feat(function): add new module

Author: posquit0

.github/labeler.yaml

@@ -9,6 +9,11 @@
   - any-glob-to-any-file:
     - modules/cache-policy/**/*
 
+":floppy_disk: function":
+- changed-files:
+  - any-glob-to-any-file:
+    - modules/function/**/*
+
 ":floppy_disk: key-value-store":
 - changed-files:
   - any-glob-to-any-file:

.github/labels.yaml

@@ -5,6 +5,9 @@
 - color: "fbca04"
   description: "This issue or pull request is related to distribution module."
   name: ":floppy_disk: distribution"
+- color: "fbca04"
+  description: "This issue or pull request is related to function module."
+  name: ":floppy_disk: function"
 - color: "fbca04"
   description: "This issue or pull request is related to key-value-store module."
   name: ":floppy_disk: key-value-store"

README.md

@@ -8,6 +8,7 @@ Terraform module which creates CloudFront related resources on AWS.
 
 - [cache-policy](./modules/cache-policy)
 - [distribution](./modules/distribution)
+- [function](./modules/function)
 - [key-value-store](./modules/key-value-store)
 - [origin-access-control](./modules/origin-access-control)
 - [origin-request-policy](./modules/origin-request-policy)
@@ -21,6 +22,8 @@ Terraform Modules from [this package](https://github.com/tedilabs/terraform-aws-
 
 - **AWS CloudFront**
   - Distribution
+  - Connection Function
+  - Function
   - Key-value Store
   - Real-time Log Configuration (Comming soon!)
   - Origins
@@ -52,4 +55,4 @@ Like this project? Follow the repository on [GitHub](https://github.com/tedilabs
 
 Provided under the terms of the [Apache License](LICENSE).
 
-Copyright © 2022-2026, [Byungjin Park](https://www.posquit0.com).
+Copyright © 2022-2026, [Byungjin Park](https://www.posquit0.com).

modules/function/README.md

@@ -0,0 +1,65 @@
+# function
+
+This module creates following resources.
+
+- `aws_cloudfront_function` (optional)
+- `aws_cloudfront_connection_function` (optional)
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.12 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.35 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 6.35.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | tedilabs/misc/aws//modules/resource-group | ~> 0.12.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_cloudfront_connection_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_connection_function) | resource |
+| [aws_cloudfront_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_function) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_code"></a> [code](#input\_code) | (Required) The source code of the function. Maximum length is 40960 characters for CONNECTION functions. | `string` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | (Required) A unique name for the CloudFront Function. | `string` | n/a | yes |
+| <a name="input_runtime"></a> [runtime](#input\_runtime) | (Required) The identifier of the function's runtime. Valid values are `cloudfront-js-1.0` and `cloudfront-js-2.0`. | `string` | n/a | yes |
+| <a name="input_description"></a> [description](#input\_description) | (Optional) A comment to describe the CloudFront Function. Defaults to `Managed by Terraform.`. | `string` | `"Managed by Terraform."` | no |
+| <a name="input_key_value_store"></a> [key\_value\_store](#input\_key\_value\_store) | (Optional) The ARN of CloudFront Key Value Store to associate with the function. AWS limits associations to one key value store per function. | `string` | `null` | no |
+| <a name="input_module_tags_enabled"></a> [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no |
+| <a name="input_publish"></a> [publish](#input\_publish) | (Optional) Whether to publish the function to the LIVE stage after creation or update. Defaults to `true`. | `bool` | `true` | no |
+| <a name="input_resource_group"></a> [resource\_group](#input\_resource\_group) | (Optional) A configurations of Resource Group for this module. `resource_group` as defined below.<br/>    (Optional) `enabled` - Whether to create Resource Group to find and group AWS resources which are created by this module. Defaults to `true`.<br/>    (Optional) `name` - The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. If not provided, a name will be generated using the module name and instance name.<br/>    (Optional) `description` - The description of Resource Group. Defaults to `Managed by Terraform.`. | <pre>object({<br/>    enabled     = optional(bool, true)<br/>    name        = optional(string, "")<br/>    description = optional(string, "Managed by Terraform.")<br/>  })</pre> | `{}` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no |
+| <a name="input_type"></a> [type](#input\_type) | (Optional) The type of CloudFront Function to create. Valid values are `GENERAL` and `CONNECTION`. Defaults to `GENERAL`. | `string` | `"GENERAL"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_arn"></a> [arn](#output\_arn) | The ARN of the CloudFront Function. |
+| <a name="output_description"></a> [description](#output\_description) | The comment describing the CloudFront function. |
+| <a name="output_etag"></a> [etag](#output\_etag) | The ETag hash of the function. This is the value for the DEVELOPMENT stage of the function. |
+| <a name="output_id"></a> [id](#output\_id) | The ID of the CloudFront Function. |
+| <a name="output_key_value_store"></a> [key\_value\_store](#output\_key\_value\_store) | The ARN of the CloudFront Key Value Store associated with the function, if any. |
+| <a name="output_live_stage_etag"></a> [live\_stage\_etag](#output\_live\_stage\_etag) | The ETag hash of the LIVE stage of the function. Will be empty if the function has not been published. |
+| <a name="output_name"></a> [name](#output\_name) | The name of the CloudFront Function. |
+| <a name="output_resource_group"></a> [resource\_group](#output\_resource\_group) | The resource group created to manage resources in this module. |
+| <a name="output_runtime"></a> [runtime](#output\_runtime) | The runtime environment for the function. |
+| <a name="output_status"></a> [status](#output\_status) | The status of the function. Can be UNPUBLISHED, UNASSOCIATED or ASSOCIATED. |
+| <a name="output_type"></a> [type](#output\_type) | The type of the CloudFront Function. |
+<!-- END_TF_DOCS -->

