Make minimim_protocol_version configurable (#20)

jschaul · osterman · commit b082a139d3cf · 2018-07-27T11:35:50.000-07:00
diff --git a/README.md b/README.md
@@ -112,6 +112,7 @@ Available targets:
 | log_standard_transition_days | Number of days to persist in the standard storage tier before moving to the glacier tier | string | `30` | no |
 | max_ttl | Maximum amount of time (in seconds) that an object is in a CloudFront cache | string | `31536000` | no |
 | min_ttl | Minimum amount of time that you want objects to stay in CloudFront caches | string | `0` | no |
+| minimum_protocol_version | Cloudfront TLS minimum protocol version | string | `TLSv1` | no |
 | name | Name  (e.g. `bastion` or `db`) | string | - | yes |
 | namespace | Namespace (e.g. `cp` or `cloudposse`) | string | - | yes |
 | null | an empty string | string | `` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
@@ -32,6 +32,7 @@
 | log_standard_transition_days | Number of days to persist in the standard storage tier before moving to the glacier tier | string | `30` | no |
 | max_ttl | Maximum amount of time (in seconds) that an object is in a CloudFront cache | string | `31536000` | no |
 | min_ttl | Minimum amount of time that you want objects to stay in CloudFront caches | string | `0` | no |
+| minimum_protocol_version | Cloudfront TLS minimum protocol version | string | `TLSv1` | no |
 | name | Name  (e.g. `bastion` or `db`) | string | - | yes |
 | namespace | Namespace (e.g. `cp` or `cloudposse`) | string | - | yes |
 | null | an empty string | string | `` | no |
diff --git a/main.tf b/main.tf
@@ -132,7 +132,7 @@ resource "aws_cloudfront_distribution" "default" {
   viewer_certificate {
     acm_certificate_arn            = "${var.acm_certificate_arn}"
     ssl_support_method             = "sni-only"
-    minimum_protocol_version       = "TLSv1"
+    minimum_protocol_version       = "${var.minimum_protocol_version}"
     cloudfront_default_certificate = "${var.acm_certificate_arn == "" ? true : false}"
   }
 
diff --git a/variables.tf b/variables.tf
@@ -41,6 +41,11 @@ variable "acm_certificate_arn" {
   default     = ""
 }
 
+variable "minimum_protocol_version" {
+  description = "Cloudfront TLS minimum protocol version"
+  default     = "TLSv1"
+}
+
 variable "aliases" {
   type        = "list"
   description = "List of FQDN's - Used to set the Alternate Domain Names (CNAMEs) setting on Cloudfront"

Original file line number	Diff line number	Diff line change
`@@ -132,7 +132,7 @@ resource "aws_cloudfront_distribution" "default" {`
`132`	`132`	`viewer_certificate {`
`133`	`133`	`acm_certificate_arn = "${var.acm_certificate_arn}"`
`134`	`134`	`ssl_support_method = "sni-only"`
`135`		`- minimum_protocol_version = "TLSv1"`
	`135`	`+ minimum_protocol_version = "${var.minimum_protocol_version}"`
`136`	`136`	`cloudfront_default_certificate = "${var.acm_certificate_arn == "" ? true : false}"`
`137`	`137`	`}`
`138`	`138`