.custom_origins`.
If `primary_origin_id` is set to `null` or `""`, then the origin id of the origin created by this module will be used in its place.
This is to allow for the use case of making the origin created by this module the primary origin in an origin group. | list(object({
primary_origin_id = string
failover_origin_id = string
failover_criteria = list(string)
})) | `[]` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index d4f2f718..348617a3 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -128,7 +128,7 @@
| [minimum\_protocol\_version](#input\_minimum\_protocol\_version) | Cloudfront TLS minimum protocol version.
If `var.acm_certificate_arn` is unset, only "TLSv1" can be specified. See: [AWS Cloudfront create-distribution documentation](https://docs.aws.amazon.com/cli/latest/reference/cloudfront/create-distribution.html)
and [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers) for more information.
Defaults to "TLSv1.2\_2019" unless `var.acm_certificate_arn` is unset, in which case it defaults to `TLSv1` | `string` | `""` | no |
| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
-| [ordered\_cache](#input\_ordered\_cache) | An ordered list of [cache behaviors](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#cache-behavior-arguments) resource for this distribution.
List in order of precedence (first match wins). This is in addition to the default cache policy.
Set `target_origin_id` to `""` to specify the S3 bucket origin created by this module. | list(object({
target_origin_id = string
path_pattern = string
allowed_methods = list(string)
cached_methods = list(string)
compress = bool
trusted_signers = list(string)
trusted_key_groups = list(string)
cache_policy_id = string
origin_request_policy_id = string
viewer_protocol_policy = string
min_ttl = number
default_ttl = number
max_ttl = number
response_headers_policy_id = string
forward_query_string = bool
forward_header_values = list(string)
forward_cookies = string
forward_cookies_whitelisted_names = list(string)
lambda_function_association = list(object({
event_type = string
include_body = bool
lambda_arn = string
}))
function_association = list(object({
event_type = string
function_arn = string
}))
})) | `[]` | no |
+| [ordered\_cache](#input\_ordered\_cache) | An ordered list of [cache behaviors](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#cache-behavior-arguments) resource for this distribution.
List in order of precedence (first match wins). This is in addition to the default cache policy.
Set `target_origin_id` to `""` to specify the S3 bucket origin created by this module. | list(object({
target_origin_id = string
path_pattern = string
allowed_methods = list(string)
cached_methods = list(string)
compress = bool
trusted_signers = list(string)
trusted_key_groups = list(string)
cache_policy_id = string
origin_request_policy_id = string
realtime_log_config_arn = optional(string)
viewer_protocol_policy = string
min_ttl = number
default_ttl = number
max_ttl = number
response_headers_policy_id = string
forward_query_string = bool
forward_header_values = list(string)
forward_cookies = string
forward_cookies_whitelisted_names = list(string)
lambda_function_association = list(object({
event_type = string
include_body = bool
lambda_arn = string
}))
function_association = list(object({
event_type = string
function_arn = string
}))
})) | `[]` | no |
| [origin\_bucket](#input\_origin\_bucket) | Name of an existing S3 bucket to use as the origin. If this is not provided, it will create a new s3 bucket using `var.name` and other context related inputs | `string` | `null` | no |
| [origin\_force\_destroy](#input\_origin\_force\_destroy) | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`) | `bool` | `false` | no |
| [origin\_groups](#input\_origin\_groups) | List of [Origin Groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#origin-group-arguments) to create in the distribution.
The values of `primary_origin_id` and `failover_origin_id` must correspond to origin IDs existing in `var.s3_origins` or `var.custom_origins`.
If `primary_origin_id` is set to `null` or `""`, then the origin id of the origin created by this module will be used in its place.
This is to allow for the use case of making the origin created by this module the primary origin in an origin group. | list(object({
primary_origin_id = string
failover_origin_id = string
failover_criteria = list(string)
})) | `[]` | no |
diff --git a/main.tf b/main.tf
index 301b0613..68497c19 100644
--- a/main.tf
+++ b/main.tf
@@ -605,6 +605,7 @@ resource "aws_cloudfront_distribution" "default" {
cache_policy_id = ordered_cache_behavior.value.cache_policy_id
origin_request_policy_id = ordered_cache_behavior.value.origin_request_policy_id
+ realtime_log_config_arn = ordered_cache_behavior.value.realtime_log_config_arn
dynamic "forwarded_values" {
# If a cache policy or origin request policy is specified, we cannot include a `forwarded_values` block at all in the API request
diff --git a/variables.tf b/variables.tf
index 8eb42800..7b631987 100644
--- a/variables.tf
+++ b/variables.tf
@@ -393,6 +393,7 @@ variable "ordered_cache" {
cache_policy_id = string
origin_request_policy_id = string
+ realtime_log_config_arn = optional(string)
viewer_protocol_policy = string
min_ttl = number