Skip to content

Releases: cloudposse/terraform-aws-cloudfront-s3-cdn

v2.1.1

Choose a tag to compare

@cloudposse-releaser cloudposse-releaser released this 20 May 13:06
feat: Enable additional CloudFront real-time metrics Jakub Wądołowski (@jwadolowski) (#372) ## what

Add additional_metrics_enabled variable (default: false for backwards compatibility) that provisions an aws_cloudfront_monitoring_subscription resource when enabled.

why

Not all CloudFront metrics are enabled by default. Some (4xx/5xx error rates by HTTP status code, origin latency, and cache hit rate) are hidden behind a monitoring subscription. This adds a convenient switch to enable them when needed.

The realtime_metrics_subscription_status value could have been derived from var.additional_metrics_enabled, but that would introduce an unexpected resource change across all existing deployments.

references

A complementary PR to cloudposse/terraform-aws-cloudfront-cdn#162

docs: web acl id can be an ARN for newer WAFs yangci (@oycyc) (#349) As per the AWS provider docs. Updating description here so consumers don't get confused why WAF association fails when providing the ID.

ID or ARN of the AWS WAF web ACL that is associated with the distribution. NOTE: If using the latest version of WAF (WAFv2), be sure to use the ARN. If using WAF Classic, use the ID. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#web_acl_id-3

image

v2.1.0

Choose a tag to compare

@cloudposse-releaser cloudposse-releaser released this 19 Feb 20:19
feat: Add `response_completion_timeout` support Jakub Wądołowski (@jwadolowski) (#369) ## what
  • Add support for response_completion_timeout argument (announced by AWS in July 2025 and implemented in the 6.13.0 version of the AWS provider)
  • Bump the minimum provider version to >= 6.13.0

why

Allows configuring response_completion_timeout for CloudFront origins.

references

v2.0.0

Choose a tag to compare

@cloudposse-releaser cloudposse-releaser released this 16 Jan 12:40
442e7c1
chore: fix "name" deprecation for aws_region data source Morre (@morremeyer) (#363)

what

This fixes the deprecation of the "name" attribute for the aws_region data source, adding a fallback for provider versions < 6.0.0.

why

To get rid of the deprecation notice and prepare for provider version 7.

references

Resolves #361.

v1.1.1

Choose a tag to compare

@cloudposse-releaser cloudposse-releaser released this 09 Jan 14:35
12c1ee5
docs: clarify distribution comment is the description yangci (@oycyc) (#353) image image

The comment corresponds to the description on the AWS console UI! Updating the text here so it's more easily aware.

Generate readme for submodules Igor Rodionov (@goruha) (#362) ## what * Generate readme for submodules

why

  • Allow all to keep the README updated

references

v1.1.0

Choose a tag to compare

@cloudposse-releaser cloudposse-releaser released this 23 Oct 15:44
75944e9
fix: error: No more than 1 "s3_origin_config" blocks are allowed Eyjafjallajokull (#359) ## what
  • Fixed No more than 1 s3_origin_config blocks are allowed error when using multiple S3 origins with origin access identity enabled
  • Changed for_each from iterating over var.s3_origins to using [1] to create a single s3_origin_config block

why

  • AWS CloudFront only allows one s3_origin_config block per origin
  • The previous implementation incorrectly created multiple blocks when multiple S3 origins were configured

references

fixes #325

to reproduce error

  1. in examples/complete/main.tf#L102 replace origin_access_control with origin_access_identity
    https://github.com/Eyjafjallajokull/terraform-aws-cloudfront-s3-cdn/blob/96703043867c986ff3fc1550448118111a9f5659/examples/complete/main.tf#L102
  2. terraform plan fails with the above error.

v1.0.1

Choose a tag to compare

@cloudposse-releaser cloudposse-releaser released this 10 Sep 17:44
31cc5d7

🚀 Enhancements

fix: Resolve unsupported attribute error in S3 website block Jakub Wądołowski (@jwadolowski) (#358) ## what

Restore lookup() calls in main.tf to address the website_enabled = true use case that was broken when #340 replaced them with explicit variable calls to avoid silent default value assignments. Additionally includes corresponding module instances in the test suite.

why

website_enabled = true implies a reference to 2 mutually exclusive configurations defined as the local.website_config variable. In the default case, index_document, error_document, and routing_rules elements exist, but redirect_all_requests_to does not, which leads to the following error:

╷
│ Error: Unsupported attribute
│
│   on ../../main.tf line 325, in resource "aws_s3_bucket" "origin":
│  325:       redirect_all_requests_to = website.value.redirect_all_requests_to
│     ├────────────────
│     │ website.value is object with 3 attributes
│
│ This object does not have an attribute named "redirect_all_requests_to".
╵

Similarly, website_enabled = true combined with redirect_all_requests_to = "https://example.com" would result in missing references to the index_document, error_document, and routing_rules fields.

