From 9fb2262ba86fc917bf73232a20accbd049506231 Mon Sep 17 00:00:00 2001
From: Chris Hudson <itschrishudson@gmail.com>
Date: Wed, 10 Nov 2021 16:10:31 -0500
Subject: [PATCH] Add response headers policy input for CloudFront
 distributions default behaviour (#76)

* Updated Readme and docs

* Add new variable for response_header_policy to default behaviour
---
 README.md         |  1 +
 docs/terraform.md |  1 +
 main.tf           | 13 +++++++------
 variables.tf      |  6 ++++++
 4 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index cc39c45..1997134 100644
--- a/README.md
+++ b/README.md
@@ -239,6 +239,7 @@ Available targets:
 | <a name="input_price_class"></a> [price\_class](#input\_price\_class) | Price class for this distribution: `PriceClass_All`, `PriceClass_200`, `PriceClass_100` | `string` | `"PriceClass_100"` | no |
 | <a name="input_realtime_log_config_arn"></a> [realtime\_log\_config\_arn](#input\_realtime\_log\_config\_arn) | The ARN of the real-time log configuration that is attached to this cache behavior | `string` | `null` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| <a name="input_response_headers_policy_id"></a> [response\_headers\_policy\_id](#input\_response\_headers\_policy\_id) | The identifier for a response headers policy | `string` | `""` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
 | <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index e52955d..f0b712f 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -95,6 +95,7 @@
 | <a name="input_price_class"></a> [price\_class](#input\_price\_class) | Price class for this distribution: `PriceClass_All`, `PriceClass_200`, `PriceClass_100` | `string` | `"PriceClass_100"` | no |
 | <a name="input_realtime_log_config_arn"></a> [realtime\_log\_config\_arn](#input\_realtime\_log\_config\_arn) | The ARN of the real-time log configuration that is attached to this cache behavior | `string` | `null` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| <a name="input_response_headers_policy_id"></a> [response\_headers\_policy\_id](#input\_response\_headers\_policy\_id) | The identifier for a response headers policy | `string` | `""` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
 | <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
diff --git a/main.tf b/main.tf
index 4ae68f2..289e3be 100644
--- a/main.tf
+++ b/main.tf
@@ -124,12 +124,13 @@ resource "aws_cloudfront_distribution" "default" {
   }
 
   default_cache_behavior {
-    allowed_methods          = var.allowed_methods
-    cached_methods           = var.cached_methods
-    cache_policy_id          = var.cache_policy_id
-    origin_request_policy_id = var.origin_request_policy_id
-    target_origin_id         = module.this.id
-    compress                 = var.compress
+    allowed_methods            = var.allowed_methods
+    cached_methods             = var.cached_methods
+    cache_policy_id            = var.cache_policy_id
+    origin_request_policy_id   = var.origin_request_policy_id
+    target_origin_id           = module.this.id
+    compress                   = var.compress
+    response_headers_policy_id = var.response_headers_policy_id
 
     dynamic "forwarded_values" {
       # If a cache policy or origin request policy is specified, we cannot include a `forwarded_values` block at all in the API request
diff --git a/variables.tf b/variables.tf
index 9caef96..e38f24a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -239,6 +239,12 @@ variable "origin_request_policy_id" {
   description = "ID of the origin request policy attached to the cache behavior"
 }
 
+variable "response_headers_policy_id" {
+  type        = string
+  description = "The identifier for a response headers policy"
+  default     = ""
+}
+
 variable "default_ttl" {
   type        = number
   default     = 60