Skip to content

Latest commit

 

History

History
144 lines (115 loc) · 5.55 KB

File metadata and controls

144 lines (115 loc) · 5.55 KB

Terraform module for CloudFront redirect

This module can be used to set up static redirects from one URL to another in a Lambda@Edge function for CloudFront. An example usage is as follows:

data "aws_cloudfront_cache_policy" "caching_disabled" {
  name = "Managed-CachingDisabled"
}

data "aws_cloudfront_origin_request_policy" "all_viewer" {
  name = "Managed-AllViewer"
}

module "redirects_label" {
  source  = "cloudposse/label/null"
  version = "0.24.1"

  name      = "redirects"
  stage     = "production"
  namespace = "namespace"
}

module "redirects" {
  providers = {
    aws = aws.us_east_1
  }

  source        = "../../terraform-module-cloudfront-redirects"
  label_context = module.redirects_label.context

  redirect_rules = [
    {
      match = {
        method = "GET"
        url    = "https://example.org/index.html"
      }

      status = 301
      url    = "https://example.com/"
    },
    {
      match = {
        method = "GET"
        url    = "https://example.org/(.*)"
      }

      status = 301
      url    = "https://example.com/$1"
    }
  ]
}

resource "aws_cloudfront_distribution" "redirects" {
  enabled     = true
  comment     = "Redirects distribution"
  price_class = "PriceClass_100"
  aliases     = ["example.org"]

  origin {
    domain_name = "www.example.org"
    origin_id   = "www.example.org"

    custom_origin_config {
      http_port              = 80
      https_port             = 443
      origin_protocol_policy = "https-only"
      origin_ssl_protocols   = ["TLSv1.2"]
    }
  }

  default_cache_behavior {
    allowed_methods          = ["HEAD", "GET", "OPTIONS"]
    cached_methods           = ["HEAD", "GET", "OPTIONS"]
    target_origin_id         = "www.example.org"
    viewer_protocol_policy   = "redirect-to-https"
    cache_policy_id          = data.aws_cloudfront_cache_policy.caching_disabled.id
    origin_request_policy_id = data.aws_cloudfront_origin_request_policy.all_viewer.id

    lambda_function_association {
      event_type   = "viewer-request"
      lambda_arn   = module.redirects.lambda_qualified_arn
      include_body = false
    }
  }

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  viewer_certificate {
    cloudfront_default_certificate = true
  }
}

Requirements

Name Version
archive ~> 2.2.0
aws ~> 4.0

Providers

Name Version
archive ~> 2.2.0
aws ~> 4.0

Modules

Name Source Version
label cloudposse/label/null 0.24.1

Resources

Name Type
aws_iam_role.this resource
aws_iam_role_policy_attachment.lambda_basic_execution resource
aws_lambda_function.this resource
archive_file.this data source
aws_iam_policy.lambda_basic_execution data source
aws_iam_policy_document.assume_role data source

Inputs

Name Description Type Default Required
label_context Context for the null label which determines names of resources any n/a yes
redirect_rules Rules determine which URLs redirect to which other URLs.

The match object determines if a request matches the rule. Both the method
and URL should match. If no method is specified, all request methods
will match.

The match URL can be a regular expression. In this case, the beginning and
end of line matchers are added implicitly. The JavaScript regular expression
dialect should be used. Only the host and path of the URL are used to match
the request. All other parts, like the scheme, query and fragment are
ignored.

The status and URL determine where the client is redirected to. Both must be
set. The URL should include a scheme and can use any capturing groups
captured during the matching phase.

See documentation on JavaScript's String.prototype.replace to learn more
about JavaScript regular expressions and the usage of capturing groups in
the reponse URL.
list(
object(
{
status = number
url = string

match = object({
method = optional(string)
url = string
})
}
)
)
n/a yes

Outputs

Name Description
lambda_arn ARN of redirect function without version specifier
lambda_qualified_arn ARN of redirect function with version specifier