Merge pull request #6 from clouddrove/TF-15

add enabled value
clouddrove · Sep 21, 2020 · 639c272 · 639c272
2 parents 9e4967c + e91b046
commit 639c272
Show file tree

Hide file tree

Showing 8 changed files with 126 additions and 90 deletions.
diff --git a/README.md b/README.md
diff --git a/README.yaml b/README.yaml
@@ -40,7 +40,7 @@ usage : |-
   ### CDN With Basic Bucket
   ```hcl
         module "cdn" {
-          source                 = "git::https://github.com/clouddrove/terraform-aws-cloudfront-cdn.git?ref=tags/0.12.0"
+          source                 = "git::https://github.com/clouddrove/terraform-aws-cloudfront-cdn.git?ref=tags/0.12.1"
           name                   = "basic-cdn"
           application            = "clouddrove"
           environment            = "test"
@@ -58,7 +58,7 @@ usage : |-
   ### CDN With Secure Bucket
   ```hcl
         module "cdn" {
-          source                 = "git::https://github.com/clouddrove/terraform-aws-cloudfront-cdn.git?ref=tags/0.12.0"
+          source                 = "git::https://github.com/clouddrove/terraform-aws-cloudfront-cdn.git?ref=tags/0.12.1"
           name                   = "secure-cdn"
           application            = "clouddrove"
           environment            = "test"
@@ -77,7 +77,7 @@ usage : |-
   ### CDN With Domain
   ```hcl
       module "cdn" {
-        source                 = "git::https://github.com/clouddrove/terraform-aws-cloudfront-cdn.git?ref=tags/0.12.0"
+        source                 = "git::https://github.com/clouddrove/terraform-aws-cloudfront-cdn.git?ref=tags/0.12.1"
         name                   = "domain-cdn"
         application            = "clouddrove"
         environment            = "test"

diff --git a/_example/bucket-basic/example.tf b/_example/bucket-basic/example.tf
@@ -1,5 +1,5 @@
 provider "aws" {
-  region = "eu-west-1"
+  region = "us-east-1"
 }
 
 module "s3_bucket" {
@@ -14,6 +14,22 @@ module "s3_bucket" {
   versioning     = true
   acl            = "private"
   bucket_enabled = true
+  bucket_policy           = true
+  aws_iam_policy_document = data.aws_iam_policy_document.s3_policy.json
+}
+
+data "aws_iam_policy_document" "s3_policy" {
+  version = "2012-10-17"
+  statement {
+    sid    = "1"
+    effect = "Allow"
+    principals {
+      type        = "AWS"
+      identifiers = ["arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity xxxxxxxxxxxxx"]
+    }
+    actions   = ["s3:GetObject"]
+    resources = [format("%s/*", module.s3_bucket.arn)]
+  }
 }
 
 module "acm" {
@@ -30,7 +46,7 @@ module "acm" {
 }
 
 module "cdn" {
-  source = "git::https://github.com/clouddrove/terraform-aws-cloudfront-cdn.git?ref=tags/0.12.0"
+  source = "./../../"
 
   name        = "basic-cdn"
   application = "clouddrove"

diff --git a/_example/bucket-secure/example.tf b/_example/bucket-secure/example.tf
@@ -30,7 +30,7 @@ module "acm" {
 }
 
 module "cdn" {
-  source = "git::https://github.com/clouddrove/terraform-aws-cloudfront-cdn.git?ref=tags/0.12.0"
+  source = "./../../"
 
   name        = "secure-cdn"
   application = "clouddrove"

diff --git a/_example/domain-cdn/example.tf b/_example/domain-cdn/example.tf
@@ -16,7 +16,7 @@ module "acm" {
 }
 
 module "cdn" {
-  source = "git::https://github.com/clouddrove/terraform-aws-cloudfront-cdn.git?ref=tags/0.12.0"
+  source = "./../../"
 
   name        = "domain-cdn"
   application = "clouddrove"

diff --git a/main.tf b/main.tf
@@ -12,13 +12,14 @@ module "labels" {
   name        = var.name
   application = var.application
   environment = var.environment
+  managedby   = var.managedby
   label_order = var.label_order
 }
 
 # Module      : CLOUDFRONT ORIGIN ACCESS IDENENTITY
 # Description : Creates an Amazon CloudFront origin access identity
 resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
-  count   = var.enabled_bucket == true ? 1 : 0
