terraform-aws-modules
diff --git a/‎README.md‎
Lines changed: 13 additions & 49 deletions b/‎README.md‎
Lines changed: 13 additions & 49 deletions
diff --git a/‎docs/UPGRADE-6.0.md‎
Lines changed: 115 additions & 6 deletions b/‎docs/UPGRADE-6.0.md‎
Lines changed: 115 additions & 6 deletions
diff --git a/‎examples/complete/README.md‎
Lines changed: 4 additions & 18 deletions b/‎examples/complete/README.md‎
Lines changed: 4 additions & 18 deletions
@@ -5,19 +5,25 @@ If you find a bug, please open an issue with supporting configuration to reprodu
 
 ## List of backwards incompatible changes
 
-- AWS provider `v6.0` is now minimum supported version
+- AWS provider `v6.20` is now minimum supported version
 - Support for `aws_cloudfront_origin_access_identity` has been removed in favor of `aws_cloudfront_origin_access_control`
 
 ## Additional changes
 
 ### Added
 
-- Support for `region` parameter to specify the AWS region for the resources created if different from the provider region.
+- None
 
 ### Modified
 
-- Variable definitions now contain detailed `object` types in place of the previously used any type.
-- `is_ipv6_enabled` now defaults to `true` if not specified.
+- Variable definitions now contain detailed `object` types in place of the previously used any type
+- `is_ipv6_enabled` now defaults to `true` if not specified
+- `default_cache_behavior.compress` and `ordered_cache_behavior.compress` now default to `true`
+- `origin.origin_ssl_protocols` now defaults to `["TLSv1.2"]`
+- `vpc_origin.origin_ssl_protocols.items` now defaults to `["TLSv1.2"]`
+- `vpc_origin_timeouts` is now embedded under `vpc_origin`
+- `viewer_certificate.minimum_protocol_version` now defaults to `"TLSv1.2_2025"`
+- See the the `Before vs After` examples below for more details on variable type definition changes
 
 ### Variable and output changes
 
@@ -50,7 +56,7 @@ If you find a bug, please open an issue with supporting configuration to reprodu
 
 5. Renamed outputs:
 
-    -
+    - None
 
 6. Added outputs:
 
@@ -67,6 +73,58 @@ module "cloudfront" {
 
   # Truncated for brevity ...
 
+  create_vpc_origin = true
+  vpc_origin = {
+    ec2 = {
+      arn                    = module.ec2.arn
+      http_port              = 80
+      https_port             = 443
+      origin_protocol_policy = "http-only"
+      origin_ssl_protocols = {
+        items    = ["TLSv1.2"]
+        quantity = 1
+      }
+    }
+  }
+
+  vpc_origin_timeouts = {
+    create = "20m"
+    update = "20m"
+    delete = "20m"
+  }
+
+  origin = {
+    s3 = {
+      domain_name = module.s3.bucket_regional_domain_name
+      s3_origin_config = {
+        origin_access_identity = "s3_bucket_one"
+      }
+
+      custom_header = [
+        {
+          name  = "X-Forwarded-Scheme"
+          value = "https"
+        },
+        {
+          name  = "X-Frame-Options"
+          value = "SAMEORIGIN"
+        }
+      ]
+    }
+  }
+
+  origin_group = {
+    group_one = {
+      failover_status_codes      = [403, 404, 500, 502]
+      primary_member_origin_id   = "appsync" # Not shown
+      secondary_member_origin_id = "s3"
+    }
+  }
+
+  geo_restriction = {
+    restriction_type = "whitelist"
+    locations        = ["NO", "UA", "US", "GB"]
+  }
 }
 ```
 
@@ -79,9 +137,60 @@ module "cloudfront" {
 
   # Truncated for brevity ...
 
+  vpc_origin = {
+    ec2 = {
+      arn                    = module.ec2.arn
+      http_port              = 80
+      https_port             = 443
+      origin_protocol_policy = "http-only"
+      origin_ssl_protocols = {
+        items    = ["TLSv1.2"]
+        quantity = 1
+      }
+
+      timeouts = {
+        create = "20m"
+        update = "20m"
+        delete = "20m"
+      }
+    }
+  }
+
+  origin = {
+    s3 = {
+      domain_name = module.s3.bucket_regional_domain_name
+      s3_origin_config = {
+        origin_access_control_key = "s3_bucket_one"
+      }
+
+      custom_header = {
+        "X-Forwarded-Scheme" = "https"
+        "X-Frame-Options"    = "SAMEORIGIN"
+      }
+    }
+  }
+
+  origin_group = {
+    group-one = {
+      failover_criteria = {
+        status_codes = [403, 404, 500, 502]
+      }
+      member = [
+        { origin_id = "appsync" }, # Not shown
+        { origin_id = "s3" }
+      ]
+    }
+  }
+
+  restrictions = {
+    geo_restriction = {
+      restriction_type = "whitelist"
+      locations        = ["NO", "UA", "US", "GB"]
+    }
+  }
 }
 ```
 
 ### State Changes
 
-TBD
+None
@@ -1,18 +1,6 @@
 # Complete CloudFront Distribution
 
-Configuration in this directory creates CloudFront distribution which demos such capabilities:
-
-- access logging
-- origins and origin groups
-- caching behaviours
-- Origin Access Identities (with S3 bucket policy)
-- Origin Access Control (recommended over OAI)
-- Lambda@Edge
-- CloudFront Functions
-- Response Headers Policies
-- ACM certificate
-- Route53 record
-- VPC Origins
+Configuration in this directory creates CloudFront distribution which demonstrates nearly all features supported by this module.
 
 ## Usage
 
@@ -34,15 +22,13 @@ Note that this example may create resources which cost money. Run `terraform des
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.20 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
-| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.20 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 2.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
 
 ## Modules
 
@@ -54,16 +40,16 @@ Note that this example may create resources which cost money. Run `terraform des
 | <a name="module_lambda_function"></a> [lambda\_function](#module\_lambda\_function) | terraform-aws-modules/lambda/aws | ~> 8.0 |
 | <a name="module_log_bucket"></a> [log\_bucket](#module\_log\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 |
 | <a name="module_records"></a> [records](#module\_records) | terraform-aws-modules/route53/aws//modules/records | ~> 5.0 |
-| <a name="module_s3_one"></a> [s3\_one](#module\_s3\_one) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 |
+| <a name="module_s3"></a> [s3](#module\_s3) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
 | [aws_cloudfront_function.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_function) | resource |
-| [aws_s3_bucket_policy.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
 | [null_resource.download_package](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 | [aws_canonical_user_id.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/canonical_user_id) | data source |
 | [aws_cloudfront_log_delivery_canonical_user_id.cloudfront](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudfront_log_delivery_canonical_user_id) | data source |
 | [aws_iam_policy_document.s3_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |