Allow specifying CloudFront ordered cache behaviours

Author: Stretch96

README.md

@@ -85,6 +85,7 @@ Terraform module to host a static site generated by Publii
 | <a name="input_cloudfront_enable_apex_to_www_redirect"></a> [cloudfront\_enable\_apex\_to\_www\_redirect](#input\_cloudfront\_enable\_apex\_to\_www\_redirect) | Enable CloudFront apex to www redirect | `bool` | `true` | no |
 | <a name="input_cloudfront_enable_ipv6"></a> [cloudfront\_enable\_ipv6](#input\_cloudfront\_enable\_ipv6) | Enable IPv6 on CloudFront | `bool` | `true` | no |
 | <a name="input_cloudfront_enable_waf"></a> [cloudfront\_enable\_waf](#input\_cloudfront\_enable\_waf) | Enable CloudFront WAF | `bool` | `true` | no |
+| <a name="input_cloudfront_ordered_cache_behaviors"></a> [cloudfront\_ordered\_cache\_behaviors](#input\_cloudfront\_ordered\_cache\_behaviors) | List of ordered\_cache\_behavior objects. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#cache-behavior-arguments | `list(map(any))` | `[]` | no |
 | <a name="input_cloudfront_tls_certificate_arn"></a> [cloudfront\_tls\_certificate\_arn](#input\_cloudfront\_tls\_certificate\_arn) | CloudFront TLS certificate ARN (must be created in us-east-1 region) | `string` | `""` | no |
 | <a name="input_enable_publii_pretty_urls"></a> [enable\_publii\_pretty\_urls](#input\_enable\_publii\_pretty\_urls) | If you hae enabled 'Pretty URLs' in Publii, set this to true | `bool` | `false` | no |
 | <a name="input_route53_hosted_zone_options"></a> [route53\_hosted\_zone\_options](#input\_route53\_hosted\_zone\_options) | If you have a Route53 zone, the required DNS records can be created automatically. | <pre>object({<br>    id                                        = string<br>    create_certificate_dns_validation_records = bool<br>    create_site_url_dns_records               = bool<br>  })</pre> | <pre>{<br>  "create_certificate_dns_validation_records": false,<br>  "create_site_url_dns_records": false,<br>  "id": ""<br>}</pre> | no |

cloudfront-frontend.tf

@@ -59,6 +59,72 @@ resource "aws_cloudfront_distribution" "frontend" {
     response_page_path = "/404.html"
   }
 
+  ## borrowed/copied from https://github.com/terraform-aws-modules/terraform-aws-cloudfront/blob/master/main.tf
+  dynamic "ordered_cache_behavior" {
+    for_each = local.cloudfront_ordered_cache_behaviors
+    iterator = i
+
+    content {
+      path_pattern           = i.value["path_pattern"]
+      target_origin_id       = i.value["target_origin_id"]
+      viewer_protocol_policy = i.value["viewer_protocol_policy"]
+
+      allowed_methods           = lookup(i.value, "allowed_methods", ["GET", "HEAD", "OPTIONS"])
+      cached_methods            = lookup(i.value, "cached_methods", ["GET", "HEAD"])
+      compress                  = lookup(i.value, "compress", null)
+      field_level_encryption_id = lookup(i.value, "field_level_encryption_id", null)
+      smooth_streaming          = lookup(i.value, "smooth_streaming", null)
+      trusted_signers           = lookup(i.value, "trusted_signers", null)
+      trusted_key_groups        = lookup(i.value, "trusted_key_groups", null)
+
+      cache_policy_id            = lookup(i.value, "cache_policy_id", null)
+      origin_request_policy_id   = lookup(i.value, "origin_request_policy_id", null)
+      response_headers_policy_id = lookup(i.value, "response_headers_policy_id", null)
+      realtime_log_config_arn    = lookup(i.value, "realtime_log_config_arn", null)
+
+      min_ttl     = lookup(i.value, "min_ttl", null)
+      default_ttl = lookup(i.value, "default_ttl", null)
+      max_ttl     = lookup(i.value, "max_ttl", null)
+
+      dynamic "forwarded_values" {
+        for_each = lookup(i.value, "use_forwarded_values", true) ? [true] : []
+
+        content {
+          query_string            = lookup(i.value, "query_string", false)
+          query_string_cache_keys = lookup(i.value, "query_string_cache_keys", [])
+          headers                 = lookup(i.value, "headers", [])
+
+          cookies {
+            forward           = lookup(i.value, "cookies_forward", "none")
+            whitelisted_names = lookup(i.value, "cookies_whitelisted_names", null)
+          }
+        }
+      }
+
+      dynamic "lambda_function_association" {
+        for_each = lookup(i.value, "lambda_function_association", [])
+        iterator = l
+
+        content {
+          event_type   = l.key
+          lambda_arn   = l.value.lambda_arn
+          include_body = lookup(l.value, "include_body", null)
+        }
+      }
+
+      dynamic "function_association" {
+        for_each = lookup(i.value, "function_association", [])
+        iterator = f
+
+        content {
+          event_type   = f.key
+          function_arn = f.value.function_arn
+        }
+      }
+    }
+  }
+  ##
+
   price_class = "PriceClass_100"
 
   restrictions {

locals.tf

@@ -8,4 +8,5 @@ locals {
   cloudfront_enable_apex_to_www_redirect = var.cloudfront_enable_apex_to_www_redirect
   enable_publii_pretty_urls              = var.enable_publii_pretty_urls
   route53_hosted_zone_options            = var.route53_hosted_zone_options
+  cloudfront_ordered_cache_behaviors     = var.cloudfront_ordered_cache_behaviors
 }

variables.tf

@@ -33,6 +33,12 @@ variable "cloudfront_enable_apex_to_www_redirect" {
   default     = true
 }
 
+variable "cloudfront_ordered_cache_behaviors" {
+  description = "List of ordered_cache_behavior objects. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#cache-behavior-arguments"
+  type        = list(map(any))
+  default     = []
+}
+
 variable "enable_publii_pretty_urls" {
   description = "If you hae enabled 'Pretty URLs' in Publii, set this to true"
   type        = bool