modules/function/main.tf

@@ -0,0 +1,72 @@
+locals {
+  metadata = {
+    package = "terraform-aws-cloudfront"
+    version = trimspace(file("${path.module}/../../VERSION"))
+    module  = basename(path.module)
+    name    = "${var.type}/${var.name}"
+  }
+  module_tags = var.module_tags_enabled ? {
+    "module.terraform.io/package"   = local.metadata.package
+    "module.terraform.io/version"   = local.metadata.version
+    "module.terraform.io/name"      = local.metadata.module
+    "module.terraform.io/full-name" = "${local.metadata.package}/${local.metadata.module}"
+    "module.terraform.io/instance"  = local.metadata.name
+  } : {}
+}
+
+
+###################################################
+# CloudFront Function
+###################################################
+
+resource "aws_cloudfront_function" "this" {
+  count = var.type == "GENERAL" ? 1 : 0
+
+  name    = var.name
+  comment = var.description
+  publish = var.publish
+
+  runtime = var.runtime
+  code    = var.code
+
+  key_value_store_associations = (var.key_value_store != null
+    ? [var.key_value_store]
+    : null
+  )
+}
+
+
+###################################################
+# CloudFront Connection Function (CONNECTION)
+###################################################
+
+resource "aws_cloudfront_connection_function" "this" {
+  count = var.type == "CONNECTION" ? 1 : 0
+
+  name    = var.name
+  publish = var.publish
+
+  connection_function_code = var.code
+
+  connection_function_config {
+    comment = var.description
+
+    runtime = var.runtime
+
+    dynamic "key_value_store_association" {
+      for_each = (var.key_value_store != null) ? ["go"] : []
+
+      content {
+        key_value_store_arn = var.key_value_store
+      }
+    }
+  }
+
+  tags = merge(
+    {
+      "Name" = local.metadata.name
+    },
+    local.module_tags,
+    var.tags,
+  )
+}

