This terraform module is an AWS ECS Application Module (frontend component).
It’s designed to be used with DNXLabs/terraform-aws-ecs
(https://github.com/DNXLabs/terraform-aws-ecs). and DNXLabs/terraform-aws-ecs-app
(https://github.com/DNXLabs/terraform-aws-ecs-app).
The following resources will be created:
In addition you have the option to create or not:
NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id),and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.
Name | Version |
---|---|
terraform | >= 1.3.0 |
aws | >= 3.0.0 |
Name | Version |
---|---|
aws | >= 3.0.0 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
alarm_cloudfront_500_errors_threshold | Cloudfront 500 Errors rate threshold (use 0 to disable this alarm) | number |
5 |
no |
alarm_prefix | String prefix for cloudwatch alarms. (Optional) | string |
"alarm" |
no |
alarm_sns_topics_us | Alarm topics to create and alert on metrics on US region | list(string) |
[] |
no |
alb_cloudfront_key | Key generated by terraform-aws-ecs module to allow ALB connection from CloudFront | string |
n/a | yes |
alb_dns_name | ALB DNS Name that CloudFront will point as origin | string |
n/a | yes |
certificate_arn | Certificate for this app to use in CloudFront (US), must cover hostname . |
string |
n/a | yes |
cloudfront_forward_headers | Headers to forward to origin from CloudFront | list(string) |
<pre>[ “*“ ]</pre> |
no |
cloudfront_logging_bucket | Bucket to store logs from app | string |
null |
no |
cloudfront_logging_prefix | Logging prefix | string |
"" |
no |
cloudfront_origin_keepalive_timeout | The amount of time, in seconds, that CloudFront maintains an idle connection with a custom origin server before closing the connection. Valid values are from 1 to 60 seconds. | number |
5 |
no |
cloudfront_origin_read_timeout | The amount of time, in seconds, that CloudFront waits for a response from a custom origin. The value applies both to the time that CloudFront waits for an initial response and the time that CloudFront waits for each subsequent packet. Valid values are from 4 to 60 seconds. | number |
30 |
no |
dynamic_custom_error_response | One or more custom error response elements (multiples allowed) | <pre>list(object({ error_code = optional(number) response_code = optional(number) response_page_path = optional(string) }))</pre> |
[] |
no |
dynamic_custom_origin_config | Configuration for the custom origin config to be used in dynamic block | any |
[] |
no |
dynamic_ordered_cache_behavior | Ordered Cache Behaviors to be used in dynamic block | any |
[] |
no |
hosted_zone | Existing Hosted Zone domain to add hostnames as DNS records | string |
n/a | yes |
hostname_create | Create hostnames in the hosted zone passed? | bool |
true |
no |
hostnames | Hostnames to create DNS record for this app that the cloudfront distribution will accept | list(string) |
n/a | yes |
iam_certificate_id | Specifies IAM certificate id for CloudFront distribution | string |
null |
no |
minimum_protocol_version | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1.2_2018. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified. |
string |
"TLSv1.2_2018" |
no |
name | Name of your ECS service | string |
n/a | yes |
record_type | Type of the record to create on Route53 | string |
"CNAME" |
no |
restriction_location | The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist) | list(any) |
[] |
no |
restriction_type | The restriction type of your CloudFront distribution geolocation restriction. Options include none, whitelist, blacklist | string |
"none" |
no |
waf_cloudfront_enable | Enable WAF for Cloudfront distribution | bool |
false |
no |
wafv2_managed_block_rule_groups | List of WAF V2 managed rule groups, set to block | list(string) |
[] |
no |
wafv2_managed_rule_groups | List of WAF V2 managed rule groups, set to count | list(string) |
<pre>[ “AWSManagedRulesCommonRuleSet” ]</pre> |
no |
wafv2_rate_limit_rule | The limit on requests per 5-minute period for a single originating IP address (leave 0 to disable) | number |
0 |
no |
Name | Description |
---|---|
aws_cloudfront_origin_access_identity | Define cloudfront origin access identity |
cloudfront_distribution_hostname | The hostname of the CloudFront Distribution (use for DNS CNAME). |
cloudfront_distribution_id | The ID of the CloudFront Distribution. |
cloudfront_zone_id | The Zone ID of the CloudFront Distribution (use for DNS Alias). |
Module managed by DNX Solutions.
Apache 2 Licensed. See LICENSE for full details.