-
Notifications
You must be signed in to change notification settings - Fork 513
/
Copy pathvariables.tf
122 lines (98 loc) · 4.44 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
variable "site_domain" {
description = "Domain on which the reverse proxy will be made available (e.g. `\"www.example.com\"`)"
}
variable "name_prefix" {
description = "Name prefix to use for objects that need to be created (only lowercase alphanumeric characters and hyphens allowed, for S3 bucket name compatibility)"
default = "aws-reverse-proxy---"
}
variable "comment_prefix" {
description = "This will be included in comments for resources that are created"
default = "Reverse proxy: "
}
variable "origin_url" {
description = "Base URL for proxy upstream site (e.g. `\"https://example.com/\"`)"
}
variable "cloudfront_price_class" {
description = "CloudFront price class to use (`100`, `200` or `\"All\"`, see https://aws.amazon.com/cloudfront/pricing/)"
default = 100
}
variable "viewer_https_only" {
description = "Set this to `false` if you need to support insecure HTTP access for clients, in addition to HTTPS"
default = true
}
variable "cache_ttl_override" {
description = "When >= 0, override the cache behaviour for ALL objects in the origin, so that they stay in the CloudFront cache for this amount of seconds"
default = -1
}
variable "default_root_object" {
description = "The object to return when the root URL is requested"
default = ""
}
variable "add_response_headers" {
description = "Map of HTTP headers (if any) to add to outgoing responses before sending them to clients"
type = "map"
default = {
"Strict-Transport-Security" = "max-age=31557600; preload" # i.e. 1 year (in seconds)
}
}
variable "origin_custom_header_name" {
description = "Name of a custom header to send to the origin; this can be used to convey an authentication header to the origin, for example"
# Unfortunately, since Terraform doesn't allow conditional inline blocks (yet), we need to ALWAYS have SOME header here.
# This default one will be sent if a custom one isn't defined, but it's assumed to be harmless.
default = "X-Custom-Origin-Header"
}
variable "origin_custom_header_value" {
description = "Value of a custom header to send to the origin; see `origin_custom_header_name`"
default = ""
}
variable "origin_custom_port" {
description = "When > 0, use this port for communication with the origin server, instead of relevant standard port"
default = 0
}
variable "override_response_status" {
description = "When this and the other `override_response_*` variables are non-empty, skip sending the request to the origin altogether, and instead respond as instructed here"
default = ""
}
variable "override_response_status_description" {
description = "Same as `override_response_status`"
default = ""
}
variable "override_response_body" {
description = "Same as `override_response_status`"
default = ""
}
variable "basic_auth_username" {
description = "When non-empty, require this username with HTTP Basic Auth"
default = ""
}
variable "basic_auth_password" {
description = "When non-empty, require this password with HTTP Basic Auth"
default = ""
}
variable "basic_auth_realm" {
description = "When using HTTP Basic Auth, this will be displayed by the browser in the auth prompt"
default = "Authentication Required"
}
variable "basic_auth_body" {
description = "When using HTTP Basic Auth, and authentication has failed, this will be displayed by the browser as the page content"
default = "Unauthorized"
}
variable "lambda_logging_enabled" {
description = "When true, writes information about incoming requests to the Lambda function's CloudWatch group"
default = false
}
variable "tags" {
description = "AWS Tags to add to all resources created (where possible); see https://aws.amazon.com/answers/account-management/aws-tagging-strategies/"
type = "map"
default = {}
}
locals {
prefix_with_domain = "${var.name_prefix}${replace("${var.site_domain}", "/[^a-z0-9-]+/", "-")}" # only lowercase alphanumeric characters and hyphens are allowed in S3 bucket names
error_ttl = "${var.cache_ttl_override >= 0 ? var.cache_ttl_override : 0}"
}
# Because CloudFront origins expect the URL to be provided as components, we need to do a bit of URL "parsing"
locals {
url_protocol = "${replace("${var.origin_url}", "/^(?:(\\w+):\\/\\/).*/", "$1")}"
url_hostname = "${replace("${var.origin_url}", "/^(?:\\w+:\\/\\/)?([^/]+).*/", "$1")}"
url_path = "${replace("${var.origin_url}", "/^(?:\\w+:\\/\\/)?[^/]+(?:\\/(.*)|$)/", "$1")}"
}