Added Cloudfront custom error responses (#27)

README.md

@@ -80,6 +80,7 @@ In order to run all checks at any point run the following command:
 | <a name="input_cloudfront_allowed_cached_methods"></a> [cloudfront\_allowed\_cached\_methods](#input\_cloudfront\_allowed\_cached\_methods) | (Optional) Specifies which methods are allowed and cached by CloudFront. Can be GET, PUT, POST, DELETE or HEAD. Defaults to GET and HEAD | `list(string)` | <pre>[<br>  "GET",<br>  "HEAD"<br>]</pre> | no |
 | <a name="input_cloudfront_default_root_object"></a> [cloudfront\_default\_root\_object](#input\_cloudfront\_default\_root\_object) | (Optional) - The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. Defaults to index.html | `string` | `"index.html"` | no |
 | <a name="input_cloudfront_function_association"></a> [cloudfront\_function\_association](#input\_cloudfront\_function\_association) | (Optional) Map containing information to associate a function to cloudfront. The first field is `event_type` of the function associated with default cache behavior, it can be viewer-request, viewer-response, origin-request, origin-response. The second field is `function_arn`, the ARN of the function associated with default cache behavior | <pre>object({<br>    event_type   = string<br>    function_arn = string<br>  })</pre> | `null` | no |
+| <a name="input_cloudfront_custom_error_responses"></a> [cloudfront\_custom\_error\_responses](#input\_cloudfront\_custom\_erro\r_responses) | (Optional) A list of Cloudfront custome error messages objects | <pre>list(<br> object({ <br>error_caching_min_ttl = number<br>error_code = number <br>response_code = number<br>response_page_path = string <br>}))</pre> | `[]` | no |
 | <a name="input_cloudfront_geo_restriction_locations"></a> [cloudfront\_geo\_restriction\_locations](#input\_cloudfront\_geo\_restriction\_locations) | (Optional) - The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist). Defaults to [] | `list(string)` | `[]` | no |
 | <a name="input_cloudfront_geo_restriction_type"></a> [cloudfront\_geo\_restriction\_type](#input\_cloudfront\_geo\_restriction\_type) | The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist. Defaults to none | `string` | `"none"` | no |
 | <a name="input_cloudfront_http_version"></a> [cloudfront\_http\_version](#input\_cloudfront\_http\_version) | (Optional) - The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2. | `string` | `"http2"` | no |

variables.tf

@@ -169,6 +169,17 @@ variable "cloudfront_function_association" {
   default = null
 }
 
+variable "cloudfront_custom_error_responses" {
+  description = "A list of custom error responses"
+  type = list(object({
+    error_caching_min_ttl = number
+    error_code            = number
+    response_code         = number
+    response_page_path    = string
+  }))
+  default = []
+}
+
 variable "cloudfront_default_root_object" {
   description = "(Optional) - The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. Defaults to index.html"
   type        = string

website.tf

@@ -149,6 +149,16 @@ resource "aws_cloudfront_distribution" "website" { # tfsec:ignore:AWS045
     }
   }
 
+  dynamic "custom_error_response" {
+    for_each = var.cloudfront_custom_error_responses
+    content {
+      error_caching_min_ttl = custom_error_response.value.error_caching_min_ttl
+      error_code            = custom_error_response.value.error_code
+      response_code         = custom_error_response.value.response_code
+      response_page_path    = custom_error_response.value.response_page_path
+    }
+  }
+
   default_root_object = var.cloudfront_default_root_object
   enabled             = true
   is_ipv6_enabled     = var.is_ipv6_enabled