Terraform module which creates Yandex Cloud CDN resources. To get more information about Yandex Cloud CDN, use the following docs.
Examples codified under
the examples
are intended
to give users references for how to use the module(s) as well as testing/validating changes to the source code of the
module. If contributing to the project, please be sure to make any appropriate updates to the relevant examples to allow
maintainers to test your changes and to keep the examples up to date for users. Thank you!
Name | Version |
---|---|
terraform | >= 1.0 |
tls | >= 3.1.0 |
yandex | >= 0.72.0 |
Name | Version |
---|---|
yandex | >= 0.72.0 |
No modules.
Name | Type |
---|---|
yandex_cdn_origin_group.main | resource |
yandex_cdn_resource.main | resource |
yandex_cm_certificate.cdn | resource |
yandex_dns_recordset.cdn_cm | resource |
yandex_client_config.client | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
active | End user access to content is indicated by the following flag: true - indicates that CDN content is available to clients; false - indicates that content access is disabled. |
bool |
true |
no |
allowed_http_methods | HTTP methods for your CDN content. By default the following methods are allowed: GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS. In case some methods are not allowed to the user, they will get the 405 (Method Not Allowed) response. If the method is not supported, the user gets the 501 (Not Implemented) response. |
list(string) |
[ |
no |
browser_cache_settings | Set up a cache period for the end-users browser. Content will be cached due to origin settings. If there are no cache settings on your origin, the content will not be cached. The list of HTTP response codes that can be cached in browsers: 200, 201, 204, 206, 301, 302, 303, 304, 307, 308. Other response codes will not be cached. The default value is 0. |
string |
"0" |
no |
cache_http_headers | List of HTTP headers that must be included in responses to clients. | list(string) |
[] |
no |
cdn_ssl_certificate_id | ID of user certificate in Yandex Certificate Manager. | string |
null |
no |
cm_add_challenge_records | If true, Certificate Manager challenge records will be created at dns_zone_id. | bool |
false |
no |
cm_issue_ssl_certificate | If true, Let's Encrypt certificate will be issued for cname | bool |
false |
no |
cname | Primary domain name for content distribution. | string |
n/a | yes |
cors | Parameter that lets browsers get access to selected resources from a domain different to a domain from which the request is received. |
list(string) |
[ |
no |
custom_host_header | Custom value for the Host header. Your server must be able to process requests with the chosen header. E.g.: "ycprojektblue-storage.storage.yandexcloud.net" |
string |
null |
no |
custom_server_name | Wildcard additional CNAME. If a resource has a wildcard additional CNAME, you can use your own certificate for content delivery via HTTPS. Read-only. |
string |
null |
no |
disable_cache | Setup a cache status. | bool |
false |
no |
disable_proxy_force_ranges | Disabling proxy force ranges. | bool |
false |
no |
dns_zone_id | ID of Yandex DNS zone, where certificate manager records will be created. | string |
null |
no |
edge_cache_settings | Content will be cached according to origin cache settings. The value applies for a response with codes 200, 201, 204, 206, 301, 302, 303, 304, 307, 308 if an origin server does not have caching HTTP headers. Responses with other codes will not be cached. The default value is 345600. |
string |
"345600" |
no |
enable_ip_url_signing | Optional parameter, true or false .It restricts access to a CDN resource based on IP. A trusted IP address is specified as a parameter outside a CDN resource when generating an MD5 hash for a signed link. If the parameter is not set, file access will be allowed from any IP. |
bool |
false |
no |
fetched_compressed | Option helps you to reduce the bandwidth between origin and CDN servers. Also, content delivery speed becomes higher because of reducing the time for compressing files in a CDN. |
bool |
false |
no |
folder_id | (Optional) The ID of the Yandex Cloud Folder that the resources belongs to. Allows to create bucket in different folder. It will try to create bucket using IAM-token in provider config, not using access_key. If omitted, folder_id specified in provider config and access_key is used. |
string |
null |
no |
forward_host_header | Choose the Forward Host header option if it is important to send in the request to the Origin the same Host header as was sent in the request to CDN server. |
bool |
true |
no |
gzip_on | GZip compression at CDN servers reduces file size by 70% and can be as high as 90%. | bool |
true |
no |
ignore_cookie | Set for ignoring cookie. | bool |
true |
no |
ignore_query_params | Files with different query parameters are cached as objects with the same key regardless of the parameter value. Selected by default. |
bool |
false |
no |
ip_address_acl_excepted_values | The list of specified IP addresses to be allowed or denied depending on acl policy type. |
list(string) |
[] |
no |
ip_address_acl_policy_type | The policy type for ip_address_acl option, one of "allow" or "deny" values. |
string |
"allow" |
no |
ip_address_enabled | If true, IP Address ACL will be enabled | bool |
false |
no |
labels | A set of labels that will be applied to all resources in this module. | map(string) |
{} |
no |
origin_group_origins | A map of objects representing the origins for the CDN origin group. Each object contains the following fields: - enabled (optional, default: true): A boolean indicating whether the origin is enabled and used as a source for the CDN. - source (required): The IP address or domain name of your origin and the port. - backup (optional, default: false): A boolean specifying whether the origin is used in its origin group as a backup. A backup origin is used when one of the active origins becomes unavailable. Example: { origin1 = { source = "192.168.1.1:8080" backup = false } origin2 = { source = "example.com" enabled = true backup = true } } |
map(object({ |
{} |
no |
origin_group_use_next | If the option is active (has true value), in case the origin responds with 4XX or 5XX codes, use the next origin from the list. |
bool |
true |
no |
origin_protocol | Origin protocol for sources | string |
"http" |
no |
proxy_cache_methods_set | Allows caching for GET, HEAD and POST requests. | bool |
true |
no |
query_params_blacklist | Files with the specified query parameters are cached as objects with the same key, files with other parameters are cached as objects with different keys. |
list(string) |
[] |
no |
query_params_whitelist | Files with the specified query parameters are cached as objects with different keys, files with other parameters are cached as objects with the same key. |
list(string) |
[] |
no |
redirect_http_to_https | Parameter for redirecting clients from HTTP to HTTPS; possible values: 'true' or 'false'. Available when using an SSL certificate, otherwise will be set as false. |
bool |
true |
no |
redirect_https_to_http | Set up a redirect from HTTPS to HTTP. | bool |
false |
no |
secondary_hostnames | Additional domain names for content distribution. | list(string) |
[] |
no |
secure_key | The secret key. An arbitrary string from 6 to 32 characters long. Required to clarify access to a resource using secure tokens |
string |
null |
no |
slice | Files larger than 10 MB will be requested and cached in parts (no larger than 10 MB each part). It reduces time to first byte. The origin must support HTTP Range requests. |
bool |
false |
no |
static_request_headers | Set up custom headers that CDN servers will send in requests to origins. | map(string) |
{} |
no |
static_response_headers | Set up custom headers that CDN servers will send in response to clients. | map(string) |
{} |
no |
Name | Description |
---|---|
cdn_origin_group_id | The ID of the CDN origin group. |
cdn_resource_cname | The CNAME of the CDN resource. |
cdn_resource_id | The ID of the CDN resource. |
cdn_ssl_certificate_id | The ID of the SSL certificate used by the CDN resource. |
dns_recordset_ids | The IDs of the DNS recordsets created for the CDN challenges. |
Apache-2.0 Licensed. See LICENSE.