From 2e692c74327d136d7bfe5153b1cecdbb6da16079 Mon Sep 17 00:00:00 2001 From: Venkata Mutyala Date: Wed, 13 Mar 2024 22:04:24 -0700 Subject: [PATCH 1/4] chore: update TLS support to latest recommended from AWS TLSv1.2_2021 --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 7bd9af9..50b3c70 100644 --- a/variables.tf +++ b/variables.tf @@ -215,7 +215,7 @@ variable "price_class" { variable "viewer_minimum_protocol_version" { type = string description = "The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections." - default = "TLSv1" + default = "TLSv1.2_2021" } variable "viewer_protocol_policy" { From 68060e1bef3ec79241f976a0c794d5a282a78d50 Mon Sep 17 00:00:00 2001 From: Venkata Mutyala Date: Thu, 14 Mar 2024 23:05:58 +0000 Subject: [PATCH 2/4] chore: update docs --- README.md | 2 +- docs/terraform.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c27ea7a..e9f625a 100644 --- a/README.md +++ b/README.md @@ -207,7 +207,7 @@ Available targets: | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | | [trusted\_signers](#input\_trusted\_signers) | List of AWS account IDs (or self) that you want to allow to create signed URLs for private content | `list(string)` | `[]` | no | -| [viewer\_minimum\_protocol\_version](#input\_viewer\_minimum\_protocol\_version) | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. | `string` | `"TLSv1"` | no | +| [viewer\_minimum\_protocol\_version](#input\_viewer\_minimum\_protocol\_version) | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. | `string` | `"TLSv1.2_2021"` | no | | [viewer\_protocol\_policy](#input\_viewer\_protocol\_policy) | allow-all, redirect-to-https | `string` | `"redirect-to-https"` | no | | [web\_acl\_id](#input\_web\_acl\_id) | ID of the AWS WAF web ACL that is associated with the distribution | `string` | `""` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 529251c..7488d47 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -102,7 +102,7 @@ | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | | [trusted\_signers](#input\_trusted\_signers) | List of AWS account IDs (or self) that you want to allow to create signed URLs for private content | `list(string)` | `[]` | no | -| [viewer\_minimum\_protocol\_version](#input\_viewer\_minimum\_protocol\_version) | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. | `string` | `"TLSv1"` | no | +| [viewer\_minimum\_protocol\_version](#input\_viewer\_minimum\_protocol\_version) | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. | `string` | `"TLSv1.2_2021"` | no | | [viewer\_protocol\_policy](#input\_viewer\_protocol\_policy) | allow-all, redirect-to-https | `string` | `"redirect-to-https"` | no | | [web\_acl\_id](#input\_web\_acl\_id) | ID of the AWS WAF web ACL that is associated with the distribution | `string` | `""` | no | From aa93f5b860d5510e12551f42573f96cb6e3b2ad0 Mon Sep 17 00:00:00 2001 From: Venkata Mutyala Date: Sat, 16 Mar 2024 18:01:53 -0700 Subject: [PATCH 3/4] chore: update description/docs for viewer_minimum_protocol_version Co-authored-by: Joe Niland --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 50b3c70..af7bf4e 100644 --- a/variables.tf +++ b/variables.tf @@ -214,7 +214,7 @@ variable "price_class" { variable "viewer_minimum_protocol_version" { type = string - description = "The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections." + description = "The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. This is ignored if the default CloudFront certificate is used." default = "TLSv1.2_2021" } From 06849d4f03924d5602bd0e2c0fb2b98a4cc04b90 Mon Sep 17 00:00:00 2001 From: Venkata Mutyala Date: Mon, 18 Mar 2024 23:10:40 +0000 Subject: [PATCH 4/4] chore: update README.md and terraform.md --- README.md | 2 +- docs/terraform.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e9f625a..efd2971 100644 --- a/README.md +++ b/README.md @@ -207,7 +207,7 @@ Available targets: | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | | [trusted\_signers](#input\_trusted\_signers) | List of AWS account IDs (or self) that you want to allow to create signed URLs for private content | `list(string)` | `[]` | no | -| [viewer\_minimum\_protocol\_version](#input\_viewer\_minimum\_protocol\_version) | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. | `string` | `"TLSv1.2_2021"` | no | +| [viewer\_minimum\_protocol\_version](#input\_viewer\_minimum\_protocol\_version) | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. This is ignored if the default CloudFront certificate is used. | `string` | `"TLSv1.2_2021"` | no | | [viewer\_protocol\_policy](#input\_viewer\_protocol\_policy) | allow-all, redirect-to-https | `string` | `"redirect-to-https"` | no | | [web\_acl\_id](#input\_web\_acl\_id) | ID of the AWS WAF web ACL that is associated with the distribution | `string` | `""` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 7488d47..af5cb43 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -102,7 +102,7 @@ | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | | [trusted\_signers](#input\_trusted\_signers) | List of AWS account IDs (or self) that you want to allow to create signed URLs for private content | `list(string)` | `[]` | no | -| [viewer\_minimum\_protocol\_version](#input\_viewer\_minimum\_protocol\_version) | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. | `string` | `"TLSv1.2_2021"` | no | +| [viewer\_minimum\_protocol\_version](#input\_viewer\_minimum\_protocol\_version) | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. This is ignored if the default CloudFront certificate is used. | `string` | `"TLSv1.2_2021"` | no | | [viewer\_protocol\_policy](#input\_viewer\_protocol\_policy) | allow-all, redirect-to-https | `string` | `"redirect-to-https"` | no | | [web\_acl\_id](#input\_web\_acl\_id) | ID of the AWS WAF web ACL that is associated with the distribution | `string` | `""` | no |