feat(origins): added optional origin_shield section for additional

atimofeev · atimofeev · commit 5de57d3c8caa · 2025-06-14T21:42:12.000+02:00
origins: custom_origins &amp; s3_origins
diff --git a/main.tf b/main.tf
@@ -570,6 +570,14 @@ resource "aws_cloudfront_distribution" "default" {
         origin_keepalive_timeout = lookup(origin.value.custom_origin_config, "origin_keepalive_timeout", 60)
         origin_read_timeout      = lookup(origin.value.custom_origin_config, "origin_read_timeout", 60)
       }
+
+      dynamic "origin_shield" {
+        for_each = origin.value.origin_shield != null ? [origin.value.origin_shield] : []
+        content {
+          enabled              = origin_shield.value.enabled
+          origin_shield_region = origin_shield.value.region
+        }
+      }
     }
   }
 
@@ -589,6 +597,14 @@ resource "aws_cloudfront_distribution" "default" {
           origin_access_identity = local.origin_access_identity_enabled && try(length(origin.value.s3_origin_config.origin_access_identity), 0) > 0 ? origin.value.s3_origin_config.origin_access_identity : local.origin_access_identity_enabled ? local.cf_access.path : ""
         }
       }
+
+      dynamic "origin_shield" {
+        for_each = origin.value.origin_shield != null ? [origin.value.origin_shield] : []
+        content {
+          enabled              = origin_shield.value.enabled
+          origin_shield_region = origin_shield.value.region
+        }
+      }
     }
   }
 
diff --git a/variables.tf b/variables.tf
@@ -464,6 +464,10 @@ variable "custom_origins" {
       origin_keepalive_timeout = number
       origin_read_timeout      = number
     })
+    origin_shield = optional(object({
+      enabled = optional(bool, false)
+      region  = optional(string, null)
+    }), null)
   }))
   default     = []
   description = <<-EOT
@@ -482,6 +486,10 @@ variable "s3_origins" {
     s3_origin_config = object({
       origin_access_identity = string
     })
+    origin_shield = optional(object({
+      enabled = optional(bool, false)
+      region  = optional(string, null)
+    }), null)
   }))
   default     = []
   description = <<-EOT

Original file line number	Diff line number	Diff line change
`@@ -570,6 +570,14 @@ resource "aws_cloudfront_distribution" "default" {`
`570`	`570`	`origin_keepalive_timeout = lookup(origin.value.custom_origin_config, "origin_keepalive_timeout", 60)`
`571`	`571`	`origin_read_timeout = lookup(origin.value.custom_origin_config, "origin_read_timeout", 60)`
`572`	`572`	`}`
	`573`	`+`
	`574`	`+ dynamic "origin_shield" {`
	`575`	`+ for_each = origin.value.origin_shield != null ? [origin.value.origin_shield] : []`
	`576`	`+ content {`
	`577`	`+ enabled = origin_shield.value.enabled`
	`578`	`+ origin_shield_region = origin_shield.value.region`
	`579`	`+ }`
	`580`	`+ }`
`573`	`581`	`}`
`574`	`582`	`}`
`575`	`583`
`@@ -589,6 +597,14 @@ resource "aws_cloudfront_distribution" "default" {`
`589`	`597`	`origin_access_identity = local.origin_access_identity_enabled && try(length(origin.value.s3_origin_config.origin_access_identity), 0) > 0 ? origin.value.s3_origin_config.origin_access_identity : local.origin_access_identity_enabled ? local.cf_access.path : ""`
`590`	`598`	`}`
`591`	`599`	`}`
	`600`	`+`
	`601`	`+ dynamic "origin_shield" {`
	`602`	`+ for_each = origin.value.origin_shield != null ? [origin.value.origin_shield] : []`
	`603`	`+ content {`
	`604`	`+ enabled = origin_shield.value.enabled`
	`605`	`+ origin_shield_region = origin_shield.value.region`
	`606`	`+ }`
	`607`	`+ }`
`592`	`608`	`}`
`593`	`609`	`}`
`594`	`610`