tedilabs
diff --git a/‎examples/cloudfront-policies/main.tf‎
Lines changed: 41 additions & 0 deletions b/‎examples/cloudfront-policies/main.tf‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎modules/cache-policy/README.md‎
Lines changed: 6 additions & 6 deletions b/‎modules/cache-policy/README.md‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎modules/cache-policy/outputs.tf‎
Lines changed: 3 additions & 3 deletions b/‎modules/cache-policy/outputs.tf‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎modules/cache-policy/variables.tf‎
Lines changed: 3 additions & 3 deletions b/‎modules/cache-policy/variables.tf‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎modules/origin-request-policy/README.md‎
Lines changed: 6 additions & 6 deletions b/‎modules/origin-request-policy/README.md‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎modules/origin-request-policy/outputs.tf‎
Lines changed: 3 additions & 3 deletions b/‎modules/origin-request-policy/outputs.tf‎
Lines changed: 3 additions & 3 deletions
@@ -90,4 +90,45 @@ module "response_headers_policy" {
     enabled       = true
     sampling_rate = 50.0
   }
+
+  ## Security Headers
+  content_security_policy_header = {
+    enabled  = true
+    override = true
+    value    = "default-src https:"
+  }
+  content_type_options_header = {
+    enabled  = true
+    override = true
+  }
+  frame_options_header = {
+    enabled  = true
+    override = true
+    value    = "SAMEORIGIN"
+  }
+  referrer_policy_header = {
+    enabled  = true
+    override = true
+    value    = "strict-origin-when-cross-origin"
+  }
+  strict_transport_security_header = {
+    enabled  = true
+    override = true
+
+    filtering_enabled = true
+    block             = true
+    report            = ""
+
+    max_age            = 60 * 60 * 24 * 365
+    include_subdomains = true
+    preload            = false
+  }
+  xss_protection_header = {
+    enabled  = true
+    override = true
+
+    filtering_enabled = true
+    block             = true
+    report            = ""
+  }
 }
@@ -33,9 +33,9 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_name"></a> [name](#input\_name) | (Required) A unique name to identify the CloudFront Cache Policy. | `string` | n/a | yes |
-| <a name="input_cache_keys_in_cookies"></a> [cache\_keys\_in\_cookies](#input\_cache\_keys\_in\_cookies) | (Optional) A configuraiton for specifying which cookies to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_cookies` as defined below.<br>    (Required) `behavior` - Determine whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST` or `BLACKLIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_cache_keys_in_headers"></a> [cache\_keys\_in\_headers](#input\_cache\_keys\_in\_headers) | (Optional) A configuraiton for specifying which headers to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_headers` as defined below.<br>    (Required) `behavior` - Determine whether any headers in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`. Defaults to `NONE`.<br>    (Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_cache_keys_in_query_strings"></a> [cache\_keys\_in\_query\_strings](#input\_cache\_keys\_in\_query\_strings) | (Optional) A configuraiton for specifying which query strings to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_query_strings` as defined below.<br>    (Required) `behavior` - Determine whether any query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST` or `BLACKLIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_cache_keys_in_cookies"></a> [cache\_keys\_in\_cookies](#input\_cache\_keys\_in\_cookies) | (Optional) A configuration for specifying which cookies to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_cookies` as defined below.<br>    (Required) `behavior` - Determine whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST` or `BLACKLIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_cache_keys_in_headers"></a> [cache\_keys\_in\_headers](#input\_cache\_keys\_in\_headers) | (Optional) A configuration for specifying which headers to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_headers` as defined below.<br>    (Required) `behavior` - Determine whether any headers in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`. Defaults to `NONE`.<br>    (Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_cache_keys_in_query_strings"></a> [cache\_keys\_in\_query\_strings](#input\_cache\_keys\_in\_query\_strings) | (Optional) A configuration for specifying which query strings to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_query_strings` as defined below.<br>    (Required) `behavior` - Determine whether any query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST` or `BLACKLIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
 | <a name="input_default_ttl"></a> [default\_ttl](#input\_default\_ttl) | (Optional) The default time to live in seconds. The amount of time is that you want objects to stay in the CloudFront cache before another request to the origin to see if the object has been updated. Defaults to `86400` (one day). | `number` | `86400` | no |
 | <a name="input_description"></a> [description](#input\_description) | (Optional) The description of the cache policy. | `string` | `"Managed by Terraform."` | no |
 | <a name="input_max_ttl"></a> [max\_ttl](#input\_max\_ttl) | (Optional) The maximum time to live in seconds. The amount of time is that you want objects to stay in the CloudFront cache before another request to the origin to see if the object has been updated. Defaults to `31536000` (one year). | `number` | `31536000` | no |
@@ -46,9 +46,9 @@ No modules.
 
