Merge pull request #13 from fillup/develop

Update default and add var for minimum tls version for viewers - release as 5.0.1
fillup · Dec 21, 2020 · 49d6276 · 49d6276
2 parents def9ea7 + bdf2ad8
commit 49d6276
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -24,6 +24,7 @@ supports S3 redirects. This module helps keep setup consistent for multiple Hugo
  - `default_root_object` - Default root object for CloudFlare to request when not otherwise specified. Default: `index.html`
  - `error_document` - The file that should be served for errors. Default: `404.html`
  - `index_document` - The default file to be served. Default: `index.html`
+ - `minimum_viewer_tls_version` - Minimum TLS version for viewers connecting to CloudFront. Default: `TLSv1.2_2019`
  - `origin_path` - Path to document root in S3 bucket without slashes. Default: `public`
  - `origin_ssl_protocols` - List of SSL protocols to enable on Cloudfront distribution. Default: `TLSv1.2_2019` 
  - `routing_rules` - A json array containing routing rules describing redirect behavior and when redirects are applied. Default routes `/` to `index.html` 

diff --git a/main.tf b/main.tf
@@ -102,7 +102,7 @@ resource "aws_cloudfront_distribution" "hugo" {
   viewer_certificate {
     acm_certificate_arn      = data.aws_acm_certificate.cert.arn
     ssl_support_method       = "sni-only"
-    minimum_protocol_version = "TLSv1"
+    minimum_protocol_version = var.minimum_viewer_tls_version
   }
 
   restrictions {

diff --git a/vars.tf b/vars.tf
@@ -101,6 +101,12 @@ variable "index_document" {
   default     = "index.html"
 }
 
+variable "minimum_viewer_tls_version" {
+  description = "Minimum TLS version for viewers connecting to CloudFront"
+  type        = string
+  default     = "TLSv1.2_2019"
+}
+
 variable "origin_path" {
   description = "Path in S3 bucket for hosted files, with leading slash"
   type        = string