Skip to content

AWS CloudFront Distribution

udx-github edited this page May 27, 2026 · 3 revisions

Creates an AWS CloudFront distribution for a Rabbit-backed service.

Use this module when a site needs CloudFront in front of an origin, optional failover, path-specific cache behavior, custom headers, WAF, ACM certificates, and access logging.

Features

  • Multiple origins with custom headers.
  • Origin groups for failover.
  • Default and ordered cache behaviors.
  • Optional Lambda@Edge and CloudFront Functions.
  • Custom cache and origin request policies.
  • Custom error responses.
  • WAF and ACM certificate integration.
  • CloudFront access logging.

Required Inputs

At minimum, provide an origin, a default cache behavior, an ACM certificate ARN appropriate for your aliases, and a logging bucket/prefix for CloudFront access logs.

The module ships with Rabbit-oriented defaults. Public callers should override site-specific values such as aliases, certificate ARN, origins, cache behavior targets, tags, and logging_s3.

Notes

  • Set lambda_enabled: false on a behavior when Lambda@Edge should not be attached.
  • Use enabled: false on an ordered cache behavior to exclude it from the generated distribution.
  • custom_headers is a map of header names to values.
  • acm_certificate_arn is the certificate ARN used by the CloudFront viewer certificate block.
  • Placeholders such as #{Environment} and #{Lifecycle} are resolved by R2A during deployment.

Example

services:
  - name: "AWS CloudFront Distribution"
    module: "aws-cloudfront-distribution"
    id: "my-site-cloudfront"
    configurations:
      region: "us-east-1"
      aliases:
        - "www.example.com"
      acm_certificate_arn: "arn:aws:acm:us-east-1:123456789012:certificate/example"
      viewer_certificate:
        ssl_support_method: "sni-only"
        minimum_protocol_version: "TLSv1.2_2021"
        cloudfront_default_certificate: false
      logging_s3:
        bucket: "cloudfront-logs.example.com"
        prefix: "www.example.com"
        output_format: "w3c"
      origins:
        app:
          origin_id: "app"
          domain_name: "app.example.com"
          custom_origin_config:
            http_port: 80
            https_port: 443
            origin_protocol_policy: "https-only"
            origin_ssl_protocols: ["TLSv1.2"]
          custom_headers:
            "x-set-lifecycle": "#{Lifecycle}"
      default_cache_behavior:
        target_origin_id: "app"
        viewer_protocol_policy: "redirect-to-https"
        allowed_methods: ["GET", "HEAD", "OPTIONS"]
        cached_methods: ["GET", "HEAD"]
        compress: true
        cache_policy_name: "Managed-CachingOptimized"
        origin_request_policy_name: "Managed-AllViewer"

Clone this wiki locally