module "cloudfront" {
source = "terraform-aws-modules/cloudfront/aws"
comment = "My awesome CloudFront"
enabled = true
create_origin_access_control = true
origin_access_control = {
s3_oac = {
description = "CloudFront access to S3"
origin_type = "s3"
signing_behavior = "always"
signing_protocol = "sigv4"
}
}
origin = {
s3_oac = { # with origin access control settings (recommended)
domain_name = module.s3_bucket.bucket_regional_domain_name
origin_access_control = "s3_oac" # key in `origin_access_control`
}
}
default_cache_behavior {
cache_policy_id = "658327ea-f89d-4fab-a63d-7e88639e58f6" # CachingOptimized
allowed_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = "s3_oac" # key in `origin`
}
}