All in all, in this particular case, the lookup() usage is definitely justified and does not mean a silent/hidden injection of a variable default.

references

v0.98.2

Choose a tag to compare

@cloudposse-releaser cloudposse-releaser released this 18 Aug 09:26

🤖 Automatic Updates

chore(deps): update terraform cloudposse/s3-log-storage/aws to v1.4.5 (release/v0) @[renovate[bot]](https://github.com/apps/renovate) (#351) This PR contains the following updates:
Package Type Update Change
cloudposse/s3-log-storage/aws (source) module patch 1.4.2 -> 1.4.5

Release Notes

cloudposse/terraform-aws-s3-log-storage (cloudposse/s3-log-storage/aws)

v1.4.5

Compare Source

🚀 Enhancements

fix: remove join calls on bucket arn + id usage @​carterdanko-dw (#​125)

what

  • Initially put the wrong values for coditions, just needs to be a list
  • Bucket should be single resource vs joining on a list.

references

issue #122

🐛 Bug Fixes

fix: remove join calls on bucket arn + id usage @​carterdanko-dw (#​125)

what

  • Initially put the wrong values for coditions, just needs to be a list
  • Bucket should be single resource vs joining on a list.

references

issue #122

v1.4.4

Compare Source

🚀 Enhancements

Issue-122/Values expect list of strings vs string @​carterdanko-dw (#​123)

what

Updating the sqs iam permissions, as the values expects to be a list of strings vs just the single string arn that is the output of the module.

why

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam\_policy\_document#condition-1 expects to be a list of strings, vs just the single string arn of the s3 bucket.

references

Github issue #​122

🐛 Bug Fixes

Issue-122/Values expect list of strings vs string @​carterdanko-dw (#​123)

what

Updating the sqs iam permissions, as the values expects to be a list of strings vs just the single string arn that is the output of the module.

why

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam\_policy\_document#condition-1 expects to be a list of strings, vs just the single string arn of the s3 bucket.

references

Github issue #​122

🤖 Automatic Updates

Migrate new test account @​osterman (#​119)

what

  • Update .github/settings.yml
  • Update .github/chatops.yml files

why

  • Re-apply .github/settings.yml from org level to get terratest environment
  • Migrate to new test account

References

  • DEV-388 Automate clean up of test account in new organization
  • DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
  • DEV-386 Update terratest to use new testing account with GitHub OIDC
Update .github/settings.yml @​osterman (#​118)

what

  • Update .github/settings.yml
  • Drop .github/auto-release.yml files

why

  • Re-apply .github/settings.yml from org level
  • Use organization level auto-release settings

references

  • DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update .github/settings.yml @​osterman (#​112)

what

  • Update .github/settings.yml
  • Drop .github/auto-release.yml files

why

  • Re-apply .github/settings.yml from org level
  • Use organization level auto-release settings

references

  • DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update .github/settings.yml @​osterman (#​111)

what

  • Update .github/settings.yml
  • Drop .github/auto-release.yml files

why

  • Re-apply .github/settings.yml from org level
  • Use organization level auto-release settings

references

  • DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update release workflow to allow pull-requests: write @​osterman (#​110)

what

  • Update workflow (.github/workflows/release.yaml) to have permission to comment on PR

why

  • So we can support commenting on PRs with a link to the release
Update GitHub Workflows to use shared workflows from '.github' repo @​osterman (#​109)

what

  • Update workflows (.github/workflows) to use shared workflows from .github repo

why

  • Reduce nested levels of reusable workflows
Update GitHub Workflows to Fix ReviewDog TFLint Action @​osterman (#​108)

what

  • Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action

why

  • The ReviewDog action will comment with line-level suggestions based on linting failures
Update GitHub workflows @​osterman (#​107)

what

  • Update workflows (.github/workflows/settings.yaml)

why

  • Support new readme generation workflow.
  • Generate banners
Use GitHub Action Workflows from `cloudposse/.github` Repo @​osterman (#​106)

what

  • Install latest GitHub Action Workflows

why

  • Use shared workflows from cldouposse/.github repository
  • Simplify management of workflows from centralized hub of configuration
Add GitHub Settings @​osterman (#​104)

what

  • Install a repository config (.github/settings.yaml)

why

  • Programmatically manage GitHub repo settings
Update README.md and docs @​cloudpossebot (#​99)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update Scaffolding @​osterman (#​100)

what

  • Reran make readme to rebuild README.md from README.yaml
  • Migrate to square badges
  • Add scaffolding for repo settings and Mergify

why

  • Upstream template changed in the .github repo
  • Work better with repository rulesets
  • Modernize look & feel

v1.4.3

Compare Source

🤖 Automatic Updates

Update Terraform cloudposse/s3-bucket/aws to v3.1.3 (main) @​renovate (#​95)

This PR contains the following updates:

Package Type Update Change
cloudposse/s3-bucket/aws (source) module patch 3.1.2 -> 3.1.3

Release Notes
cloudposse/terraform-aws-s3-bucket (cloudposse/s3-bucket/aws)
v3.1.3

Compare Source

Unfortunately, this change makes count unknown at plan time in certain situations. In general, you cannot use the output of compact() in count.

