fix: Updates

bryantbiggs · bryantbiggs · commit cfe50feed7e6 · 2025-11-27T08:57:48.000-06:00
diff --git a/README.md b/README.md
@@ -139,13 +139,13 @@ module "cdn" {
     #   }
     # }
 
-    # Option 2: Dynamic reference to module-managed functions by name
+    # Option 2: Dynamic reference to module-managed functions by key/name
     function_association = {
       viewer-request = {
-        function_name = "viewer-request-function"
+        function_key = "viewer-request-function"
       }
       viewer-response = {
-        function_name = "viewer-response-function"
+        function_key = "viewer-response-function"
       }
     }
   }
@@ -157,48 +157,6 @@ module "cdn" {
 }
 ```
 
-**CloudFront Functions Features:**
-
-- **Lightweight JavaScript execution** at CloudFront edge locations
-- **Sub-millisecond execution** for viewer request/response modifications
-- **Runtime options**: `cloudfront-js-1.0` (10KB limit) or `cloudfront-js-2.0` (30KB limit, default)
-- **Event types**: viewer-request, viewer-response (not origin-request/response)
-- **Key-Value Store integration**: Associate functions with CloudFront KeyValueStore (max 1 per function)
-- **Cost-effective**: Lower cost than Lambda@Edge for simple transformations
-
-**Common use cases:**
-
-- URL redirects and rewrites
-- Request/response header manipulation
-- Access control and authentication
-- A/B testing and feature flags
-- Cache key normalization
-
-**Usage Pattern Note:**
-
-The module supports two flexible patterns for associating CloudFront Functions with cache behaviors:
-
-1. **Direct ARN Reference** (`function_arn`): Pass the ARN directly from external `aws_cloudfront_function` resources
-
-   ```hcl
-   function_association = {
-     viewer-request = {
-       function_arn = aws_cloudfront_function.external.arn
-     }
-   }
-   ```
-
-2. **Dynamic Name Reference** (`function_name`): Reference module-managed functions by their map key
-   ```hcl
-   function_association = {
-     viewer-request = {
-       function_name = "viewer-request-function"  # Key from cloudfront_functions map
-     }
-   }
-   ```
-
-The module automatically resolves function ARNs using Terraform's `try()` function, checking for `function_arn` first, then falling back to `function_name` lookup in module-created functions. This eliminates circular dependency issues while maintaining flexibility.
-
 ## Examples
 
 - [Complete](https://github.com/terraform-aws-modules/terraform-aws-cloudfront/tree/master/examples/complete) - Complete example which creates AWS CloudFront distribution and integrates it with other [terraform-aws-modules](https://github.com/terraform-aws-modules) to create additional resources: S3 buckets, Lambda Functions, CloudFront Functions, VPC Origins, ACM Certificate, Route53 Records.
@@ -208,7 +166,7 @@ The module automatically resolves function ARNs using Terraform's `try()` functi
 - `Error: updating CloudFront Distribution (ETXXXXXXXXXXXX): InvalidArgument: The parameter ForwardedValues cannot be used when a cache policy is associated to the cache behavior.`
   - When defining a behavior in `ordered_cache_behavior` and `default_cache_behavior` with a cache policy, you must specify `use_forwarded_values = false`.
 
-```
+```hcl
 ordered_cache_behavior = [{
   path_pattern           = "/my/path"
   target_origin_id       = "my-origin"
@@ -261,7 +219,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_aliases"></a> [aliases](#input\_aliases) | Extra CNAMEs (alternate domain names), if any, for this distribution. | `list(string)` | `null` | no |
-| <a name="input_cloudfront_functions"></a> [cloudfront\_functions](#input\_cloudfront\_functions) | Map of CloudFront Function configurations. Key is used as default function name if 'name' not specified. | <pre>map(object({<br/>    name                         = optional(string)<br/>    runtime                      = optional(string, "cloudfront-js-2.0")<br/>    comment                      = optional(string)<br/>    publish                      = optional(bool)<br/>    code                         = string<br/>    key_value_store_associations = optional(list(string))<br/>  }))</pre> | `{}` | no |
+| <a name="input_cloudfront_functions"></a> [cloudfront\_functions](#input\_cloudfront\_functions) | Map of CloudFront Function configurations. Key is used as default function name if 'name' not specified. | <pre>map(object({<br/>    name                         = optional(string)<br/>    runtime                      = optional(string, "cloudfront-js-2.0")<br/>    comment                      = optional(string)<br/>    publish                      = optional(bool)<br/>    code                         = string<br/>    key_value_store_associations = optional(list(string))<br/>  }))</pre> | `null` | no |
 | <a name="input_comment"></a> [comment](#input\_comment) | Any comments you want to include about the distribution. | `string` | `null` | no |
