This module can be used to set up static redirects from one URL to another in a Lambda@Edge function for CloudFront. An example usage is as follows:
data "aws_cloudfront_cache_policy" "caching_disabled" {
name = "Managed-CachingDisabled"
}
data "aws_cloudfront_origin_request_policy" "all_viewer" {
name = "Managed-AllViewer"
}
module "redirects_label" {
source = "cloudposse/label/null"
version = "0.24.1"
name = "redirects"
stage = "production"
namespace = "namespace"
}
module "redirects" {
providers = {
aws = aws.us_east_1
}
source = "../../terraform-module-cloudfront-redirects"
label_context = module.redirects_label.context
redirect_rules = [
{
match = {
method = "GET"
url = "https://example.org/index.html"
}
status = 301
url = "https://example.com/"
},
{
match = {
method = "GET"
url = "https://example.org/(.*)"
}
status = 301
url = "https://example.com/$1"
}
]
}
resource "aws_cloudfront_distribution" "redirects" {
enabled = true
comment = "Redirects distribution"
price_class = "PriceClass_100"
aliases = ["example.org"]
origin {
domain_name = "www.example.org"
origin_id = "www.example.org"
custom_origin_config {
http_port = 80
https_port = 443
origin_protocol_policy = "https-only"
origin_ssl_protocols = ["TLSv1.2"]
}
}
default_cache_behavior {
allowed_methods = ["HEAD", "GET", "OPTIONS"]
cached_methods = ["HEAD", "GET", "OPTIONS"]
target_origin_id = "www.example.org"
viewer_protocol_policy = "redirect-to-https"
cache_policy_id = data.aws_cloudfront_cache_policy.caching_disabled.id
origin_request_policy_id = data.aws_cloudfront_origin_request_policy.all_viewer.id
lambda_function_association {
event_type = "viewer-request"
lambda_arn = module.redirects.lambda_qualified_arn
include_body = false
}
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
cloudfront_default_certificate = true
}
}| Name | Version |
|---|---|
| archive | ~> 2.2.0 |
| aws | ~> 4.0 |
| Name | Version |
|---|---|
| archive | ~> 2.2.0 |
| aws | ~> 4.0 |
| Name | Source | Version |
|---|---|---|
| label | cloudposse/label/null | 0.24.1 |
| Name | Type |
|---|---|
| aws_iam_role.this | resource |
| aws_iam_role_policy_attachment.lambda_basic_execution | resource |
| aws_lambda_function.this | resource |
| archive_file.this | data source |
| aws_iam_policy.lambda_basic_execution | data source |
| aws_iam_policy_document.assume_role | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| label_context | Context for the null label which determines names of resources | any |
n/a | yes |
| redirect_rules | Rules determine which URLs redirect to which other URLs. The match object determines if a request matches the rule. Both the method and URL should match. If no method is specified, all request methods will match. The match URL can be a regular expression. In this case, the beginning and end of line matchers are added implicitly. The JavaScript regular expression dialect should be used. Only the host and path of the URL are used to match the request. All other parts, like the scheme, query and fragment are ignored. The status and URL determine where the client is redirected to. Both must be set. The URL should include a scheme and can use any capturing groups captured during the matching phase. See documentation on JavaScript's String.prototype.replace to learn more about JavaScript regular expressions and the usage of capturing groups in the reponse URL. |
list( |
n/a | yes |
| Name | Description |
|---|---|
| lambda_arn | ARN of redirect function without version specifier |
| lambda_qualified_arn | ARN of redirect function with version specifier |