Skip to content

aws.cloudfront-function resource

Description

Function manages a CloudFront function: the JavaScript that runs at the edge on a viewer request or response. Its lifecycle is two-staged. Every create and update writes the DEVELOPMENT stage, and when publish is set a PublishFunction promotes that code to LIVE, the stage a distribution attaches. CloudFront guards every mutating call with the function's current version, an ETag the API returns only from a read, so the create routes through a read to learn it and the ETag is an output the update and delete pass back as the IfMatch concurrency token. The name fixes the function at create time, so a change to it replaces the function; the code, comment, runtime, and key value store associations reconcile in place.

Source: internal/service/cloudfront/function_rsrc.go:27

Example usage:

imports: {
  aws: 'github.com/cloudboss/unobin-library-aws'
}

resources: {
  example: aws.cloudfront-function {
    # Set input fields here.
  }
}

Inputs

name

string

required

Name identifies the function and fixes it at create time.

runtime

string

required

Runtime is the function's runtime environment, one of cloudfront-js-1.0 or cloudfront-js-2.0.

code-content

optional(string)

CodeContent is the function's JavaScript given inline. Exactly one of code-content or code-path is set.

code-path

optional(string)

CodePath is a path to a file holding the function's JavaScript. Exactly one of code-content or code-path is set.

comment

optional(string)

Comment describes the function. It is optional but always sent, defaulting to the empty string, because CloudFront wants the field present in the config.

key-value-store-associations

list(string)

KeyValueStoreAssociations lists the ARNs of the key value stores the function reads at runtime. CloudFront limits this to one store; the API rejects more, so no constraint caps it here.

publish

optional(boolean)

Publish is an intent flag, defaulting to true, that promotes the DEVELOPMENT code to the LIVE stage through PublishFunction. It is reconciled by that call on every create and update, not echoed to output.

Input Constraints

Runtime rules

runtime must be one of cloudfront-js-1.0, cloudfront-js-2.0.

Rule logic
Require
input.runtime == 'cloudfront-js-1.0'
|| input.runtime == 'cloudfront-js-2.0'

Field combinations

Exactly one of code-content or code-path.

Outputs

arn

string

status

string

etag

string

live-stage-etag

string