Trying to match the existing cloudfront_distribution API more closely

cloudposse · Dec 23, 2021 · ebe9c88 · ebe9c88
1 parent 42690e4
commit ebe9c88
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 13 deletions.
diff --git a/main.tf b/main.tf
@@ -73,9 +73,12 @@ resource "aws_cloudfront_distribution" "default" {
       origin_read_timeout      = var.origin_read_timeout
     }
 
-    origin_shield {
-      enabled              = var.origin_shield_enabled
-      origin_shield_region = var.origin_shield_region
+    dynamic "origin_shield" {
+      for_each = var.origin_shield ? ["true"] : []
+      content {
+        enabled              = var.origin_shield.enabled
+        origin_shield_region = var.origin_shield.region
+      }
     }
 
     dynamic "custom_header" {

diff --git a/variables.tf b/variables.tf
@@ -83,16 +83,13 @@ variable "origin_protocol_policy" {
   default     = "match-viewer"
 }
 
-variable "origin_shield_enabled" {
-  type        = bool
-  description = "Whether to use CloudFront Origin Shield"
-  default     = false
-}
-
-variable "origin_shield_region" {
-  type        = string
-  description = "The AWS Region for the Origin Shield"
-  default     = "us-east-1"
+variable "origin_shield" {
+  type = object({
+    enabled = bool
+    region  = string
+  })
+  description = "The CloudFront Origin Shield settings"
+  default     = null
 }
 
 variable "origin_ssl_protocols" {