modules/function/outputs.tf

@@ -0,0 +1,108 @@
+output "id" {
+  description = "The ID of the CloudFront Function."
+  value = {
+    "GENERAL"    = one(aws_cloudfront_function.this[*].name)
+    "CONNECTION" = one(aws_cloudfront_connection_function.this[*].id)
+  }[var.type]
+}
+
+output "arn" {
+  description = "The ARN of the CloudFront Function."
+  value = {
+    "GENERAL"    = one(aws_cloudfront_function.this[*].arn)
+    "CONNECTION" = one(aws_cloudfront_connection_function.this[*].connection_function_arn)
+  }[var.type]
+}
+
+output "name" {
+  description = "The name of the CloudFront Function."
+  value = {
+    "GENERAL"    = one(aws_cloudfront_function.this[*].name)
+    "CONNECTION" = one(aws_cloudfront_connection_function.this[*].name)
+  }[var.type]
+}
+
+output "description" {
+  description = "The comment describing the CloudFront function."
+  value = {
+    "GENERAL"    = one(aws_cloudfront_function.this[*].comment)
+    "CONNECTION" = one(aws_cloudfront_connection_function.this[*].connection_function_config[0].comment)
+  }[var.type]
+}
+
+output "type" {
+  description = "The type of the CloudFront Function."
+  value       = var.type
+}
+
+output "status" {
+  description = "The status of the function. Can be UNPUBLISHED, UNASSOCIATED or ASSOCIATED."
+  value = {
+    "GENERAL"    = one(aws_cloudfront_function.this[*].status)
+    "CONNECTION" = one(aws_cloudfront_connection_function.this[*].status)
+  }[var.type]
+}
+
+output "runtime" {
+  description = "The runtime environment for the function."
+  value = {
+    "GENERAL"    = one(aws_cloudfront_function.this[*].runtime)
+    "CONNECTION" = one(aws_cloudfront_connection_function.this[*].connection_function_config[0].runtime)
+  }[var.type]
+}
+
+output "key_value_store" {
+  description = "The ARN of the CloudFront Key Value Store associated with the function, if any."
+  value = try(
+    one(aws_cloudfront_function.this[0].key_value_store_associations[*]),
+    aws_cloudfront_connection_function.this[0].connection_function_config[0].key_value_store_association[0].key_value_store_arn,
+    var.key_value_store,
+  )
+}
+
+output "etag" {
+  description = "The ETag hash of the function. This is the value for the DEVELOPMENT stage of the function."
+  value = {
+    "GENERAL"    = one(aws_cloudfront_function.this[*].etag)
+    "CONNECTION" = one(aws_cloudfront_connection_function.this[*].etag)
+  }[var.type]
+}
+
+output "live_stage_etag" {
+  description = "The ETag hash of the LIVE stage of the function. Will be empty if the function has not been published."
+  value = {
+    "GENERAL"    = one(aws_cloudfront_function.this[*].live_stage_etag)
+    "CONNECTION" = one(aws_cloudfront_connection_function.this[*].live_stage_etag)
+  }[var.type]
+}
+
+output "resource_group" {
+  description = "The resource group created to manage resources in this module."
+  value = merge(
+    {
+      enabled = var.resource_group.enabled && var.module_tags_enabled
+    },
+    (var.resource_group.enabled && var.module_tags_enabled
+      ? {
+        arn  = module.resource_group[0].arn
+        name = module.resource_group[0].name
+      }
+      : {}
+    )
+  )
+}
+
+# output "debug" {
+#   value = try(
+#     {
+#       for k, v in one(aws_cloudfront_function.this[*]) :
+#       k => v
+#       if !contains(["id", "arn", "name", "comment", "runtime", "etag", "live_stage_etag", "status", "publish", "code", "key_value_store_associations"], k)
+#     },
+#     {
+#       for k, v in one(aws_cloudfront_connection_function.this[*]) :
+#       k => v
+#       if !contains(["id", "connection_function_arn", "name", "etag", "live_stage_etag", "status", "publish"], k)
+#     }
+#   )
+# }

modules/function/resource-group.tf

@@ -0,0 +1,31 @@
+locals {
+  resource_group_name = (var.resource_group.name != ""
+    ? var.resource_group.name
+    : join(".", [
+      local.metadata.package,
+      local.metadata.module,
+      replace(local.metadata.name, "/[^a-zA-Z0-9_\\.-]/", "-"),
+    ])
+  )
+}
+
+
+module "resource_group" {
+  source  = "tedilabs/misc/aws//modules/resource-group"
+  version = "~> 0.12.0"
+
+  count = (var.resource_group.enabled && var.module_tags_enabled) ? 1 : 0
+
+  name        = local.resource_group_name
+  description = var.resource_group.description
+
+  query = {
+    resource_tags = local.module_tags
+  }
+
+  module_tags_enabled = false
+  tags = merge(
+    local.module_tags,
+    var.tags,
+  )
+}