terraform-aws-modules
diff --git a/‎main.tf‎
Lines changed: 43 additions & 116 deletions b/‎main.tf‎
Lines changed: 43 additions & 116 deletions
diff --git a/‎outputs.tf‎
Lines changed: 13 additions & 48 deletions b/‎outputs.tf‎
Lines changed: 13 additions & 48 deletions
@@ -1,68 +1,23 @@
-locals {
-  create_origin_access_identity = var.create_origin_access_identity && length(keys(var.origin_access_identities)) > 0
-  create_origin_access_control  = var.create_origin_access_control && length(keys(var.origin_access_control)) > 0
-  create_vpc_origin             = var.create_vpc_origin && length(keys(var.vpc_origin)) > 0
-}
-
-resource "aws_cloudfront_origin_access_identity" "this" {
-  for_each = local.create_origin_access_identity ? var.origin_access_identities : {}
-
-  comment = each.value
-
-  lifecycle {
-    create_before_destroy = true
-  }
-}
-
-resource "aws_cloudfront_origin_access_control" "this" {
-  for_each = local.create_origin_access_control ? var.origin_access_control : {}
-
-  name = each.key
-
-  description                       = each.value["description"]
-  origin_access_control_origin_type = each.value["origin_type"]
-  signing_behavior                  = each.value["signing_behavior"]
-  signing_protocol                  = each.value["signing_protocol"]
-}
-
-resource "aws_cloudfront_vpc_origin" "this" {
-  for_each = local.create_vpc_origin ? var.vpc_origin : {}
-
-  vpc_origin_endpoint_config {
-    name                   = each.value["name"]
-    arn                    = each.value["arn"]
-    http_port              = each.value["http_port"]
-    https_port             = each.value["https_port"]
-    origin_protocol_policy = each.value["origin_protocol_policy"]
-
-    origin_ssl_protocols {
-      items    = each.value.origin_ssl_protocols.items
-      quantity = each.value.origin_ssl_protocols.quantity
-    }
-  }
-
-  tags = var.tags
-}
-
 resource "aws_cloudfront_distribution" "this" {
-  count = var.create_distribution ? 1 : 0
-
-  aliases                         = var.aliases
-  comment                         = var.comment
-  continuous_deployment_policy_id = var.continuous_deployment_policy_id
-  default_root_object             = var.default_root_object
-  enabled                         = var.enabled
-  http_version                    = var.http_version
-  is_ipv6_enabled                 = var.is_ipv6_enabled
-  price_class                     = var.price_class
-  retain_on_delete                = var.retain_on_delete
-  staging                         = var.staging
-  wait_for_deployment             = var.wait_for_deployment
-  web_acl_id                      = var.web_acl_id
-  tags                            = var.tags
+  #count = each.value.create_distribution ? 1 : 0
+  for_each = { for idx, config in var.distributions : idx => config }
+
+  aliases                         = each.value.aliases
+  comment                         = each.value.comment
+  continuous_deployment_policy_id = each.value.continuous_deployment_policy_id
+  default_root_object             = each.value.default_root_object
+  enabled                         = each.value.enabled
+  http_version                    = each.value.http_version
+  is_ipv6_enabled                 = each.value.is_ipv6_enabled
+  price_class                     = each.value.price_class
+  retain_on_delete                = each.value.retain_on_delete
+  staging                         = each.value.staging
+  wait_for_deployment             = each.value.wait_for_deployment
+  web_acl_id                      = each.value.web_acl_id
+  tags                            = each.value.tags
 
   dynamic "logging_config" {
-    for_each = length(keys(var.logging_config)) == 0 ? [] : [var.logging_config]
+    for_each = length(keys(each.value.logging_config)) == 0 ? [] : [each.value.logging_config]
 
     content {
       bucket          = logging_config.value["bucket"]
@@ -72,7 +27,7 @@ resource "aws_cloudfront_distribution" "this" {
   }
 
   dynamic "origin" {
-    for_each = var.origin
+    for_each = each.value.origin
 
     content {
       domain_name              = origin.value.domain_name
@@ -82,14 +37,6 @@ resource "aws_cloudfront_distribution" "this" {
       connection_timeout       = lookup(origin.value, "connection_timeout", null)
       origin_access_control_id = lookup(origin.value, "origin_access_control_id", lookup(lookup(aws_cloudfront_origin_access_control.this, lookup(origin.value, "origin_access_control", ""), {}), "id", null))
 
