cloudfront_distribution: field_level_encription_id is now a mandatory…

… field

Setting the field to an empty string has the same effect as the original behaviour.

changelogs/fragments/61271-cloudfront_distribution-encryptionid.yml

@@ -0,0 +1,2 @@
+bugfixes:
+- cloudfront_distribution - Always add field_level_encryption_id to cache behaviour to match AWS requirements

lib/ansible/modules/cloud/amazon/cloudfront_distribution.py

@@ -1575,11 +1575,12 @@ def validate_lambda_function_associations(self, config, lambda_function_associat
             self.module.fail_json_aws(e, msg="Error validating lambda function associations")
 
     def validate_field_level_encryption_id(self, config, field_level_encryption_id, cache_behavior):
-        # only set field_level_encryption_id if it's already set or if it was passed
         if field_level_encryption_id is not None:
             cache_behavior['field_level_encryption_id'] = field_level_encryption_id
         elif 'field_level_encryption_id' in config:
             cache_behavior['field_level_encryption_id'] = config.get('field_level_encryption_id')
+        else:
+            cache_behavior['field_level_encryption_id'] = ""
         return cache_behavior
 
     def validate_allowed_methods(self, config, allowed_methods, cache_behavior):