Merge pull request #6 from grupoboticario/set_web_acl_id

Set web acl

site-main/main.tf

@@ -131,6 +131,7 @@ resource "aws_cloudfront_distribution" "website_cdn" {
   enabled      = true
   price_class  = var.price_class
   http_version = "http2"
+  web_acl_id   = var.web_acl_id != null ? var.web_acl_id : null
 
   origin {
     origin_id   = var.create_bucket == true ? "origin-bucket-${aws_s3_bucket.website_bucket[0].id}" : "origin-bucket-${var.bucket_name}"

site-main/variables.tf

@@ -148,4 +148,9 @@ variable "cache_policy_id" {
 variable "origin_request_policy_id" {
   default     = "88a5eaf4-2fd4-4709-b370-b4c650ea3fcf"
   description = "Name of origin request policy previously created"
+}
+
+variable "web_acl_id" {
+  description = "ARN of WAF"
+  default     = null
 }

site-redirect/main.tf

@@ -115,6 +115,14 @@ resource "aws_cloudfront_distribution" "website_cdn" {
     allowed_methods = ["GET", "HEAD", "DELETE", "OPTIONS", "PATCH", "POST", "PUT"]
     cached_methods  = ["GET", "HEAD"]
 
+    dynamic "lambda_function_association" {
+      for_each = var.enable_lambda_sec_headers == null ? [] : var.enable_lambda_sec_headers
+      content {
+        event_type = lambda_function_association.value.event_type
+        lambda_arn = lambda_function_association.value.lambda_arn
+      }
+    }
+
     forwarded_values {
       query_string = var.forward-query-string
 

site-redirect/variables.tf

@@ -45,4 +45,14 @@ variable "forward-query-string" {
   type        = bool
   description = "Forward the query string to the origin"
   default     = true
+}
+
+variable "enable_lambda_sec_headers" {
+  type = list(object({
+    event_type = string
+    lambda_arn = string
+  }))
+  default = null
+
+  description = "Specifies the lambda function of security headers"
 }