-      dynamic "s3_origin_config" {
-        for_each = length(keys(lookup(origin.value, "s3_origin_config", {}))) == 0 ? [] : [lookup(origin.value, "s3_origin_config", {})]
-
-        content {
-          origin_access_identity = lookup(s3_origin_config.value, "cloudfront_access_identity_path", lookup(lookup(aws_cloudfront_origin_access_identity.this, lookup(s3_origin_config.value, "origin_access_identity", ""), {}), "cloudfront_access_identity_path", null))
-        }
-      }
-
       dynamic "custom_origin_config" {
         for_each = length(lookup(origin.value, "custom_origin_config", "")) == 0 ? [] : [lookup(origin.value, "custom_origin_config", "")]
 
@@ -120,21 +67,11 @@ resource "aws_cloudfront_distribution" "this" {
           origin_shield_region = origin_shield.value.origin_shield_region
         }
       }
-
-      dynamic "vpc_origin_config" {
-        for_each = length(keys(lookup(origin.value, "vpc_origin_config", {}))) == 0 ? [] : [lookup(origin.value, "vpc_origin_config", {})]
-
-        content {
-          vpc_origin_id            = lookup(vpc_origin_config.value, "vpc_origin_id", lookup(lookup(aws_cloudfront_vpc_origin.this, lookup(vpc_origin_config.value, "vpc_origin", ""), {}), "id", null))
-          origin_keepalive_timeout = lookup(vpc_origin_config.value, "origin_keepalive_timeout", null)
-          origin_read_timeout      = lookup(vpc_origin_config.value, "origin_read_timeout", null)
-        }
-      }
     }
   }
 
   dynamic "origin_group" {
-    for_each = var.origin_group
+    for_each = each.value.origin_group != null ? each.value.origin_group : {}
 
     content {
       origin_id = lookup(origin_group.value, "origin_id", origin_group.key)
@@ -154,7 +91,7 @@ resource "aws_cloudfront_distribution" "this" {
   }
 
   dynamic "default_cache_behavior" {
-    for_each = [var.default_cache_behavior]
+    for_each = [each.value.default_cache_behavior]
     iterator = i
 
     content {
@@ -214,18 +151,11 @@ resource "aws_cloudfront_distribution" "this" {
           function_arn = f.value.function_arn
         }
       }
-
-      dynamic "grpc_config" {
-        for_each = try([i.value.grpc_config], [])
-        content {
-          enabled = grpc_config.value.enabled
-        }
-      }
     }
   }
 
   dynamic "ordered_cache_behavior" {
-    for_each = var.ordered_cache_behavior
+    for_each = each.value.ordered_cache_behavior != null ? each.value.ordered_cache_behavior : []
     iterator = i
 
     content {
@@ -286,27 +216,36 @@ resource "aws_cloudfront_distribution" "this" {
           function_arn = f.value.function_arn
         }
       }
+    }
+  }
 
