aws_region |
string |
region where provisioning should happen |
`` |
sitename_prefix |
string |
prefix of site name e.g. for www.example.com this would be www, can be empty if deploy_at_apex is true |
`` |
deploy_at_apex |
bool |
Deploy site at the domain_root apex, defaults to false |
false |
domain_root |
string |
domain root for site e.g. example.com. This must be available in Route53. |
`` |
access_log_bucket |
string |
S3 bucket where access logs will be placed |
`` |
access_log_prefix |
string |
prefix used for any access logs written to S3 |
`` |
gh_username |
string |
GitHub username used to access your site source code repo |
`` |
gh_secret_sm_param_name |
string |
name of SSM parameter where GitHub webhook secret is stored |
`` |
gh_token_sm_param_name |
string |
name of SSM parameter where the GitHub Oauth token is stored |
`` |
gh_repo |
string |
name of repo containing site source and buildspec.yml file |
`` |
gh_branch |
string |
branch of git repo to use for changes |
master |
keycloak_host |
string |
name of keycloak host |
`` |
val_api_url |
string |
URL for JWT validation API |
`` |
encrypt_buckets |
bool |
encrypt buckets with default AWS keys |
false |
allow_root |
bool |
allow build process to become root (sudo) |
false |
send_notifications |
bool |
should pipeline notifications be sent |
false |
sns_topic_for_notifications |
string |
arn for sns topic to send notifications to |
`` |
build_image |
string |
what build image should be used to run the build job |
aws/codebuild/standard:2.0 |
fix_non_specific_paths |
bool |
should we apply a lambda@edge function on origin requests to fix paths which are missing the expected root object? |
false |
custom_404_path |
string |
what path should we use for a custom 404 (not found) error page |
none |
origin_access_log_bucket |
string |
bucket to be used for access logging on the origin s3 bucket |
`` |
origin_access_log_prefix |
string |
prefix to use for access logs where that is enabled |
`` |
pipeline_access_log_bucket |
string |
bucket to be used for access logging on the origin s3 bucket |
`` |
pipeline_access_log_prefix |
string |
prefix to use for access logs where that is enabled |
`` |
oidc_redirect_url |
string |
if you want to override the automatically determined by the module then set this variable |
`` |
cookie_max_age |
number |
number of seconds cookies will live for, default is 10 days |
864000 |
build_role_policies |
list(string) |
list of ARNs of policies to attach to the build role |
[] |
build_environment |
list(object({name=string,value=string})) |
non secret build environment variables |
[] |
secure_build_environment |
list(object({name=string,type=string,value=string})) |
secret build environment variables |
[] |
build_compute_type |
string |
compute type for the build job |
BUILD_GENERAL1_SMALL |
certificate_arn |
string |
arn of a certificate, if this is specified the module will not create a certificate |
`` |
alternative_dns_names |
list(string) |
list of additional names the cloudfront distribution |
[] |
realm_name |
string |
What name should be used for the keycloak realm |
`` |
exclude_from_env |
list(string) |
List of environment variables to exclude from the build |
[] |
allowed_group |
string |
Name of the group needed to allow access to the site, if blank then no restrictions are applied |
`` |
access_denied_message |
string |
Error message to return when group condition denies access |
You are not a member of the required group to access this site. |
cipher_suite |
string |
Cipher suite to use on the cloudfront site |
TLSv1.2_2018 |