v0.23.0

Add response headers policy input for CloudFront distributions default behaviour @itschrishudson (#76)

what

• Adds an input to pass a response headers policy ID into the CloudFront distribution in the default cache behaviour.

why

• AWS have recently released the ability to generate response header policies to add response headers for CORS/Security and custom use cases instead of setting at the origin or using a Lambda.
• The current module does not allow you to pass in the ID of a policy in order to associate it with a the CloudFront distributions default behaviour.

references

• https://aws.amazon.com/blogs/networking-and-content-delivery/amazon-cloudfront-introduces-response-headers-policies/
• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#response_headers_policy_id
• Part of solution to #75
• Implemented in cloudposse/terraform-aws-cloudfront-s3-cdn#195

v0.22.1

🚀 Enhancements

Add support for realtime log config @linhkikuchi (#72)

what

To add support for realtime log config on cloudfront for cloudfront-cdn module

v0.22.0

Adding Lambda@Edge and Function association @justnom (#68)

what

• CloudFront function association for default cache behaviour and ordered cache behaviour
• Lambda@Edge function association for default cache behaviour

why

• These were missing and were provided by the https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/.

references

• https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/

v0.21.3

🤖 Automatic Updates

Update Terraform cloudposse/s3-log-storage/aws to v0.24.1 @renovate (#63)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/s3-log-storage/aws (source)	module	minor	0.20.0 -> 0.24.1

---

Release Notes

cloudposse/terraform-aws-s3-log-storage

v0.24.1

Compare Source

🤖 Automatic Updates

Update context.tf @​cloudpossebot (#​59)

#### what This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label` #### why To support all the features of the `context` interface.

v0.24.0

Compare Source

Add variable access_log_bucket_prefix to customize S3 access log configuration @​adamantike (#​57)

#### What Allow changing the prefix to be used in the specified S3 bucket for access logs. Maintain current prefix as default value, for backwards compatibility. #### Why This is useful for projects using different standards (e.g. path with bucket name in the root folder).

v0.23.0

Compare Source

add allow_ssl_requests_only flag @​mcalhoun (#​56)

#### what

• fix bug from #​55

why

• There was a missing data "aws_partition"

v0.22.0

Compare Source

add allow_ssl_requests_only flag @​mcalhoun (#​55)

#### what

• Add the allow_ssl_requests_only flag to force the bucket to be accessed via TLS only

why

• AWS Foundational Security Best practices indicate S3 buckets should require requests to use Secure Socket Layer

references

• https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#s3-5-remediation

v0.21.0

Compare Source

added versioning mfa delete enabled option @​chafnan (#​54)

#### what This adds the option to turn on MFA Delete for the bucket. * Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) * Use bullet points to be concise and to the point. #### why issue #​48 does a good job explaining, but pasted important information below

Security best practices for CloudTrail logs that are stored in S3 recommend MFA Delete be enabled.
https://www.cloudconformity.com/knowledge-base/aws/CloudTrail/cloudtrail-bucket-mfa-delete-enabled.html

references

closes #​48

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.21.2

🤖 Automatic Updates

Update Terraform cloudposse/label/null to v0.25.0 @renovate (#66)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/label/null (source)	module	minor	0.24.1 -> 0.25.0

---

Release Notes

cloudposse/terraform-null-label

v0.25.0

Compare Source

Add "tenant", "labels_as_tags", and "descriptors" @​Nuru (#​132)

#### what - Add additional label and `id` component: `tenant` - New input `labels_as_tags` controls which labels are exported as tags - New input `descriptor_formats` generates new output `descriptors` - Update README, remove link to obsolete `terraform-terraform-label` #### why - Support users that host resources on behalf of and/or dedicated to single customers - Supersedes and closes #​131, giving people control over which tags the module generates - Simple mechanism for creating multiple identifiers from the same inputs, reducing the need to create multiple instances of `null-label` - Document `tenant`, `labels_as_tags`, `descriptor_formats`, add additional clarification, stop promoting obsolete module

Fix: Update README Snippets @​korenyoni (#​130)

#### what * Update README snippets to reflect use of Terraform Registry. #### why * Including snippets that reflect use of the Terraform Registry make it easier for users to quickly instantiate a null_label module. * README is out of date and does not include snippets that reflect use of the Terraform Registry. #### references * N/A

Bridgecrew compliance @​Nuru (#​125)

#### what - Resolve Bridgecrew compliance complaint about example Autoscaling Group (BC_AWS_GENERAL_31) - Fix typo in README - Include Terraform lock file in `.gitignore` #### why - Get clean Bridgecrew badge - Correct confusing error - Ensure lock files are not checked into GitHub #### note The PR can and should be merged into `master` to update README and Bridgecrew without triggering a new release/version. These changes have no effect on the actual module in use and a release will create unnecessary ripple effects. However, merging to `master` will update the README and badges, so is worthwhile, and the changes will move forward into the next release.

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.21.1

🤖 Automatic Updates

Update context.tf @cloudpossebot (#67)

what

This is an auto-generated PR that updates the context.tf file to the latest version from cloudposse/terraform-null-label

why

To support all the features of the context interface.

v0.21.0

Fix incorrect type declaration @paulerickson (#64)

what

• Correctly indicate types in variable definition

why

• There are number, bool, string, and list attributes, but the type is map, which can only contain values of a single type, so type checking prevents configuring custom_origin_config

example errors

With explicit tomap

Error: Invalid function argument
  on main.tf line 131, in module "router":
 131:       custom_origin_config = tomap({
 132:         http_port                = 80
 133:         https_port               = 443
 134:         origin_protocol_policy   = "https-only"
 135:         origin_ssl_protocols     = ["my", "favorite", "protocols"]
 136:         origin_keepalive_timeout = 12345
 137:         origin_read_timeout      = 12345
 138:       })
Invalid value for "v" parameter: cannot convert object to map of any single
type.

With {} syntax

he given value is not suitable for child module variable "custom_origins"
defined at .terraform/modules/router/variables.tf:322,1-26: element 0:
attribute "custom_origin_config": all map elements must have the same type.
…
  81:       custom_origin_config = {
  82:         http_port                = 80
  83:         https_port               = 443
  84:         origin_protocol_policy   = "https-only"
  85:         origin_ssl_protocols     = ["my", "favorite", "protocols"]
  86:         origin_keepalive_timeout = 12345
  87:         origin_read_timeout      = 12345
  88:       }
…

v0.20.0

Add missing inputs to the wordpress example @evertonevaristo (#62)

There are two missing properties in the locals dict,

cache_policy_id             = ""
origin_request_policy_id    = ""

what

• Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
• Use bullet points to be concise and to the point.

why

• Provide the justifications for the changes (e.g. business case).
• Describe why these changes were made (e.g. why do these commits fix the problem?)
• Use bullet points to be concise and to the point.

references

• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
• Use closes #123, if this PR closes a GitHub issue #123

v0.19.0

Adding custom_origins variable @justnom (#61)

what

• Adding the ability to add multiple origins
• Duplicated from: cloudposse/terraform-aws-cloudfront-s3-cdn#78

why

• Allow more origins to be referenced in the ordered_cache block.

v0.18.0

Adding Origin Request Policy for cache behaviours @justnom (#60)

what

• Adds the Origin Request Policy attribute to the CloudFront distribution cache behaviours
• Nullifies any cache forwarded values if non-legacy cache behaviours are set. Taken from @dmattia PR.

why

• Allow the user to provide a custom Origin Request Policy for the underlying CloudFront distribution

references

• Terraform - aws_cloudfront_origin_request_policy
• Terraform - aws_cloudfront_distribution -> origin_request_policy_id