 | Name | Description |
 |------|-------------|
-| <a name="output_cache_keys_in_cookies"></a> [cache\_keys\_in\_cookies](#output\_cache\_keys\_in\_cookies) | A configuraiton for specifying which cookies to use as cache key in viewer requests. |
-| <a name="output_cache_keys_in_headers"></a> [cache\_keys\_in\_headers](#output\_cache\_keys\_in\_headers) | A configuraiton for specifying which headers to use as cache key in viewer requests. |
-| <a name="output_cache_keys_in_query_strings"></a> [cache\_keys\_in\_query\_strings](#output\_cache\_keys\_in\_query\_strings) | A configuraiton for specifying which query strings to use as cache key in viewer requests. |
+| <a name="output_cache_keys_in_cookies"></a> [cache\_keys\_in\_cookies](#output\_cache\_keys\_in\_cookies) | A configuration for specifying which cookies to use as cache key in viewer requests. |
+| <a name="output_cache_keys_in_headers"></a> [cache\_keys\_in\_headers](#output\_cache\_keys\_in\_headers) | A configuration for specifying which headers to use as cache key in viewer requests. |
+| <a name="output_cache_keys_in_query_strings"></a> [cache\_keys\_in\_query\_strings](#output\_cache\_keys\_in\_query\_strings) | A configuration for specifying which query strings to use as cache key in viewer requests. |
 | <a name="output_default_ttl"></a> [default\_ttl](#output\_default\_ttl) | The default time to live in seconds. |
 | <a name="output_description"></a> [description](#output\_description) | The description of the cache policy. |
 | <a name="output_etag"></a> [etag](#output\_etag) | The current version of the cache policy. |
 
@@ -39,7 +39,7 @@ output "supported_compression_formats" {
 }
 
 output "cache_keys_in_cookies" {
-  description = "A configuraiton for specifying which cookies to use as cache key in viewer requests."
+  description = "A configuration for specifying which cookies to use as cache key in viewer requests."
   value = {
     behavior = {
       for k, v in local.behaviors :
@@ -50,7 +50,7 @@ output "cache_keys_in_cookies" {
 }
 
 output "cache_keys_in_headers" {
-  description = "A configuraiton for specifying which headers to use as cache key in viewer requests."
+  description = "A configuration for specifying which headers to use as cache key in viewer requests."
   value = {
     behavior = {
       for k, v in local.behaviors :
@@ -61,7 +61,7 @@ output "cache_keys_in_headers" {
 }
 
 output "cache_keys_in_query_strings" {
-  description = "A configuraiton for specifying which query strings to use as cache key in viewer requests."
+  description = "A configuration for specifying which query strings to use as cache key in viewer requests."
   value = {
     behavior = {
       for k, v in local.behaviors :
 
@@ -48,7 +48,7 @@ variable "supported_compression_formats" {
 
 variable "cache_keys_in_cookies" {
   description = <<EOF
-  (Optional) A configuraiton for specifying which cookies to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_cookies` as defined below.
+  (Optional) A configuration for specifying which cookies to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_cookies` as defined below.
     (Required) `behavior` - Determine whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.
     (Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST` or `BLACKLIST`.
   EOF
@@ -67,7 +67,7 @@ variable "cache_keys_in_cookies" {
 
 variable "cache_keys_in_headers" {
   description = <<EOF
-  (Optional) A configuraiton for specifying which headers to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_headers` as defined below.
+  (Optional) A configuration for specifying which headers to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_headers` as defined below.
     (Required) `behavior` - Determine whether any headers in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`. Defaults to `NONE`.
     (Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST`.
   EOF
@@ -86,7 +86,7 @@ variable "cache_keys_in_headers" {
 
 variable "cache_keys_in_query_strings" {
   description = <<EOF
-  (Optional) A configuraiton for specifying which query strings to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_query_strings` as defined below.
+  (Optional) A configuration for specifying which query strings to use as cache key in viewer requests. The values in the cache key are automatically forwarded in requests to the origin. `cache_keys_in_query_strings` as defined below.
     (Required) `behavior` - Determine whether any query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `NONE`, `WHITELIST`, `BLACKLIST`, `ALL`. Defaults to `NONE`.
     (Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST` or `BLACKLIST`.
   EOF
 
