Merge pull request #22 from DNXLabs/feature/function

jsalszbrun · web-flow · commit f8bae592a90c · 2025-10-01T18:53:42.000-04:00
add function for cloudfront distribution
diff --git a/README.md b/README.md
@@ -58,10 +58,15 @@ If you have specified cloudfront_default_certificate, TLSv1 must be specified.
 | alb\_dns\_name | ALB DNS Name that CloudFront will point as origin | `string` | n/a | yes |
 | certificate\_arn | Certificate for this app to use in CloudFront (US), must cover `hostname`. | `string` | n/a | yes |
 | cloudfront\_forward\_headers | Headers to forward to origin from CloudFront | `list(string)` | <pre>[<br>  "*"<br>]</pre> | no |
+| cloudfront\_function\_arn | ARN of an existing CloudFront Function (use this if create\_cloudfront\_function=false) | `string` | `null` | no |
+| cloudfront\_function\_code | JavaScript code (cloudfront-js-2.0) of the CloudFront Function | `string` | `null` | no |
+| cloudfront\_function\_event\_type | Event type to associate with the function: viewer-request or viewer-response | `string` | `"viewer-request"` | no |
+| cloudfront\_function\_name | Name of the CloudFront Function | `string` | `null` | no |
 | cloudfront\_logging\_bucket | Bucket to store logs from app | `string` | `null` | no |
 | cloudfront\_logging\_prefix | Logging prefix | `string` | `""` | no |
 | cloudfront\_origin\_keepalive\_timeout | The amount of time, in seconds, that CloudFront maintains an idle connection with a custom origin server before closing the connection. Valid values are from 1 to 60 seconds. | `number` | `5` | no |
 | cloudfront\_origin\_read\_timeout | The amount of time, in seconds, that CloudFront waits for a response from a custom origin. The value applies both to the time that CloudFront waits for an initial response and the time that CloudFront waits for each subsequent packet. Valid values are from 4 to 60 seconds. | `number` | `30` | no |
+| create\_cloudfront\_function | If true, create and publish a CloudFront Function based on provided code | `bool` | `false` | no |
 | dynamic\_custom\_error\_response | One or more custom error response elements (multiples allowed) | <pre>list(object({<br>    error_code         = optional(number)<br>    response_code      = optional(number)<br>    response_page_path = optional(string)<br>  }))</pre> | `[]` | no |
 | dynamic\_custom\_origin\_config | Configuration for the custom origin config to be used in dynamic block | `any` | `[]` | no |
 | dynamic\_ordered\_cache\_behavior | Ordered Cache Behaviors to be used in dynamic block | `any` | `[]` | no |
diff --git a/_variables.tf b/_variables.tf
@@ -164,4 +164,40 @@ variable "record_type" {
   type        = string
   description = "Type of the record to create on Route53"
   default     = "CNAME"
-}
+}
+########
+variable "create_cloudfront_function" {
+  description = "If true, create and publish a CloudFront Function based on provided code"
+  type        = bool
+  default     = false
+}
+
+variable "cloudfront_function_name" {
+  description = "Name of the CloudFront Function"
+  type        = string
+  default     = null
+}
+
+variable "cloudfront_function_code" {
+  description = "JavaScript code (cloudfront-js-2.0) of the CloudFront Function"
+  type        = string
+  default     = null
+}
+
+variable "cloudfront_function_event_type" {
+  description = "Event type to associate with the function: viewer-request or viewer-response"
+  type        = string
+  default     = "viewer-request"
+
+  validation {
+    condition     = var.cloudfront_function_event_type == "viewer-request" || var.cloudfront_function_event_type == "viewer-response"
+    error_message = "cloudfront_function_event_type must be 'viewer-request' or 'viewer-response'."
+  }
+}
+
+variable "cloudfront_function_arn" {
+  description = "ARN of an existing CloudFront Function (use this if create_cloudfront_function=false)"
+  type        = string
+  default     = null
+}
+
diff --git a/cloudfront.tf b/cloudfront.tf
@@ -118,6 +118,14 @@ resource "aws_cloudfront_distribution" "default" {
       }
     }
 
+    dynamic "function_association" {
+      for_each = local.resolved_cloudfront_function_arn == null ? [] : [1]
+      content {
+        event_type   = var.cloudfront_function_event_type
+        function_arn = local.resolved_cloudfront_function_arn
+      }
+    }
+
     viewer_protocol_policy = "redirect-to-https"
     min_ttl                = 0
     default_ttl            = 3600
@@ -186,3 +194,18 @@ resource "aws_cloudfront_distribution" "default" {
   }
 
 }
+
+locals {
+  resolved_cloudfront_function_arn = var.create_cloudfront_function ? (
+    try(aws_cloudfront_function.this[0].arn, null)
+  ) : var.cloudfront_function_arn
+}
+
+resource "aws_cloudfront_function" "this" {
+  count   = var.create_cloudfront_function ? 1 : 0
+  name    = var.cloudfront_function_name
+  runtime = "cloudfront-js-2.0"
+  comment = "Managed by terraform-aws-ecs-app-front"
+  publish = true
+  code    = var.cloudfront_function_code
+}
