From 931f916e2c802db375d08653008c9efbcec4e77d Mon Sep 17 00:00:00 2001 From: Phillip Shipley Date: Mon, 21 Dec 2020 10:18:54 -0500 Subject: [PATCH 1/2] update origin ssl protocols and change to variable --- README.md | 1 + main.tf | 2 +- vars.tf | 6 ++++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f2a4bad..7014c72 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ supports S3 redirects. This module helps keep setup consistent for multiple Hugo - `error_document` - The file that should be served for errors. Default: `404.html` - `index_document` - The default file to be served. Default: `index.html` - `origin_path` - Path to document root in S3 bucket without slashes. Default: `public` + - `origin_ssl_protocols` - List of SSL protocols to enable on Cloudfront distribution. Default: `TLSv1.2_2019` - `routing_rules` - A json array containing routing rules describing redirect behavior and when redirects are applied. Default routes `/` to `index.html` - `viewer_protocol_policy` - One of allow-all, https-only, or redirect-to-https. Default: `redirect-to-https` - `cors_allowed_headers` - List of headers allowed in CORS. Default: `[]` diff --git a/main.tf b/main.tf index acef1c7..e8d4e47 100644 --- a/main.tf +++ b/main.tf @@ -50,7 +50,7 @@ resource "aws_cloudfront_distribution" "hugo" { http_port = 80 https_port = 443 origin_protocol_policy = "http-only" - origin_ssl_protocols = ["SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"] + origin_ssl_protocols = var.origin_ssl_protocols } // Important to use this format of origin domain name, it is the only format that diff --git a/vars.tf b/vars.tf index 633293f..c8916c5 100644 --- a/vars.tf +++ b/vars.tf @@ -107,6 +107,12 @@ variable "origin_path" { default = "/public" } +variable "origin_ssl_protocols" { + type = list(string) + description = "List of Origin SSL policies for Cloudfront distribution. See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy for options" + default = ["TLSv1.2_2019"] +} + variable "routing_rules" { description = "A json array containing routing rules describing redirect behavior and when redirects are applied" type = string From 5bda1c6a4e379138668a19f6d6fa1320c06229d9 Mon Sep 17 00:00:00 2001 From: Phillip Shipley Date: Mon, 21 Dec 2020 10:53:53 -0500 Subject: [PATCH 2/2] fix default value for custom error messages to avoid errors when not set --- vars.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars.tf b/vars.tf index c8916c5..96d0f62 100644 --- a/vars.tf +++ b/vars.tf @@ -80,7 +80,7 @@ variable "custom_error_response" { response_code = number response_page_path = string })) - default = null + default = [] } variable "default_root_object" {