+  count   = var.cdn_enabled == true && var.enabled_bucket == true ? 1 : 0
   comment = format("access-identity-%s.s3.amazonaws.com", var.bucket_name)
 }
 
@@ -29,7 +30,7 @@ locals {
 # Module      : CLOUDFRONT DISTRIBUSTION
 # Description : Creates an Amazon CloudFront web distribution
 resource "aws_cloudfront_distribution" "bucket" {
-  count = var.enabled_bucket == true ? 1 : 0
+  count = var.cdn_enabled == true && var.enabled_bucket == true ? 1 : 0
 
   enabled             = var.enabled
   is_ipv6_enabled     = var.is_ipv6_enabled
@@ -95,7 +96,7 @@ resource "aws_cloudfront_distribution" "bucket" {
 # Module      : CLOUDFRONT CussDISTRIBUSTION
 # Description : Creates an Amazon CloudFront web distribution
 resource "aws_cloudfront_distribution" "domain" {
-  count = var.custom_domain == true ? 1 : 0
+  count = var.cdn_enabled == true && var.custom_domain == true ? 1 : 0
 
   enabled             = var.enabled
   is_ipv6_enabled     = var.is_ipv6_enabled
@@ -168,7 +169,7 @@ resource "aws_cloudfront_distribution" "domain" {
 # Module      : CLOUDFRONT PUBLIC KEY
 # Description : Creates a CloudFront public key
 resource "aws_cloudfront_public_key" "default" {
-  count = var.public_key_enable == true ? 1 : 0
+  count = var.cdn_enabled == true && var.public_key_enable == true ? 1 : 0
 
   comment     = var.comment
   encoded_key = file(var.public_key)

diff --git a/output.tf b/output.tf
@@ -1,49 +1,49 @@
 # Module      : CLOUDFRONT DISTRIBUSTION
 # Description : Creates an Amazon CloudFront web distribution
 output "id" {
-  value = concat(
+  value = var.cdn_enabled ? concat(
     aws_cloudfront_distribution.bucket.*.id,
     aws_cloudfront_distribution.domain.*.id
-  )[0]
+  )[0] : ""
   description = "The identifier for the distribution."
 }
 
 output "arn" {
-  value = concat(
+  value = var.cdn_enabled ? concat(
     aws_cloudfront_distribution.bucket.*.arn,
     aws_cloudfront_distribution.domain.*.arn
-  )[0]
+  )[0] : ""
   description = "The ARN (Amazon Resource Name) for the distribution."
 }
 
 output "status" {
-  value = concat(
+  value = var.cdn_enabled ? concat(
     aws_cloudfront_distribution.bucket.*.status,
     aws_cloudfront_distribution.domain.*.status
-  )[0]
+  )[0] : ""
   description = "The current status of the distribution."
 }
 
 output "domain_name" {
-  value = concat(
+  value = var.cdn_enabled ? concat(
     aws_cloudfront_distribution.bucket.*.domain_name,
     aws_cloudfront_distribution.domain.*.domain_name
-  )[0]
+  )[0] : ""
   description = "The domain name corresponding to the distribution."
 }
 
 output "etag" {
-  value = concat(
+  value = var.cdn_enabled ? concat(
     aws_cloudfront_distribution.bucket.*.etag,
     aws_cloudfront_distribution.domain.*.etag
-  )[0]
+  )[0] : ""
   description = "The current version of the distribution's information."
 }
 output "hosted_zone_id" {
-  value = concat(
+  value = var.cdn_enabled ? concat(
     aws_cloudfront_distribution.bucket.*.hosted_zone_id,
     aws_cloudfront_distribution.domain.*.hosted_zone_id
-  )[0]
+  )[0] : ""
   description = "The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to."
 }
 

diff --git a/variables.tf b/variables.tf
@@ -24,6 +24,12 @@ variable "label_order" {
   description = "Label order, e.g. `name`,`application`."
 }
 
+variable "managedby" {
+  type        = string
+  default     = "anmol@clouddrove.com"
+  description = "ManagedBy, eg 'CloudDrove' or 'AnmolNagpal'."
+}
+
 variable "attributes" {
   type        = list
   default     = []
@@ -294,4 +300,10 @@ variable "web_acl_id" {
   type        = string
   default     = ""
   description = "Web ACL ID that can be attached to the Cloudfront distribution."
+}
+
+variable "cdn_enabled" {
+  type        = bool
+  default     = true
+  description = "Select Enabled if you want to created CloudFront."
 }