✨ Add variable for minimum TLS version (#40)

* ✨ Add variable for minimum TLS version * Use more descriptive variable name
skyscrapers · Jun 2, 2020 · 7adc3e8 · 7adc3e8
1 parent ec3fc23
commit 7adc3e8
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -112,6 +112,9 @@ See the [Terraform Modules documentation](https://www.terraform.io/docs/modules/
   Read [pricing page](https://aws.amazon.com/cloudfront/pricing/) for more details.
   Options: `PriceClass_100` | `PriceClass_200` | `PriceClass_All`. Default value = `PriceClass_200`
 * `ipv6`:  (Optional) Enable IPv6 support on CloudFront distribution. Default value = `false`
+* `minimum_client_tls_protocol_version`: (Optional) Set the minimum protocol version of the CloudFront certificate.
+  Read the docs on [Supported Protocols and Ciphers](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers)
+  for supported values. Default value = `TLSv1`
 
 ### Outputs
 
@@ -144,6 +147,9 @@ See the [Terraform Modules documentation](https://www.terraform.io/docs/modules/
   Read [pricing page](https://aws.amazon.com/cloudfront/pricing/) for more details.
   Options: `PriceClass_100` | `PriceClass_200` | `PriceClass_All`. Default value = `PriceClass_200`
 * `ipv6`:  (Optional) Enable IPv6 support on CloudFront distribution. Default value = `false`
+* `minimum_client_tls_protocol_version`: (Optional) Set the minimum protocol version of the CloudFront certificate.
+  Read the docs on [Supported Protocols and Ciphers](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers)
+  for supported values. Default value = `TLSv1`
 
 ### Outputs
 

diff --git a/site-main/main.tf b/site-main/main.tf
@@ -147,7 +147,7 @@ resource "aws_cloudfront_distribution" "website_cdn" {
   viewer_certificate {
     acm_certificate_arn      = var.acm-certificate-arn
     ssl_support_method       = "sni-only"
-    minimum_protocol_version = "TLSv1"
+    minimum_protocol_version = var.minimum_client_tls_protocol_version
   }
 
   aliases = [var.domain]

diff --git a/site-main/variables.tf b/site-main/variables.tf
@@ -71,3 +71,9 @@ variable "ipv6" {
   description = "Enable IPv6 on CloudFront distribution"
   default     = false
 }
+
+variable "minimum_client_tls_protocol_version" {
+  type        = string
+  description = "CloudFront viewer certificate minimum protocol version"
+  default     = "TLSv1"
+}
diff --git a/site-redirect/main.tf b/site-redirect/main.tf
@@ -143,7 +143,7 @@ resource "aws_cloudfront_distribution" "website_cdn" {
   viewer_certificate {
     acm_certificate_arn      = var.acm-certificate-arn
     ssl_support_method       = "sni-only"
-    minimum_protocol_version = "TLSv1"
+    minimum_protocol_version = var.minimum_client_tls_protocol_version
   }
 
   aliases = [var.domain]

diff --git a/site-redirect/variables.tf b/site-redirect/variables.tf
@@ -46,3 +46,9 @@ variable "default_root_object" {
   description = "CloudFront default root object"
   default     = "index.html"
 }
+
+variable "minimum_client_tls_protocol_version" {
+  type        = string
+  description = "CloudFront viewer certificate minimum protocol version"
+  default     = "TLSv1"
+}