From 7582ce8e5e83ac6349b3a15f97bebaba6caa3ddb Mon Sep 17 00:00:00 2001
From: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Date: Wed, 31 Jan 2024 08:21:59 +0100
Subject: [PATCH 1/2] adding-default-value-if-logging-not-defined-2.x

---
 roles/aws/aws_cloudfront_distribution/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/aws/aws_cloudfront_distribution/tasks/main.yml b/roles/aws/aws_cloudfront_distribution/tasks/main.yml
index 30716ba58..4e416f5a8 100644
--- a/roles/aws/aws_cloudfront_distribution/tasks/main.yml
+++ b/roles/aws/aws_cloudfront_distribution/tasks/main.yml
@@ -14,7 +14,7 @@
     purge_origins: "{{ aws_cloudfront_distribution.purge_existing }}"
     purge_aliases: "{{ aws_cloudfront_distribution.purge_existing }}"
     purge_tags: "{{ aws_cloudfront_distribution.purge_existing }}"
-    logging: "{{ aws_cloudfront_distribution.logging }}"
+    logging: "{{ aws_cloudfront_distribution.logging | default('') }}"
     purge_cache_behaviors: "{{ aws_cloudfront_distribution.purge_existing }}"
     enabled: "{{ aws_cloudfront_distribution.enabled }}"
   register: _aws_cloudfront_distribution
\ No newline at end of file

From fa03a9f968f443fae80e5a5db263ab4571e9b378 Mon Sep 17 00:00:00 2001
From: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Date: Wed, 31 Jan 2024 08:23:28 +0100
Subject: [PATCH 2/2] adding-example-for-logging

---
 .../defaults/main.yml                         | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/roles/aws/aws_cloudfront_distribution/defaults/main.yml b/roles/aws/aws_cloudfront_distribution/defaults/main.yml
index 6a015b54b..93ee7c91d 100644
--- a/roles/aws/aws_cloudfront_distribution/defaults/main.yml
+++ b/roles/aws/aws_cloudfront_distribution/defaults/main.yml
@@ -1,4 +1,29 @@
 ---
+# Uncomment cf_acl to create firewall rules for Cloudfront distro
+#cf_acl:
+#  rate_limit: 600
+#  scope: "CLOUDFRONT" # Can be "REGIONAL"
+#  region: "us-east-1" # If scope is set to CLOUDFRONT, region must be us-east-1, even though docs say it will be skipped
+#
+#  ip_allow
+#    name: "Allowed-ips"
+#    list:
+#    - 1.1.1.1/32
+#    - 2.2.2.2/32
+#    - 3.3.3.3/32
+#
+#  ip_block:
+#    name: "Blocked-ips"
+#    list:
+#    - 4.4.4.4/32
+#    - 5.5.5.5/32
+#    - 6.6.6.6/32
+#
+#  cc_block_list:
+#    - BY # Belarus
+#    - CN # China
+#    - IR # Iran
+#    - SA # Saudi Arabia
 aws_cloudfront_distribution:
   aws_profile: "{{ _aws_profile }}"
   region: "{{ _aws_region }}"
@@ -61,3 +86,8 @@ aws_cloudfront_distribution:
   cache_behaviors: [] # A list of cache behaviors same as default_cache_behavior with additional path_pattern var required.
   enabled: true
   purge_existing: true # Set to false to append entries instead of replacing them.
+#  logging:
+#    bucket: "" # URL of S3 bucket to store logs
+#    enabled: false # Set true to allow logging
+#    include_cookies: false # Set true to add cookies in logs
+#    prefix: "" # Prefix for S3 object names
\ No newline at end of file