Skip to main content

Amazon CloudFront

Overview

The AWS CloudFront Module provides a reusable and scalable way to provision and manage Amazon CloudFront distributions using Terraform.
It abstracts the complexity of configuring CloudFront resources and enables developers to define content delivery infrastructure with minimal effort while following AWS best practices.

This module supports both resource creation and data sources for managing CloudFront distributions, origins, and behaviors in a consistent and modular way.

Features

  • 🚀 Reusable & Modular – Predefined structure for resources and data modules.
  • 🔐 Security Best Practices – Supports HTTPS-only traffic, origin access control, and WAF integration.
  • Performance Optimization – Leverage caching behaviors, edge locations, and origin groups.
  • 📜 Logging & Monitoring – Enable access logs, real-time metrics, and CloudWatch integration.
  • 🌍 Global Content Delivery – Distribute static and dynamic content to users with low latency.
  • 🧩 Extensible – Easy to integrate with S3, ALB, API Gateway, or custom origins.

Core Concepts

  1. Resources Module

    • Creates and manages CloudFront distributions and related configurations.
    • Includes support for:
      • Origins (S3, ALB, API Gateway, or custom)
      • Default cache behavior
      • Additional cache behaviors
      • Viewer protocol policies (HTTP/HTTPS)
      • SSL/TLS certificates
      • Logging and monitoring

  2. Data Module

    • Fetches information about existing CloudFront distributions.
    • Useful for referencing distribution attributes, domain names, and integrating with other AWS resources.

  3. Behaviors Management

    • Supports defining caching policies, response headers, and origin request policies.
    • Provides flexibility to optimize performance and enforce security.

  4. Separation of Concerns

    • resources/ handles CloudFront distribution creation and configuration.
    • data/ is focused on reading and referencing existing CloudFront distributions.
    • This separation ensures clarity, reusability, and modular design.

Sample Usage

# DEPLOY ANANTA CLOUD'S CLOUDFRONT MODULE

module "cloudfront_distribution" {
  source = "github.com/anantacloud/terraform-aws-cloudfront-module/modules/resources"

  # ==========================
  # REQUIRED VARIABLES
  # ==========================
  origin_id   = "s3-origin"
  domain_name = "my-app-bucket.s3.amazonaws.com"

  # ==========================
  # OPTIONAL VARIABLES
  # ==========================
  default_cache_behavior = {
    viewer_protocol_policy = "redirect-to-https"
    allowed_methods        = ["GET", "HEAD"]
    cached_methods         = ["GET", "HEAD"]
  }

  viewer_certificate = {
    acm_certificate_arn      = "arn:aws:acm:us-east-1:123456789012:certificate/abcd-1234"
    ssl_support_method       = "sni-only"
    minimum_protocol_version = "TLSv1.2_2021"
  }

  logging_config = {
    bucket = "my-log-bucket.s3.amazonaws.com"
    prefix = "cloudfront-logs/"
  }

  tags = {
    Environment = "dev"
    Project     = "cdn-app"
  }
}

Required

NameDescriptionTypeExample
origin_idIdentifier for the originstring"s3-origin"
domain_nameDomain name of the origin (S3, ALB, or custom)string"my-app-bucket.s3.amazonaws.com"

Optional

NameDescriptionTypeDefault
default_cache_behaviorDefines the default cache behaviorobjectnull
viewer_certificateSSL/TLS certificate configurationobjectnull
logging_configConfigure CloudFront access loggingobjectnull
tagsAdd custom tags to the CloudFront distributionmap{}