The solution is to stop using the deprecated policy input and revert to 3.1.2 or upgrade to 4.0.

🚀 Enhancements
Fix `source_policy_documents` combined with `var.policy` being ignored @​&#​8203;johncblandii (#&#​8203;201)
what
  • Changed var.source_policy_documents to local.source_policy_documents so var.policy usage was still supported
why
  • The ternary check uses var,source_policy_documents so var.policy being combined with var.source_policy_documents into local.source_policy_documents does not provide true for the ternary to execute
references

Update README.md and docs @​cloudpossebot (#​94)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the [repository job log](https://develo...

Read more

v1.0.0

Choose a tag to compare

@cloudposse-releaser cloudposse-releaser released this 11 Aug 14:40
feat: Backport cloudposse/cloudfront-cdn/aws improvements Jakub Wądołowski (@jwadolowski) (#340) ## what

Backport of the following cloudposse/terraform-aws-cloudfront-cdn improvements:

Detailed breakdown:

  • aws_s3_bucket_cors_configuration is deployed only when at least one CORS origin is defined (examples/complete/minimal.tf fails if this isn't handled)
  • don't use lookup() (or any other default variable value fallback method) - all defaults should be defined in the variables.tf file
  • wrap optional variables with optional() and provide sane defaults (in most cases that'd be empty string/list/null or predefined AWS default when applicable, e.g. timeout values)
  • default origin
    • add origin_keepalive_timeout and origin_read_timeout
  • custom origin improvements
    • enable shield configuration
  • custom s3 origins
    • allow for shield configuration
    • fix origin_access_control_id assignment (origin.value.s3_origin_config.origin_access_control_id doesn't exist, but origin.value.origin_access_control_id does)
  • ordered cache improvements
    • gRPC support
  • cookie block should set whitelisted_names param only when forward=whitelist (in all other cases, all and none, the whitelisted_names is automatically set to null)

why

Both CloudPosse CDN modules should stay in sync (feature-wise) and leverage the same set of improvements.

references

  • includes #347 to re-generate docs after changes. #347 should get merged first

v0.98.1

Choose a tag to compare

@cloudposse-releaser cloudposse-releaser released this 24 Jul 00:11
879e6ec
fix(lambda@edge): Add support for doc auto-generation with atmos Jakub Wądołowski (@jwadolowski) (#347) ## what

README.md generation support with atmos CLI.

why

#342 replaced Makefile with atmos.yaml for the main module, but Lambda@Edge submodule got overlooked.

references

🤖 Automatic Updates

Fix go version in tests Erik Osterman (Cloud Posse) (@osterman) (#343) ## what - Update go `1.24`

why

  • Error loading shared library libresolv.so.2 in Go 1.20

References

Replace Makefile with atmos.yaml Erik Osterman (Cloud Posse) (@osterman) (#342) ## what - Remove `Makefile` - Add `atmos.yaml`

why

  • Replace build-harness with atmos for readme genration

References

  • DEV-3229 Migrate from build-harness to atmos

v0.98.0

Choose a tag to compare

@cloudposse-releaser cloudposse-releaser released this 31 May 15:35
fix: terratest w/ go updates yangci (@oycyc) (#337) Not familiar with how Go works, but following the suggestions to update packages looks to fix the tests in this repository!

The commands I executed per Nuru (@Nuru) 's suggestion on Slack:

cd test/src
go get -u ./... [github.com/gruntwork-io/terratest](http://github.com/gruntwork-io/terratest) [github.com/stretchr/testify](http://github.com/stretchr/testify) go@1.23
go mod tidy

image

Slack thread here on CloudPosse: https://sweetops.slack.com/archives/G014YEKDH4K/p1748635698940509?thread_ts=1746672149.263629&cid=G014YEKDH4K

🚀 Enhancements

replace TLSv1.2_2019 with TLSv1.2_2021 as default policy James Mitchell (@jamerply) (#294) ## what

This PR updates the mimimum_protocol_version variable so that it defaults to TLSv1.2_2021 (the current recommended security policy recommended by AWS) instead of TLSv1.2_2019.

why

The most current security policy is no longer TLSv1.2_2019 but is TLSv1.2_2021.

references

See the "Security Policy" heading under the "Distribution Setting" section of the AWS CloudFront Documentation for further information.