Skip to content

Commit fa17c03

Browse files
jsalszbrunjsalszbrun
authored
Merge pull request #23 from DNXLabs/fix/variable-waf
add option to include cloudfront arn
2 parents f8bae59 + 6761296 commit fa17c03

File tree

3 files changed

+7
-1
lines changed

3 files changed

+7
-1
lines changed

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@ If you have specified cloudfront_default_certificate, TLSv1 must be specified.
6666
| cloudfront\_logging\_prefix | Logging prefix | `string` | `""` | no |
6767
| cloudfront\_origin\_keepalive\_timeout | The amount of time, in seconds, that CloudFront maintains an idle connection with a custom origin server before closing the connection. Valid values are from 1 to 60 seconds. | `number` | `5` | no |
6868
| cloudfront\_origin\_read\_timeout | The amount of time, in seconds, that CloudFront waits for a response from a custom origin. The value applies both to the time that CloudFront waits for an initial response and the time that CloudFront waits for each subsequent packet. Valid values are from 4 to 60 seconds. | `number` | `30` | no |
69+
| cloudfront\_web\_acl\_id | Optional web acl (WAF) to attach to CloudFront | `string` | `""` | no |
6970
| create\_cloudfront\_function | If true, create and publish a CloudFront Function based on provided code | `bool` | `false` | no |
7071
| dynamic\_custom\_error\_response | One or more custom error response elements (multiples allowed) | <pre>list(object({<br> error_code = optional(number)<br> response_code = optional(number)<br> response_page_path = optional(string)<br> }))</pre> | `[]` | no |
7172
| dynamic\_custom\_origin\_config | Configuration for the custom origin config to be used in dynamic block | `any` | `[]` | no |

_variables.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,11 @@ variable "name" {
33
type = string
44
}
55

6+
variable "cloudfront_web_acl_id" {
7+
default = ""
8+
description = "Optional web acl (WAF) to attach to CloudFront"
9+
}
10+
611
variable "hostnames" {
712
description = "Hostnames to create DNS record for this app that the cloudfront distribution will accept"
813
type = list(string)

cloudfront.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ resource "aws_cloudfront_distribution" "default" {
1313

1414
depends_on = [aws_wafv2_web_acl.waf_cloudfront]
1515

16-
web_acl_id = var.waf_cloudfront_enable ? aws_wafv2_web_acl.waf_cloudfront[0].arn : null
16+
web_acl_id = var.waf_cloudfront_enable ? (var.cloudfront_web_acl_id != null ? var.cloudfront_web_acl_id : aws_wafv2_web_acl.waf_cloudfront[0].arn) : null
1717

1818
origin {
1919
domain_name = var.alb_dns_name

0 commit comments

Comments
 (0)