fix: Update variable name and tweak logic slightly

bryantbiggs · bryantbiggs · commit 2f2a7ce46cb3 · 2025-11-27T08:36:32.000-06:00
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.103.0
+    rev: v1.104.0
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each
diff --git a/README.md b/README.md
@@ -107,13 +107,13 @@ ordered_cache_behavior = [{
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.83 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.100 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.83 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.100 |
 
 ## Modules
 
@@ -161,7 +161,7 @@ No modules.
 | <a name="input_origin_group"></a> [origin\_group](#input\_origin\_group) | One or more origin\_group for this distribution (multiples allowed). | `any` | `{}` | no |
 | <a name="input_price_class"></a> [price\_class](#input\_price\_class) | The price class for this distribution. One of PriceClass\_All, PriceClass\_200, PriceClass\_100 | `string` | `null` | no |
 | <a name="input_realtime_metrics_subscription_status"></a> [realtime\_metrics\_subscription\_status](#input\_realtime\_metrics\_subscription\_status) | A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution. Valid values are `Enabled` and `Disabled`. | `string` | `"Enabled"` | no |
-| <a name="input_response_headers_policy"></a> [response\_headers\_policy](#input\_response\_headers\_policy) | Map of CloudFront response headers policies with their configurations | <pre>map(object({<br/>    name    = optional(string)<br/>    comment = optional(string)<br/><br/>    cors_config = optional(object({<br/>      access_control_allow_credentials = bool<br/>      origin_override                  = bool<br/>      access_control_allow_headers = object({<br/>        items = list(string)<br/>      })<br/>      access_control_allow_methods = object({<br/>        items = list(string)<br/>      })<br/>      access_control_allow_origins = object({<br/>        items = list(string)<br/>      })<br/>      access_control_expose_headers = optional(object({<br/>        items = list(string)<br/>      }))<br/>      access_control_max_age_sec = optional(number)<br/>    }))<br/><br/>    custom_headers_config = optional(object({<br/>      items = list(object({<br/>        header   = string<br/>        override = bool<br/>        value    = string<br/>      }))<br/>    }))<br/><br/>    remove_headers_config = optional(object({<br/>      items = list(object({<br/>        header = string<br/>      }))<br/>    }))<br/><br/>    security_headers_config = optional(object({<br/>      content_security_policy = optional(object({<br/>        content_security_policy = string<br/>        override                = bool<br/>      }))<br/>      content_type_options = optional(object({<br/>        override = bool<br/>      }))<br/>      frame_options = optional(object({<br/>        frame_option = string<br/>        override     = bool<br/>      }))<br/>      referrer_policy = optional(object({<br/>        referrer_policy = string<br/>        override        = bool<br/>      }))<br/>      strict_transport_security = optional(object({<br/>        access_control_max_age_sec = number<br/>        override                   = bool<br/>        include_subdomains         = optional(bool)<br/>        preload                    = optional(bool)<br/>      }))<br/>      xss_protection = optional(object({<br/>        mode_block = bool<br/>        override   = bool<br/>        protection = bool<br/>        report_uri = optional(string)<br/>      }))<br/>    }))<br/><br/>    server_timing_headers_config = optional(object({<br/>      enabled       = bool<br/>      sampling_rate = number<br/>    }))<br/>  }))</pre> | `{}` | no |
+| <a name="input_response_headers_policies"></a> [response\_headers\_policies](#input\_response\_headers\_policies) | Map of CloudFront response headers policies with their configurations | <pre>map(object({<br/>    name    = optional(string)<br/>    comment = optional(string)<br/>    cors_config = optional(object({<br/>      access_control_allow_credentials = bool<br/>      origin_override                  = bool<br/>      access_control_allow_headers = object({<br/>        items = list(string)<br/>      })<br/>      access_control_allow_methods = object({<br/>        items = list(string)<br/>      })<br/>      access_control_allow_origins = object({<br/>        items = list(string)<br/>      })<br/>      access_control_expose_headers = optional(object({<br/>        items = list(string)<br/>      }))<br/>      access_control_max_age_sec = optional(number)<br/>    }))<br/>    custom_headers_config = optional(object({<br/>      items = list(object({<br/>        header   = string<br/>        override = bool<br/>        value    = string<br/>      }))<br/>    }))<br/>    remove_headers_config = optional(object({<br/>      items = list(object({<br/>        header = string<br/>      }))<br/>    }))<br/>    security_headers_config = optional(object({<br/>      content_security_policy = optional(object({<br/>        content_security_policy = string<br/>        override                = bool<br/>      }))<br/>      content_type_options = optional(object({<br/>        override = bool<br/>      }))<br/>      frame_options = optional(object({<br/>        frame_option = string<br/>        override     = bool<br/>      }))<br/>      referrer_policy = optional(object({<br/>        referrer_policy = string<br/>        override        = bool<br/>      }))<br/>      strict_transport_security = optional(object({<br/>        access_control_max_age_sec = number<br/>        override                   = bool<br/>        include_subdomains         = optional(bool)<br/>        preload                    = optional(bool)<br/>      }))<br/>      xss_protection = optional(object({<br/>        mode_block = bool<br/>        override   = bool<br/>        protection = bool<br/>        report_uri = optional(string)<br/>      }))<br/>    }))<br/>    server_timing_headers_config = optional(object({<br/>      enabled       = bool<br/>      sampling_rate = number<br/>    }))<br/>  }))</pre> | `null` | no |
 | <a name="input_retain_on_delete"></a> [retain\_on\_delete](#input\_retain\_on\_delete) | Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. | `bool` | `false` | no |
 | <a name="input_staging"></a> [staging](#input\_staging) | Whether the distribution is a staging distribution. | `bool` | `false` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the resource. | `map(string)` | `null` | no |
@@ -193,8 +193,6 @@ No modules.
 | <a name="output_cloudfront_origin_access_identity_iam_arns"></a> [cloudfront\_origin\_access\_identity\_iam\_arns](#output\_cloudfront\_origin\_access\_identity\_iam\_arns) | The IAM arns of the origin access identities created |
 | <a name="output_cloudfront_origin_access_identity_ids"></a> [cloudfront\_origin\_access\_identity\_ids](#output\_cloudfront\_origin\_access\_identity\_ids) | The IDS of the origin access identities created |
 | <a name="output_cloudfront_response_headers_policies"></a> [cloudfront\_response\_headers\_policies](#output\_cloudfront\_response\_headers\_policies) | The response headers policies created |
-| <a name="output_cloudfront_response_headers_policy_etags"></a> [cloudfront\_response\_headers\_policy\_etags](#output\_cloudfront\_response\_headers\_policy\_etags) | The ETags of the response headers policies created |
-| <a name="output_cloudfront_response_headers_policy_ids"></a> [cloudfront\_response\_headers\_policy\_ids](#output\_cloudfront\_response\_headers\_policy\_ids) | The IDs of the response headers policies created |
 | <a name="output_cloudfront_vpc_origin_ids"></a> [cloudfront\_vpc\_origin\_ids](#output\_cloudfront\_vpc\_origin\_ids) | The IDS of the VPC origin created |
 <!-- END_TF_DOCS -->
 
diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -28,15 +28,15 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.83 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.100 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.83 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.100 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 2.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
 
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -234,7 +234,7 @@ module "cloudfront" {
   }
 
   create_response_headers_policy = true
-  response_headers_policy = {
+  response_headers_policies = {
     cors_policy = {
       name    = "CORSPolicy"
       comment = "CORS configuration for API"
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.83"
+      version = ">= 5.100"
     }
     random = {
       source  = "hashicorp/random"
diff --git a/main.tf b/main.tf
@@ -1,14 +1,13 @@
 locals {
-  create_origin_access_identity  = var.create_origin_access_identity && length(keys(var.origin_access_identities)) > 0
-  create_origin_access_control   = var.create_origin_access_control && length(keys(var.origin_access_control)) > 0
-  create_vpc_origin              = var.create_vpc_origin && length(keys(var.vpc_origin)) > 0
-  create_response_headers_policy = var.create_response_headers_policy && length(keys(var.response_headers_policy)) > 0
+  create_origin_access_identity = var.create_origin_access_identity && length(keys(var.origin_access_identities)) > 0
+  create_origin_access_control  = var.create_origin_access_control && length(keys(var.origin_access_control)) > 0
+  create_vpc_origin             = var.create_vpc_origin && length(keys(var.vpc_origin)) > 0
 }
 
 resource "aws_cloudfront_response_headers_policy" "this" {
-  for_each = local.create_response_headers_policy ? var.response_headers_policy : {}
+  for_each = var.create_response_headers_policy && var.response_headers_policies != null ? var.response_headers_policies : {}
 