-      dynamic "grpc_config" {
-        for_each = try([i.value.grpc_config], [])
-        content {
-          enabled = grpc_config.value.enabled
-        }
-      }
+  /*
+  dynamic "viewer_certificate" {
+    for_each = each.value.viewer_certificate
+    iterator = k
+
+    content {
+      acm_certificate_arn            = lookup(k.value, "acm_certificate_arn", [])
+      cloudfront_default_certificate = lookup(k.value, "cloudfront_default_certificate", false)
+      iam_certificate_id             = lookup(k.value, "iam_certificate_id", null)
+      minimum_protocol_version       = lookup(k.value, "minimum_protocol_version", "TLSv1.2_2018")
+      ssl_support_method             = lookup(k.value, "ssl_support_method", "sni-only")
     }
   }
+*/
 
   viewer_certificate {
-    acm_certificate_arn            = lookup(var.viewer_certificate, "acm_certificate_arn", null)
-    cloudfront_default_certificate = lookup(var.viewer_certificate, "cloudfront_default_certificate", null)
-    iam_certificate_id             = lookup(var.viewer_certificate, "iam_certificate_id", null)
+    acm_certificate_arn            = lookup(each.value.viewer_certificate, "acm_certificate_arn", null)
+    cloudfront_default_certificate = lookup(each.value.viewer_certificate, "cloudfront_default_certificate", null)
+    iam_certificate_id             = lookup(each.value.viewer_certificate, "iam_certificate_id", null)
 
-    minimum_protocol_version = lookup(var.viewer_certificate, "minimum_protocol_version", "TLSv1")
-    ssl_support_method       = lookup(var.viewer_certificate, "ssl_support_method", null)
+    minimum_protocol_version = lookup(each.value.viewer_certificate, "minimum_protocol_version", "TLSv1")
+    ssl_support_method       = lookup(each.value.viewer_certificate, "ssl_support_method", null)
   }
 
+
   dynamic "custom_error_response" {
-    for_each = length(flatten([var.custom_error_response])[0]) > 0 ? flatten([var.custom_error_response]) : []
+    for_each = length(each.value.custom_error_response) > 0 ? each.value.custom_error_response : []
 
     content {
       error_code = custom_error_response.value["error_code"]
@@ -319,7 +258,7 @@ resource "aws_cloudfront_distribution" "this" {
 
   restrictions {
     dynamic "geo_restriction" {
-      for_each = [var.geo_restriction]
+      for_each = [each.value.geo_restriction]
 
       content {
         restriction_type = lookup(geo_restriction.value, "restriction_type", "none")
@@ -329,18 +268,6 @@ resource "aws_cloudfront_distribution" "this" {
   }
 }
 
-resource "aws_cloudfront_monitoring_subscription" "this" {
-  count = var.create_distribution && var.create_monitoring_subscription ? 1 : 0
-
-  distribution_id = aws_cloudfront_distribution.this[0].id
-
-  monitoring_subscription {
-    realtime_metrics_subscription_config {
-      realtime_metrics_subscription_status = var.realtime_metrics_subscription_status
-    }
-  }
-}
-
 data "aws_cloudfront_cache_policy" "this" {
   for_each = toset([for v in concat([var.default_cache_behavior], var.ordered_cache_behavior) : v.cache_policy_name if can(v.cache_policy_name)])
 
 
@@ -1,89 +1,54 @@
 output "cloudfront_distribution_id" {
   description = "The identifier for the distribution."
-  value       = try(aws_cloudfront_distribution.this[0].id, "")
+  value       = { for k, v in aws_cloudfront_distribution.this : k => v.id }
 }
 
 output "cloudfront_distribution_arn" {
   description = "The ARN (Amazon Resource Name) for the distribution."
-  value       = try(aws_cloudfront_distribution.this[0].arn, "")
+  value       = { for k, v in aws_cloudfront_distribution.this : k => v.arn }
 }
 
 output "cloudfront_distribution_caller_reference" {
   description = "Internal value used by CloudFront to allow future updates to the distribution configuration."
-  value       = try(aws_cloudfront_distribution.this[0].caller_reference, "")
+  value       = { for k, v in aws_cloudfront_distribution.this : k => v.caller_reference }
 }
 