 | <a name="input_continuous_deployment_policy_id"></a> [continuous\_deployment\_policy\_id](#input\_continuous\_deployment\_policy\_id) | Identifier of a continuous deployment policy. This argument should only be set on a production distribution. | `string` | `null` | no |
 | <a name="input_create_cloudfront_function"></a> [create\_cloudfront\_function](#input\_create\_cloudfront\_function) | Controls if CloudFront Functions should be created | `bool` | `false` | no |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -187,14 +187,14 @@ module "cloudfront" {
           function_arn = aws_cloudfront_function.example.arn
         }
 
-        # Option 2: Dynamic reference to module-managed function by name
+        # Option 2: Dynamic reference to module-managed function by key/name
         # Uncomment to use module-managed functions instead:
         # viewer-request = {
-        #   function_name = "viewer-request-security"
+        #   function_key = "viewer-request-security"
         # }
 
         # viewer-response = {
-        #   function_name = "viewer-response-headers"
+        #   function_key = "viewer-response-headers"
         # }
 
         # For this example, using standalone function for both
diff --git a/main.tf b/main.tf
@@ -217,11 +217,6 @@ resource "aws_cloudfront_distribution" "this" {
   web_acl_id                      = var.web_acl_id
   tags                            = var.tags
 
-  # Ensure CloudFront Functions are created before the distribution
-  depends_on = [
-    aws_cloudfront_function.this
-  ]
-
   dynamic "logging_config" {
     for_each = length(keys(var.logging_config)) == 0 ? [] : [var.logging_config]
 
@@ -372,7 +367,7 @@ resource "aws_cloudfront_distribution" "this" {
 
         content {
           event_type   = f.key
-          function_arn = lookup(f.value, "function_arn", try(aws_cloudfront_function.this[lookup(f.value, "function_name", "")].arn, null))
+          function_arn = lookup(f.value, "function_arn", try(aws_cloudfront_function.this[f.value.function_key].arn, null))
         }
       }
 
@@ -488,6 +483,10 @@ resource "aws_cloudfront_distribution" "this" {
       }
     }
   }
+
+  depends_on = [
+    aws_cloudfront_function.this
+  ]
 }
 
 resource "aws_cloudfront_monitoring_subscription" "this" {
diff --git a/variables.tf b/variables.tf
@@ -304,13 +304,5 @@ variable "cloudfront_functions" {
     code                         = string
     key_value_store_associations = optional(list(string))
   }))
-  default = {}
-
-  validation {
-    condition = alltrue([
-      for k, v in var.cloudfront_functions :
-      contains(["cloudfront-js-1.0", "cloudfront-js-2.0"], v.runtime)
-    ])
-    error_message = "Runtime must be 'cloudfront-js-1.0' or 'cloudfront-js-2.0'. Provided runtime is invalid."
-  }
+  default = null
 }
diff --git a/wrappers/main.tf b/wrappers/main.tf
@@ -4,7 +4,7 @@ module "wrapper" {
   for_each = var.items
 
   aliases                         = try(each.value.aliases, var.defaults.aliases, null)
-  cloudfront_functions            = try(each.value.cloudfront_functions, var.defaults.cloudfront_functions, {})
+  cloudfront_functions            = try(each.value.cloudfront_functions, var.defaults.cloudfront_functions, null)
   comment                         = try(each.value.comment, var.defaults.comment, null)
   continuous_deployment_policy_id = try(each.value.continuous_deployment_policy_id, var.defaults.continuous_deployment_policy_id, null)
   create_cloudfront_function      = try(each.value.create_cloudfront_function, var.defaults.create_cloudfront_function, false)

Original file line number	Diff line number	Diff line change
`@@ -217,11 +217,6 @@ resource "aws_cloudfront_distribution" "this" {`
`217`	`217`	`web_acl_id = var.web_acl_id`
`218`	`218`	`tags = var.tags`
`219`	`219`
`220`		`- # Ensure CloudFront Functions are created before the distribution`
`221`		`- depends_on = [`
`222`		`- aws_cloudfront_function.this`
`223`		`- ]`
`224`		`-`
`225`	`220`	`dynamic "logging_config" {`
`226`	`221`	`for_each = length(keys(var.logging_config)) == 0 ? [] : [var.logging_config]`
`227`	`222`
`@@ -372,7 +367,7 @@ resource "aws_cloudfront_distribution" "this" {`
`372`	`367`
`373`	`368`	`content {`
`374`	`369`	`event_type = f.key`
`375`		`- function_arn = lookup(f.value, "function_arn", try(aws_cloudfront_function.this[lookup(f.value, "function_name", "")].arn, null))`
	`370`	`+ function_arn = lookup(f.value, "function_arn", try(aws_cloudfront_function.this[f.value.function_key].arn, null))`
`376`	`371`	`}`
`377`	`372`	`}`
`378`	`373`
`@@ -488,6 +483,10 @@ resource "aws_cloudfront_distribution" "this" {`
`488`	`483`	`}`
`489`	`484`	`}`
`490`	`485`	`}`
	`486`	`+`
	`487`	`+ depends_on = [`
	`488`	`+ aws_cloudfront_function.this`
	`489`	`+ ]`
`491`	`490`	`}`
`492`	`491`
`493`	`492`	`resource "aws_cloudfront_monitoring_subscription" "this" {`