-  name    = each.value.name != null ? each.value.name : each.key
+  name    = try(coalesce(each.value.name, each.key))
   comment = each.value.comment
 
   dynamic "cors_config" {
@@ -17,7 +16,7 @@ resource "aws_cloudfront_response_headers_policy" "this" {
     content {
       access_control_allow_credentials = cors_config.value.access_control_allow_credentials
       origin_override                  = cors_config.value.origin_override
-      access_control_max_age_sec       = cors_config.value.access_control_max_age_sec != null ? cors_config.value.access_control_max_age_sec : null
+      access_control_max_age_sec       = cors_config.value.access_control_max_age_sec
 
       access_control_allow_headers {
         items = cors_config.value.access_control_allow_headers.items
@@ -144,7 +143,6 @@ resource "aws_cloudfront_response_headers_policy" "this" {
   }
 }
 
-
 resource "aws_cloudfront_origin_access_identity" "this" {
   for_each = local.create_origin_access_identity ? var.origin_access_identities : {}
 
diff --git a/outputs.tf b/outputs.tf
@@ -90,15 +90,5 @@ output "cloudfront_vpc_origin_ids" {
 
 output "cloudfront_response_headers_policies" {
   description = "The response headers policies created"
-  value       = local.create_response_headers_policy ? { for k, v in aws_cloudfront_response_headers_policy.this : k => v } : {}
-}
-
-output "cloudfront_response_headers_policy_ids" {
-  description = "The IDs of the response headers policies created"
-  value       = local.create_response_headers_policy ? { for k, v in aws_cloudfront_response_headers_policy.this : k => v.id } : {}
-}
-
-output "cloudfront_response_headers_policy_etags" {
-  description = "The ETags of the response headers policies created"
-  value       = local.create_response_headers_policy ? { for k, v in aws_cloudfront_response_headers_policy.this : k => v.etag } : {}
+  value       = aws_cloudfront_response_headers_policy.this
 }
diff --git a/variables.tf b/variables.tf
@@ -217,12 +217,11 @@ variable "create_response_headers_policy" {
   default     = false
 }
 
-variable "response_headers_policy" {
+variable "response_headers_policies" {
   description = "Map of CloudFront response headers policies with their configurations"
   type = map(object({
     name    = optional(string)
     comment = optional(string)
-
     cors_config = optional(object({
       access_control_allow_credentials = bool
       origin_override                  = bool
@@ -240,21 +239,18 @@ variable "response_headers_policy" {
       }))
       access_control_max_age_sec = optional(number)
     }))
-
     custom_headers_config = optional(object({
       items = list(object({
         header   = string
         override = bool
         value    = string
       }))
     }))
-
     remove_headers_config = optional(object({
       items = list(object({
         header = string
       }))
     }))
-
     security_headers_config = optional(object({
       content_security_policy = optional(object({
         content_security_policy = string
@@ -284,11 +280,10 @@ variable "response_headers_policy" {
         report_uri = optional(string)
       }))
     }))
-
     server_timing_headers_config = optional(object({
       enabled       = bool
       sampling_rate = number
     }))
   }))
-  default = {}
+  default = null
 }
diff --git a/versions.tf b/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.83"
+      version = ">= 5.100"
     }
   }
 }
diff --git a/wrappers/main.tf b/wrappers/main.tf
@@ -34,7 +34,7 @@ module "wrapper" {
   origin_group                         = try(each.value.origin_group, var.defaults.origin_group, {})
   price_class                          = try(each.value.price_class, var.defaults.price_class, null)
   realtime_metrics_subscription_status = try(each.value.realtime_metrics_subscription_status, var.defaults.realtime_metrics_subscription_status, "Enabled")
-  response_headers_policy              = try(each.value.response_headers_policy, var.defaults.response_headers_policy, {})
+  response_headers_policies            = try(each.value.response_headers_policies, var.defaults.response_headers_policies, null)
   retain_on_delete                     = try(each.value.retain_on_delete, var.defaults.retain_on_delete, false)
   staging                              = try(each.value.staging, var.defaults.staging, false)
   tags                                 = try(each.value.tags, var.defaults.tags, null)
diff --git a/wrappers/versions.tf b/wrappers/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.83"
+      version = ">= 5.100"
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -234,7 +234,7 @@ module "cloudfront" {`
`234`	`234`	`}`
`235`	`235`
`236`	`236`	`create_response_headers_policy = true`
`237`		`- response_headers_policy = {`
	`237`	`+ response_headers_policies = {`
`238`	`238`	`cors_policy = {`
`239`	`239`	`name = "CORSPolicy"`
`240`	`240`	`comment = "CORS configuration for API"`
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ terraform {`
`4`	`4`	`required_providers {`
`5`	`5`	`aws = {`
`6`	`6`	`source = "hashicorp/aws"`
`7`		`- version = ">= 5.83"`
	`7`	`+ version = ">= 5.100"`
`8`	`8`	`}`
`9`	`9`	`random = {`
`10`	`10`	`source = "hashicorp/random"`