-
Notifications
You must be signed in to change notification settings - Fork 0
AWS CloudFront Distribution
udx-github edited this page May 27, 2026
·
3 revisions
Creates an AWS CloudFront distribution for a Rabbit-backed service.
Use this module when a site needs CloudFront in front of an origin, optional failover, path-specific cache behavior, custom headers, WAF, ACM certificates, and access logging.
- Multiple origins with custom headers.
- Origin groups for failover.
- Default and ordered cache behaviors.
- Optional Lambda@Edge and CloudFront Functions.
- Custom cache and origin request policies.
- Custom error responses.
- WAF and ACM certificate integration.
- CloudFront access logging.
At minimum, provide an origin, a default cache behavior, an ACM certificate ARN appropriate for your aliases, and a logging bucket/prefix for CloudFront access logs.
The module ships with Rabbit-oriented defaults. Public callers should override site-specific values such as aliases, certificate ARN, origins, cache behavior targets, tags, and logging_s3.
- Set
lambda_enabled: falseon a behavior when Lambda@Edge should not be attached. - Use
enabled: falseon an ordered cache behavior to exclude it from the generated distribution. -
custom_headersis a map of header names to values. -
acm_certificate_arnis the certificate ARN used by the CloudFront viewer certificate block. - Placeholders such as
#{Environment}and#{Lifecycle}are resolved by R2A during deployment.
services:
- name: "AWS CloudFront Distribution"
module: "aws-cloudfront-distribution"
id: "my-site-cloudfront"
configurations:
region: "us-east-1"
aliases:
- "www.example.com"
acm_certificate_arn: "arn:aws:acm:us-east-1:123456789012:certificate/example"
viewer_certificate:
ssl_support_method: "sni-only"
minimum_protocol_version: "TLSv1.2_2021"
cloudfront_default_certificate: false
logging_s3:
bucket: "cloudfront-logs.example.com"
prefix: "www.example.com"
output_format: "w3c"
origins:
app:
origin_id: "app"
domain_name: "app.example.com"
custom_origin_config:
http_port: 80
https_port: 443
origin_protocol_policy: "https-only"
origin_ssl_protocols: ["TLSv1.2"]
custom_headers:
"x-set-lifecycle": "#{Lifecycle}"
default_cache_behavior:
target_origin_id: "app"
viewer_protocol_policy: "redirect-to-https"
allowed_methods: ["GET", "HEAD", "OPTIONS"]
cached_methods: ["GET", "HEAD"]
compress: true
cache_policy_name: "Managed-CachingOptimized"
origin_request_policy_name: "Managed-AllViewer"- AWS ACM Certificate
- AWS CloudFormation Stack
- AWS CloudFront Distribution
- AWS CloudFront Response Headers Policy
- AWS Route53 DNS
- AWS WAF
- GCP GKE Cluster
- GCP GKE Node Pool
- GCP IAM
- GCP Monitoring
- GCP Networking
- GCP PostgreSQL Instance
- GCP Secret Manager
- GCP SQL Instance
- GCP Static IP
- GCP Storage
- Ghost Inspector Sync
- K8s Access
- K8s ConfigMap
- K8s Deployment
- K8s HPA
- K8s HTTP Gateway Route
- K8s HTTP Health Check Policy
- K8s Memcached
- K8s Namespace
- K8s PDB
- K8s Secret
- K8s Service
- K8s Shared HTTP Gateway
- NewRelic APM Browser
- NewRelic Synthetic Monitors