From 507164a1ea64fec425de784cd39b8a393be18320 Mon Sep 17 00:00:00 2001
From: Andy Singleton <asing@brightprocess.com>
Date: Wed, 19 Jun 2024 11:03:10 +0100
Subject: [PATCH] Parameterize some values to allow more tailored deployments

- TLS protocol version
- Custom error responses
---
 aws_cloudfront_distribution.tf |  8 ++++----
 variables.tf                   | 30 +++++++++++++++++++++++++++---
 2 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/aws_cloudfront_distribution.tf b/aws_cloudfront_distribution.tf
index 0eb519a..6d9fdbf 100644
--- a/aws_cloudfront_distribution.tf
+++ b/aws_cloudfront_distribution.tf
@@ -18,13 +18,13 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
     cloudfront_default_certificate = var.use_cloudfront_default_certificate
     acm_certificate_arn            = aws_acm_certificate.certificate.arn
     ssl_support_method             = "sni-only"
-    minimum_protocol_version       = "TLSv1.2_2021"
+    minimum_protocol_version       = var.minimum_protocol_version
   }
 
   custom_error_response {
-    error_caching_min_ttl = 300
-    error_code            = 404
-    response_code         = 200
+    error_caching_min_ttl = var.custom_error_response_min_ttl
+    error_code            = var.custom_error_response_error_code
+    response_code         = var.custom_error_response_code
     response_page_path    = "/index.html"
   }
 
diff --git a/variables.tf b/variables.tf
index dbf0514..620685e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -22,13 +22,31 @@ variable "cloudfront_cache_compress_content" {
   default     = false
 }
 
+variable "custom_error_response_error_code" {
+  description = "Custom error code for error response"
+  type        = number
+  default     = 404
+}
+
+variable "custom_error_response_min_ttl" {
+  description = "Minimum time-to-live for error caching"
+  type        = number
+  default     = 300
+}
+
+variable "custom_error_response_code" {
+  description = "Custom error code for error response"
+  type        = number
+  default     = 200
+}
+
 variable "distribution_fqdn" {
   type        = string
   description = "Fully qualified domain bound to Cloudfront."
 }
 
 variable "distribution_name" {
-  type = string
+  type        = string
   description = "A unique name give to the distribution."
 }
 
@@ -37,10 +55,16 @@ variable "hosted_zone_name" {
   description = "The route53 zone."
 }
 
+variable "minimum_protocol_version" {
+  description = "Minimum protocol version for the viewer certificate"
+  type        = string
+  default     = "TLSv1.2_2021"
+}
+
 variable "price_class" {
-  type    = string
+  type        = string
   description = "The price class for this distribution."
-  default = "PriceClass_100"
+  default     = "PriceClass_100"
 }
 
 variable "s3_source_bukcet_name" {