Allow specifying Cloudfront origins

Author: Stretch96

README.md

@@ -86,6 +86,7 @@ Terraform module to host a static site generated by Publii
 | <a name="input_cloudfront_enable_ipv6"></a> [cloudfront\_enable\_ipv6](#input\_cloudfront\_enable\_ipv6) | Enable IPv6 on CloudFront | `bool` | `true` | no |
 | <a name="input_cloudfront_enable_waf"></a> [cloudfront\_enable\_waf](#input\_cloudfront\_enable\_waf) | Enable CloudFront WAF | `bool` | `true` | no |
 | <a name="input_cloudfront_ordered_cache_behaviors"></a> [cloudfront\_ordered\_cache\_behaviors](#input\_cloudfront\_ordered\_cache\_behaviors) | List of ordered\_cache\_behavior objects. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#cache-behavior-arguments | `any` | `[]` | no |
+| <a name="input_cloudfront_orgins"></a> [cloudfront\_orgins](#input\_cloudfront\_orgins) | List of origin objects. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#origin-arguments | `any` | `[]` | no |
 | <a name="input_cloudfront_tls_certificate_arn"></a> [cloudfront\_tls\_certificate\_arn](#input\_cloudfront\_tls\_certificate\_arn) | CloudFront TLS certificate ARN (must be created in us-east-1 region) | `string` | `""` | no |
 | <a name="input_enable_publii_pretty_urls"></a> [enable\_publii\_pretty\_urls](#input\_enable\_publii\_pretty\_urls) | If you hae enabled 'Pretty URLs' in Publii, set this to true | `bool` | `false` | no |
 | <a name="input_route53_hosted_zone_options"></a> [route53\_hosted\_zone\_options](#input\_route53\_hosted\_zone\_options) | If you have a Route53 zone, the required DNS records can be created automatically. | <pre>object({<br>    id                                        = string<br>    create_certificate_dns_validation_records = bool<br>    create_site_url_dns_records               = bool<br>  })</pre> | <pre>{<br>  "create_certificate_dns_validation_records": false,<br>  "create_site_url_dns_records": false,<br>  "id": ""<br>}</pre> | no |

cloudfront-frontend.tf

@@ -12,6 +12,59 @@ resource "aws_cloudfront_distribution" "frontend" {
     }
   }
 
+  # copied/borrowed from https://github.com/terraform-aws-modules/terraform-aws-cloudfront/blob/master/main.tf
+  dynamic "origin" {
+    for_each = local.cloudfront_origins
+
+    content {
+      domain_name         = origin.value.domain_name
+      origin_id           = lookup(origin.value, "origin_id", origin.key)
+      origin_path         = lookup(origin.value, "origin_path", "")
+      connection_attempts = lookup(origin.value, "connection_attempts", null)
+      connection_timeout  = lookup(origin.value, "connection_timeout", null)
+
+      dynamic "s3_origin_config" {
+        for_each = length(keys(lookup(origin.value, "s3_origin_config", {}))) == 0 ? [] : [lookup(origin.value, "s3_origin_config", {})]
+
+        content {
+          origin_access_identity = lookup(s3_origin_config.value, "cloudfront_access_identity_path", lookup(lookup(aws_cloudfront_origin_access_identity.this, lookup(s3_origin_config.value, "origin_access_identity", ""), {}), "cloudfront_access_identity_path", null))
+        }
+      }
+
+      dynamic "custom_origin_config" {
+        for_each = length(lookup(origin.value, "custom_origin_config", "")) == 0 ? [] : [lookup(origin.value, "custom_origin_config", "")]
+
+        content {
+          http_port                = custom_origin_config.value.http_port
+          https_port               = custom_origin_config.value.https_port
+          origin_protocol_policy   = custom_origin_config.value.origin_protocol_policy
+          origin_ssl_protocols     = custom_origin_config.value.origin_ssl_protocols
+          origin_keepalive_timeout = lookup(custom_origin_config.value, "origin_keepalive_timeout", null)
+          origin_read_timeout      = lookup(custom_origin_config.value, "origin_read_timeout", null)
+        }
+      }
+
+      dynamic "custom_header" {
+        for_each = lookup(origin.value, "custom_header", [])
+
+        content {
+          name  = custom_header.value.name
+          value = custom_header.value.value
+        }
+      }
+
+      dynamic "origin_shield" {
+        for_each = length(keys(lookup(origin.value, "origin_shield", {}))) == 0 ? [] : [lookup(origin.value, "origin_shield", {})]
+
+        content {
+          enabled              = origin_shield.value.enabled
+          origin_shield_region = origin_shield.value.origin_shield_region
+        }
+      }
+    }
+  }
+  ##
+
   enabled = true
   aliases = local.cloudfront_enable_apex_to_www_redirect ? [
     "www.${local.site_url}"

locals.tf

@@ -9,4 +9,5 @@ locals {
   enable_publii_pretty_urls              = var.enable_publii_pretty_urls
   route53_hosted_zone_options            = var.route53_hosted_zone_options
   cloudfront_ordered_cache_behaviors     = var.cloudfront_ordered_cache_behaviors
+  cloudfront_origins                     = var.cloudfront_origins
 }

variables.tf

@@ -33,6 +33,12 @@ variable "cloudfront_enable_apex_to_www_redirect" {
   default     = true
 }
 
+variable "cloudfront_orgins" {
+  description = "List of origin objects. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#origin-arguments"
+  type        = any
+  default     = []
+}
+
 variable "cloudfront_ordered_cache_behaviors" {
   description = "List of ordered_cache_behavior objects. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#cache-behavior-arguments"
   type        = any