tedilabs · posquit0 · Oct 10, 2022 · Oct 10, 2022
@@ -5,3 +5,5 @@
 - modules/cache-policy/**/*
 ":floppy_disk: origin-request-policy":
 - modules/origin-request-policy/**/*
+":floppy_disk: response-headers-policy":
+- modules/response-headers-policy/**/*
@@ -49,3 +49,6 @@
 - color: "fbca04"
   description: "This issue or pull request is related to origin-request-policy module."
   name: ":floppy_disk: origin-request-policy"
+- color: "fbca04"
+  description: "This issue or pull request is related to response-headers-policy module."
+  name: ":floppy_disk: response-headers-policy"
@@ -17,6 +17,7 @@ Terraform Modules from [this package](https://github.com/tedilabs/terraform-aws-
   - Policies
     - Cache Policy
     - Origin Request Policy
+    - Resposne Headers Policy
 
 
 ## Self Promotion

@@ -52,3 +52,42 @@ module "origin_request_policy" {
     behavior = "ALL"
   }
 }
+
+module "response_headers_policy" {
+  source = "../../modules/response-headers-policy"
+  # source  = "tedilabs/cloudfront/aws//modules/response-headers-policy"
+  # version = "~> 0.2.0"
+
+  name        = "example-response-headers-policy"
+  description = "Managed by Terraform."
+
+  cors = {
+    enabled  = true
+    override = true
+
+    access_control_allow_credentials = false
+    access_control_allow_headers     = ["*"]
+    access_control_allow_methods     = ["ALL"]
+    access_control_allow_origins     = ["*"]
+    access_control_expose_headers    = []
+    access_control_max_age           = 600
+  }
+
+  custom_headers = [
+    {
+      name     = "X-Foo"
+      value    = "Bar"
+      override = false
+    },
+    {
+      name     = "X-Bar"
+      value    = "Baz"
+      override = true
+    },
+  ]
+
+  server_timing_header = {
+    enabled       = true
+    sampling_rate = 50.0
+  }
+}
@@ -5,3 +5,7 @@ output "cache_policy" {
 output "origin_request_policy" {
   value = module.origin_request_policy
 }
+
+output "response_headers_policy" {
+  value = module.response_headers_policy
+}
@@ -33,9 +33,9 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_name"></a> [name](#input\_name) | (Required) A unique name to identify the CloudFront Cache Policy. | `string` | n/a | yes |
-| <a name="input_cache_keys_in_cookies"></a> [cache\_keys\_in\_cookies](#input\_cache\_keys\_in\_cookies) | (Optional) A configuraiton for specifying which cookies to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_cookies` as defined below.<br>    (Required) `behavior` - Determine whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`.<br>    (Optional) `items` - A list of cookie names. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_cache_keys_in_headers"></a> [cache\_keys\_in\_headers](#input\_cache\_keys\_in\_headers) | (Optional) A configuraiton for specifying which headers to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_headers` as defined below.<br>    (Required) `behavior` - Determine whether any headers in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`.<br>    (Optional) `items` - A list of header names. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_cache_keys_in_query_strings"></a> [cache\_keys\_in\_query\_strings](#input\_cache\_keys\_in\_query\_strings) | (Optional) A configuraiton for specifying which query strings to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_query_strings` as defined below.<br>    (Required) `behavior` - Determine whether any query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`.<br>    (Optional) `items` - A list of query string names. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_cache_keys_in_cookies"></a> [cache\_keys\_in\_cookies](#input\_cache\_keys\_in\_cookies) | (Optional) A configuraiton for specifying which cookies to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_cookies` as defined below.<br>    (Required) `behavior` - Determine whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST` or `BLACKLIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_cache_keys_in_headers"></a> [cache\_keys\_in\_headers](#input\_cache\_keys\_in\_headers) | (Optional) A configuraiton for specifying which headers to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_headers` as defined below.<br>    (Required) `behavior` - Determine whether any headers in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`. Defaults to `NONE`.<br>    (Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_cache_keys_in_query_strings"></a> [cache\_keys\_in\_query\_strings](#input\_cache\_keys\_in\_query\_strings) | (Optional) A configuraiton for specifying which query strings to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_query_strings` as defined below.<br>    (Required) `behavior` - Determine whether any query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST` or `BLACKLIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
 | <a name="input_default_ttl"></a> [default\_ttl](#input\_default\_ttl) | (Optional) The default time to live in seconds. The amount of time is that you want objects to stay in the CloudFront cache before another request to the origin to see if the object has been updated. Defaults to `86400` (one day). | `number` | `86400` | no |
 | <a name="input_description"></a> [description](#input\_description) | (Optional) The description of the cache policy. | `string` | `"Managed by Terraform."` | no |
 | <a name="input_max_ttl"></a> [max\_ttl](#input\_max\_ttl) | (Optional) The maximum time to live in seconds. The amount of time is that you want objects to stay in the CloudFront cache before another request to the origin to see if the object has been updated. Defaults to `31536000` (one year). | `number` | `31536000` | no |

@@ -49,8 +49,8 @@ variable "supported_compression_formats" {
 variable "cache_keys_in_cookies" {
   description = <<EOF
   (Optional) A configuraiton for specifying which cookies to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_cookies` as defined below.
-    (Required) `behavior` - Determine whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`.
-    (Optional) `items` - A list of cookie names.
+    (Required) `behavior` - Determine whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.
+    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST` or `BLACKLIST`.
   EOF
   type = object({
     behavior = optional(string, "NONE")
@@ -68,8 +68,8 @@ variable "cache_keys_in_cookies" {
 variable "cache_keys_in_headers" {
   description = <<EOF
   (Optional) A configuraiton for specifying which headers to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_headers` as defined below.
-    (Required) `behavior` - Determine whether any headers in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`.
-    (Optional) `items` - A list of header names.
+    (Required) `behavior` - Determine whether any headers in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`. Defaults to `NONE`.
+    (Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST`.
   EOF
   type = object({
     behavior = optional(string, "NONE")
@@ -87,8 +87,8 @@ variable "cache_keys_in_headers" {
 variable "cache_keys_in_query_strings" {
   description = <<EOF
   (Optional) A configuraiton for specifying which query strings to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_query_strings` as defined below.
-    (Required) `behavior` - Determine whether any query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`.
-    (Optional) `items` - A list of query string names.
+    (Required) `behavior` - Determine whether any query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.
+    (Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST` or `BLACKLIST`.
   EOF
   type = object({
     behavior = optional(string, "NONE")

@@ -34,9 +34,9 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_name"></a> [name](#input\_name) | (Required) A unique name to identify the CloudFront Origin Request Policy. | `string` | n/a | yes |
 | <a name="input_description"></a> [description](#input\_description) | (Optional) The description of the origin request policy. | `string` | `"Managed by Terraform."` | no |
-| <a name="input_forwarding_cookies"></a> [forwarding\_cookies](#input\_forwarding\_cookies) | (Optional) A configuraiton for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.<br>    (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`.<br>    (Optional) `items` - A list of cookie names. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_forwarding_headers"></a> [forwarding\_headers](#input\_forwarding\_headers) | (Optional) A configuraiton for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.<br>    (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`.<br>    (Optional) `items` - A list of header names. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_forwarding_query_strings"></a> [forwarding\_query\_strings](#input\_forwarding\_query\_strings) | (Optional) A configuraiton for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.<br>    (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`.<br>    (Optional) `items` - A list of query string names. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_forwarding_cookies"></a> [forwarding\_cookies](#input\_forwarding\_cookies) | (Optional) A configuraiton for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.<br>    (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_forwarding_headers"></a> [forwarding\_headers](#input\_forwarding\_headers) | (Optional) A configuraiton for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.<br>    (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.<br>    (Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_forwarding_query_strings"></a> [forwarding\_query\_strings](#input\_forwarding\_query\_strings) | (Optional) A configuraiton for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.<br>    (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
 
 ## Outputs
 

@@ -13,8 +13,8 @@ variable "description" {
 variable "forwarding_cookies" {
   description = <<EOF
   (Optional) A configuraiton for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.
-    (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`.
-    (Optional) `items` - A list of cookie names.
+    (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.
+    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST`.
   EOF
   type = object({
     behavior = optional(string, "NONE")
@@ -32,8 +32,8 @@ variable "forwarding_cookies" {
 variable "forwarding_headers" {
   description = <<EOF
   (Optional) A configuraiton for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.
-    (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`.
-    (Optional) `items` - A list of header names.
+    (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.
+    (Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`.
   EOF
   type = object({
     behavior = optional(string, "NONE")
@@ -51,8 +51,8 @@ variable "forwarding_headers" {
 variable "forwarding_query_strings" {
   description = <<EOF
   (Optional) A configuraiton for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.
-    (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`.
-    (Optional) `items` - A list of query string names.
+    (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.
+    (Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST`.
   EOF
   type = object({
     behavior = optional(string, "NONE")