@@ -34,19 +34,19 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_name"></a> [name](#input\_name) | (Required) A unique name to identify the CloudFront Origin Request Policy. | `string` | n/a | yes |
 | <a name="input_description"></a> [description](#input\_description) | (Optional) The description of the origin request policy. | `string` | `"Managed by Terraform."` | no |
-| <a name="input_forwarding_cookies"></a> [forwarding\_cookies](#input\_forwarding\_cookies) | (Optional) A configuraiton for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.<br>    (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_forwarding_headers"></a> [forwarding\_headers](#input\_forwarding\_headers) | (Optional) A configuraiton for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.<br>    (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.<br>    (Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
-| <a name="input_forwarding_query_strings"></a> [forwarding\_query\_strings](#input\_forwarding\_query\_strings) | (Optional) A configuraiton for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.<br>    (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_forwarding_cookies"></a> [forwarding\_cookies](#input\_forwarding\_cookies) | (Optional) A configuration for specifying which cookies in viewer requests to be forwarded in the origin requests. `forwarding_cookies` as defined below.<br>    (Required) `behavior` - Determine whether any cookies in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of cookie names. It only takes effect when `behavior` is `WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_forwarding_headers"></a> [forwarding\_headers](#input\_forwarding\_headers) | (Optional) A configuration for specifying which headers in viewer requests to be forwarded in the origin requests. `forwarding_headers` as defined below.<br>    (Required) `behavior` - Determine whether any headers in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL_VIEWER` and `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. Defaults to `NONE`.<br>    (Optional) `items` - A list of header names. It only takes effect when `behavior` is `WHITELIST` or `ALL_VIEWER_AND_CLOUDFRONT_WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
+| <a name="input_forwarding_query_strings"></a> [forwarding\_query\_strings](#input\_forwarding\_query\_strings) | (Optional) A configuration for specifying which query strings in viewer requests to be forwarded in the origin requests. `forwarding_query_strings` as defined below.<br>    (Required) `behavior` - Determine whether any query strings in viewer requests are forwarded in the origin requests. Valid values are `NONE`, `WHITELIST`, `ALL`. Defaults to `NONE`.<br>    (Optional) `items` - A list of query string names. It only takes effect when `behavior` is `WHITELIST`. | <pre>object({<br>    behavior = optional(string, "NONE")<br>    items    = optional(set(string), [])<br>  })</pre> | `{}` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | <a name="output_description"></a> [description](#output\_description) | The description of the origin request policy. |
 | <a name="output_etag"></a> [etag](#output\_etag) | The current version of the origin request policy. |
-| <a name="output_forwarding_cookies"></a> [forwarding\_cookies](#output\_forwarding\_cookies) | A configuraiton for specifying which cookies to be forwarded in the origin requests. |
-| <a name="output_forwarding_headers"></a> [forwarding\_headers](#output\_forwarding\_headers) | A configuraiton for specifying which headers to be forwarded in the origin requests. |
-| <a name="output_forwarding_query_strings"></a> [forwarding\_query\_strings](#output\_forwarding\_query\_strings) | A configuraiton for specifying which query strings to be forwarded in the origin requests. |
+| <a name="output_forwarding_cookies"></a> [forwarding\_cookies](#output\_forwarding\_cookies) | A configuration for specifying which cookies to be forwarded in the origin requests. |
+| <a name="output_forwarding_headers"></a> [forwarding\_headers](#output\_forwarding\_headers) | A configuration for specifying which headers to be forwarded in the origin requests. |
+| <a name="output_forwarding_query_strings"></a> [forwarding\_query\_strings](#output\_forwarding\_query\_strings) | A configuration for specifying which query strings to be forwarded in the origin requests. |
 | <a name="output_id"></a> [id](#output\_id) | The identifier for the CloudFront origin request policy. |
 | <a name="output_name"></a> [name](#output\_name) | The name of the CloudFront origin request policy. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -19,7 +19,7 @@ output "description" {
 }
 
 output "forwarding_cookies" {
-  description = "A configuraiton for specifying which cookies to be forwarded in the origin requests."
+  description = "A configuration for specifying which cookies to be forwarded in the origin requests."
   value = {
     behavior = {
       for k, v in local.behaviors :
@@ -30,7 +30,7 @@ output "forwarding_cookies" {
 }
 
 output "forwarding_headers" {
-  description = "A configuraiton for specifying which headers to be forwarded in the origin requests."
+  description = "A configuration for specifying which headers to be forwarded in the origin requests."
   value = {
     behavior = {
       for k, v in local.behaviors :
@@ -41,7 +41,7 @@ output "forwarding_headers" {
 }
 
 output "forwarding_query_strings" {
-  description = "A configuraiton for specifying which query strings to be forwarded in the origin requests."
+  description = "A configuration for specifying which query strings to be forwarded in the origin requests."
   value = {
     behavior = {
       for k, v in local.behaviors :