 output "cloudfront_distribution_status" {
-  description = "The current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system."
-  value       = try(aws_cloudfront_distribution.this[0].status, "")
+  description = "The current status of the distribution."
+  value       = { for k, v in aws_cloudfront_distribution.this : k => v.status }
 }
 
 output "cloudfront_distribution_trusted_signers" {
   description = "List of nested attributes for active trusted signers, if the distribution is set up to serve private content with signed URLs"
-  value       = try(aws_cloudfront_distribution.this[0].trusted_signers, "")
+  value       = { for k, v in aws_cloudfront_distribution.this : k => v.trusted_signers }
 }
 
 output "cloudfront_distribution_domain_name" {
   description = "The domain name corresponding to the distribution."
-  value       = try(aws_cloudfront_distribution.this[0].domain_name, "")
+  value       = { for k, v in aws_cloudfront_distribution.this : k => v.domain_name }
 }
 
 output "cloudfront_distribution_last_modified_time" {
   description = "The date and time the distribution was last modified."
-  value       = try(aws_cloudfront_distribution.this[0].last_modified_time, "")
+  value       = { for k, v in aws_cloudfront_distribution.this : k => v.last_modified_time }
 }
 
 output "cloudfront_distribution_in_progress_validation_batches" {
   description = "The number of invalidation batches currently in progress."
-  value       = try(aws_cloudfront_distribution.this[0].in_progress_validation_batches, "")
+  value       = { for k, v in aws_cloudfront_distribution.this : k => v.in_progress_validation_batches }
 }
 
 output "cloudfront_distribution_etag" {
   description = "The current version of the distribution's information."
-  value       = try(aws_cloudfront_distribution.this[0].etag, "")
+  value       = { for k, v in aws_cloudfront_distribution.this : k => v.etag }
 }
 
 output "cloudfront_distribution_hosted_zone_id" {
   description = "The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to."
-  value       = try(aws_cloudfront_distribution.this[0].hosted_zone_id, "")
-}
-
-output "cloudfront_origin_access_identities" {
-  description = "The origin access identities created"
-  value       = { for k, v in aws_cloudfront_origin_access_identity.this : k => v if local.create_origin_access_identity }
-}
-
-output "cloudfront_origin_access_identity_ids" {
-  description = "The IDS of the origin access identities created"
-  value       = [for v in aws_cloudfront_origin_access_identity.this : v.id if local.create_origin_access_identity]
-}
-
-output "cloudfront_origin_access_identity_iam_arns" {
-  description = "The IAM arns of the origin access identities created"
-  value       = [for v in aws_cloudfront_origin_access_identity.this : v.iam_arn if local.create_origin_access_identity]
-}
-
-output "cloudfront_monitoring_subscription_id" {
-  description = " The ID of the CloudFront monitoring subscription, which corresponds to the `distribution_id`."
-  value       = try(aws_cloudfront_monitoring_subscription.this[0].id, "")
+  value       = { for k, v in aws_cloudfront_distribution.this : k => v.hosted_zone_id }
 }
 
 output "cloudfront_distribution_tags" {
-  description = "Tags of the distribution's"
-  value       = try(aws_cloudfront_distribution.this[0].tags_all, "")
-}
-
-output "cloudfront_origin_access_controls" {
-  description = "The origin access controls created"
-  value       = local.create_origin_access_control ? { for k, v in aws_cloudfront_origin_access_control.this : k => v } : {}
-}
-
-output "cloudfront_origin_access_controls_ids" {
-  description = "The IDS of the origin access identities created"
-  value       = local.create_origin_access_control ? [for v in aws_cloudfront_origin_access_control.this : v.id] : []
-}
-
-output "cloudfront_vpc_origin_ids" {
-  description = "The IDS of the VPC origin created"
-  value       = local.create_vpc_origin ? [for v in aws_cloudfront_vpc_origin.this : v.id] : []
+  description = "Tags of the distributions"
+  value       = { for k, v in aws_cloudfront_distribution.this : k => v.tags_all }
 }