Skip to content

Allow origin_shield configuration for custom_origins and s3_origins #341

New issue
New issue
Open
#345
Open
Allow origin_shield configuration for custom_origins and s3_origins#341
#345
@atimofeev

Description

@atimofeev
atimofeev
opened on Jun 4, 2025

Describe the Feature

Ability to enable origin_shield for any additional origins.

Expected Behavior

Similar to current behavior for setting up origin_shield on the main s3 origin, we should be able to configure this for any additional origins.

Use Case

Complex custom configuration, which requires origin_shield on selected additional origins.

Describe Ideal Solution

Expand configuration of custom_origins & s3_origins:

custom_origins = list(object({
  domain_name = string
  origin_id   = string
  origin_path = string
  origin_access_control_id = string
  custom_headers = list(object({
    name  = string
    value = string
  }))
  custom_origin_config = object({
    http_port                = number
    https_port               = number
    origin_protocol_policy   = string
    origin_ssl_protocols     = list(string)
    origin_keepalive_timeout = number
    origin_read_timeout      = number
  })
  origin_shield = optional(object({
    enabled = optional(bool, false)
    region  = optional(string, null)
  }), null)
}))
s3_origins = list(object({
  domain_name = string
  origin_id   = string
  origin_path = string
  origin_access_control_id = string
  s3_origin_config = object({
    origin_access_identity = string
  })
  origin_shield = optional(object({
    enabled = optional(bool, false)
    region  = optional(string, null)
  }), null)
}))

Alternatives Considered

No response

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions