cloudposse/terraform-aws-cloudfront-s3-cdn

📦 why

• The `realtime_metrics_subscription_status` value could have been derived from `var.additional_metrics_enabled`, but that would introduce an unexpected resource change across all existing deployments.

📦 references

• A complementary PR to https://github.com/cloudposse/terraform-aws-cloudfront-cdn/pull/162
• </details>
• <details>
• <summary>docs: web acl id can be an ARN for newer WAFs @oycyc (#349)</summary>
• As per the AWS provider docs. Updating description here so consumers don't get confused why WAF association fails when providing the ID.
• <img width="911" height="126" alt="image" src="https://github.com/user-attachments/assets/939a0ab4-6706-4a5d-91eb-085d63005dd9" />
• </details>

📦 what

• Add support for `response_completion_timeout` argument (announced by AWS in July 2025 and implemented in the [6.13.0](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md#6130-september-11-2025) version of the AWS provider)
• Bump the minimum provider version to `>= 6.13.0`

📦 references

• https://aws.amazon.com/about-aws/whats-new/2025/07/amazon-cloudfront-origin-response-timeout-controls/
• https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md#6130-september-11-2025
• corresponding PR: https://github.com/cloudposse/terraform-aws-cloudfront-cdn/pull/159
• </details>

📦 what

• <!--
• Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
• Use bullet points to be concise and to the point.
• -->
• This fixes the deprecation of the "name" attribute for the aws_region data source, adding a fallback for provider versions < 6.0.0.

📦 why

• <!--
• Provide the justifications for the changes (e.g. business case).
• Describe why these changes were made (e.g. why do these commits fix the problem?)
• Use bullet points to be concise and to the point.
• -->
• To get rid of the deprecation notice and prepare for provider version 7.

📦 references

• <!--
• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
• Use `closes #123`, if this PR closes a GitHub issue `#123`
• -->
• Resolves #361.
• </details>

📦 what

• Generate readme for submodules

📦 why

• Allow all to keep the README updated

📦 references

• https://linear.app/cloudposse/issue/DEV-3521/make-cicd-workflow-support-readmes-in-modules-subfolders
• </details>

📦 what

• Fixed `No more than 1 s3_origin_config blocks are allowed` error when using multiple S3 origins with origin access identity enabled
• Changed `for_each` from iterating over `var.s3_origins` to using `[1]` to create a single `s3_origin_config` block

📦 why

• AWS CloudFront only allows one s3_origin_config block per origin
• The previous implementation incorrectly created multiple blocks when multiple S3 origins were configured

📦 references

• fixes #325

📦 to reproduce error

• 1. in examples/complete/main.tf#L102 replace `origin_access_control` with `origin_access_identity`
• https://github.com/Eyjafjallajokull/terraform-aws-cloudfront-s3-cdn/blob/96703043867c986ff3fc1550448118111a9f5659/examples/complete/main.tf#L102
• 2. `terraform plan` fails with the above error.
• </details>

📦 🚀 Enhancements

• <details>
• <summary>fix: Resolve unsupported attribute error in S3 website block @jwadolowski (#358)</summary>

📦 what

• <!--
• Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
• Use bullet points to be concise and to the point.
• -->

📦 why

• <!--
• Provide the justifications for the changes (e.g. business case).
• Describe why these changes were made (e.g. why do these commits fix the problem?)
• Use bullet points to be concise and to the point.
• -->
• ```
• ╷
• │ Error: Unsupported attribute
• + 10 more

📦 references

• <!--
• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
• Use `closes #123`, if this PR closes a GitHub issue `#123`
• -->
• resolves #354
• </details>

📦 🤖 Automatic Updates

• <details>
• <summary>chore(deps): update terraform cloudposse/s3-log-storage/aws to v1.4.5 (release/v0) @[renovate[bot]](https://github.com/apps/renovate) (#351)</summary>
• This PR contains the following updates:
• | Package | Type | Update | Change |
• |---|---|---|---|
• ---

📦 Release Notes

• <details>
• <summary>cloudposse/terraform-aws-s3-log-storage (cloudposse/s3-log-storage/aws)</summary>

📦 [`v1.4.5`](https://redirect.github.com/cloudposse/terraform-aws-s3-log-storage/releases/tag/v1.4.5)

• [Compare Source](https://redirect.github.com/cloudposse/terraform-aws-s3-log-storage/compare/v1.4.4...v1.4.5)
• <details>
• <summary>fix: remove join calls on bucket arn + id usage @&#8203;carterdanko-dw (#&#8203;125)</summary>
• Initially put the wrong values for coditions, just needs to be a list
• Bucket should be single resource vs joining on a list.
• issue `#122`
• </details>
• <details>
• + 5 more

📦 [`v1.4.4`](https://redirect.github.com/cloudposse/terraform-aws-s3-log-storage/releases/tag/v1.4.4)

• [Compare Source](https://redirect.github.com/cloudposse/terraform-aws-s3-log-storage/compare/1.4.3...v1.4.4)
• <details>
• <summary>Issue-122/Values expect list of strings vs string @&#8203;carterdanko-dw (#&#8203;123)</summary>
• Updating the sqs iam permissions, as the values expects to be a list of strings vs just the single string arn that is the output of the module.
• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam\_policy\_document#condition-1 expects to be a list of strings, vs just the single string arn of the s3 bucket.
• Github issue [#&#8203;122](https://redirect.github.com/cloudposse/terraform-aws-s3-log-storage/issues/122)
• </details>
• <details>
• + 85 more

📦 [`v1.4.3`](https://redirect.github.com/cloudposse/terraform-aws-s3-log-storage/releases/tag/1.4.3)

• [Compare Source](https://redirect.github.com/cloudposse/terraform-aws-s3-log-storage/compare/1.4.2...1.4.3)
• <details>
• <summary>Update Terraform cloudposse/s3-bucket/aws to v3.1.3 (main) @&#8203;renovate (#&#8203;95)</summary>
• This PR contains the following updates:
• | Package | Type | Update | Change |
• |---|---|---|---|
• ***
• <details>
• + 21 more

📦 Configuration

• 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
• 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
• ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
• 🔕 Ignore: Close this PR and you won't be reminded about this update again.
• ---
• [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
• ---
• This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/cloudposse/terraform-aws-cloudfront-s3-cdn).
• + 2 more

📦 what

• <!--
• Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
• Use bullet points to be concise and to the point.
• -->
• Backport of the following [cloudposse/terraform-aws-cloudfront-cdn](https://github.com/cloudposse/terraform-aws-cloudfront-cdn) improvements:
• https://github.com/cloudposse/terraform-aws-cloudfront-cdn/pull/140
• https://github.com/cloudposse/terraform-aws-cloudfront-cdn/pull/142
• https://github.com/cloudposse/terraform-aws-cloudfront-cdn/pull/147
• + 15 more

📦 why

• <!--
• Provide the justifications for the changes (e.g. business case).
• Describe why these changes were made (e.g. why do these commits fix the problem?)
• Use bullet points to be concise and to the point.
• -->
• Both CloudPosse CDN modules should stay in sync (feature-wise) and leverage the same set of improvements.

📦 references

• <!--
• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
• Use `closes #123`, if this PR closes a GitHub issue `#123`
• -->
• ~includes https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/347 to re-generate docs after changes. `#347` should get merged first~
• </details>

📦 what

• <!--
• Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
• Use bullet points to be concise and to the point.
• -->
• `README.md` generation support with `atmos` CLI.

📦 why

• <!--
• Provide the justifications for the changes (e.g. business case).
• Describe why these changes were made (e.g. why do these commits fix the problem?)
• Use bullet points to be concise and to the point.
• -->
• https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/342 replaced `Makefile` with `atmos.yaml` for the main module, but Lambda@Edge submodule got overlooked.

📦 references

• <!--
• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
• Use `closes #123`, if this PR closes a GitHub issue `#123`
• -->
• https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/342
• </details>

📦 🤖 Automatic Updates

• <details>
• <summary>Fix go version in tests @osterman (#343)</summary>

📦 what

• Update go `1.24`

📦 why

• Error loading shared library libresolv.so.2 in Go 1.20

📦 References

• https://sweetops.slack.com/archives/G014YEKDH4K/p1746672149263629
• https://github.com/golang/go/issues/59305#issuecomment-1488478737
• https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/294/#issuecomment-2859195553
• </details>
• <details>
• <summary>Replace Makefile with atmos.yaml @osterman (#342)</summary>

📦 what

• Remove `Makefile`
• Add `atmos.yaml`

📦 why

• Replace `build-harness` with `atmos` for readme genration

📦 References

• DEV-3229 Migrate from build-harness to atmos
• </details>

📦 🚀 Enhancements

• <details>
• <summary>replace TLSv1.2_2019 with TLSv1.2_2021 as default policy @jamerply (#294)</summary>

📦 what

• <!--
• Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
• Use bullet points to be concise and to the point.
• -->
• This PR updates the `mimimum_protocol_version` variable so that it defaults to `TLSv1.2_2021` (the current recommended security policy recommended by AWS) instead of `TLSv1.2_2019`.

📦 why

• <!--
• Provide the justifications for the changes (e.g. business case).
• Describe why these changes were made (e.g. why do these commits fix the problem?)
• Use bullet points to be concise and to the point.
• -->
• The most current security policy is no longer `TLSv1.2_2019` but is `TLSv1.2_2021`.

📦 references

• <!--
• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
• Use `closes #123`, if this PR closes a GitHub issue `#123`
• -->
• </details>

📦 🚀 Enhancements

• <details>
• <summary>feat: Add support for custom Lambda@Edge policies @jwadolowski (#333)</summary>

📦 what

• <!--
• Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
• Use bullet points to be concise and to the point.
• -->

📦 why

• <!--
• Provide the justifications for the changes (e.g. business case).
• Describe why these changes were made (e.g. why do these commits fix the problem?)
• Use bullet points to be concise and to the point.
• -->

📦 references

• <!--
• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
• Use `closes #123`, if this PR closes a GitHub issue `#123`
• -->
• closes #261
• </details>

📦 🚀 Enhancements

• <details>
• <summary>Set allowed and cache methods as non nullable @travis-reed (#324)</summary>

📦 what

• Set allowed_methods and cached_methods as non nullable

📦 why

• I want to be able to sometimes call this module with explicit `allowed_methods` and `cached_methods` and sometimes just use the module defaults.
• As it stands, I cannot do that without making my default value match your default value. It would be better for the module to use its defaults when I pass in `null`
• Right now I am hitting
• ```
• Error: Missing required argument
• with module.fanx.module.sdp_assets.module.static_cdn.aws_cloudfront_distribution.default[0],
• on /tmp/terraform-data-dir/modules/fanx.sdp_assets.static_cdn/main.tf line 522, in resource "aws_cloudfront_distribution" "default":
• 522: allowed_methods = var.allowed_methods
• + 4 more

📦 references

• https://developer.hashicorp.com/terraform/language/values/variables#disallowing-null-input-values
• https://stackoverflow.com/questions/72213875/transformer-how-to-call-a-module-with-variables-as-default-value

✨ Additional Notes

• </details>
• <details>
• <summary>Make sure tags are associated with Lambda functions(#332)</summary>

📦 why

• <!--
• Provide the justifications for the changes (e.g. business case).
• Describe why these changes were made (e.g. why do these commits fix the problem?)
• Use bullet points to be concise and to the point.
• -->
• [`tags`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#tags-1) argument is not set at all which results in an empty tag list.

📦 references

• <!--
• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
• Use `closes #123`, if this PR closes a GitHub issue `#123`
• -->
• https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/blob/v0.96.1/modules/lambda%40edge/main.tf#L78-L86
• </details>

📦 🚀 Enhancements

• <details>
• <summary>memory and timeout vars for lambda@edge @mihaiplesa (#330)</summary>

📦 what

• Allow to configure memory size and timeout for Lambda@Edge module.
• <!--
• Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
• Use bullet points to be concise and to the point.
• -->

📦 why

• These fields are not configurable now.
• <!--
• Provide the justifications for the changes (e.g. business case).
• Describe why these changes were made (e.g. why do these commits fix the problem?)
• Use bullet points to be concise and to the point.
• -->

📦 references

• <!--
• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
• Use `closes #123`, if this PR closes a GitHub issue `#123`
• -->
• Resolves https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/issues/331
• </details>

📦 what

• Custom Origins didn't have `Origin Access Control`
• Implements this infrastructure
• https://aws.amazon.com/blogs/networking-and-content-delivery/image-optimization-using-amazon-cloudfront-and-aws-lambda/

📦 why

• Custom Origins didn't have `Origin Access Control` if we wanted to invoke a `lambda` we were not able to do it

📦 references

• <!-- This is an auto-generated comment: release notes by coderabbit.ai -->

📦 Summary by CodeRabbit

• New Features
• Enhanced configuration options for custom origins in CloudFront with the addition of `origin_access_control_id`.
• Updated variable definitions for `custom_origins` and `s3_origins` to include access control ID.
• Bug Fixes
• Deprecated certain variables to streamline configuration and encourage best practices.
• Documentation
• Updated documentation to reflect changes in variable structures and configurations.
• <!-- end of auto-generated comment: release notes by coderabbit.ai -->
• + 1 more

📦 what

• add Origin Access Control feature
• add `var.origin_access_type` to enable Origin Access Identity or Origina Access Control policy
• add `aws_cloudfront_origin_access_control.default` resource
• add `origin_access_control_id` argument to origin config on `aws_cloudfront_distribution.default`
• update example code
• update README

📦 why

• provide the ability to make use of an Origin Access Control
• retain default origin access identity behavior
• AWS recommends using origin access control
• Origin Access Identities are flagged in [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-13)

📦 references

• Closes #244
• https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
• </details>

📦 🤖 Automatic Updates

• <details>
• <summary>Migrate new test account @osterman (#322)</summary>

📦 what

• Update `.github/settings.yml`
• Update `.github/chatops.yml` files

📦 why

• Re-apply `.github/settings.yml` from org level to get `terratest` environment
• Migrate to new `test` account

📦 References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC
• </details>
• <details>
• <summary>Update .github/settings.yml @osterman (#321)</summary>

📦 what

• Update `.github/settings.yml`
• Drop `.github/auto-release.yml` files

📦 why

• Re-apply `.github/settings.yml` from org level
• Use organization level auto-release settings

📦 references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub
• </details>
• <details>
• <summary>Update .github/settings.yml @osterman (#320)</summary>

📦 what

• Update `.github/settings.yml`
• Drop `.github/auto-release.yml` files

📦 why

• Re-apply `.github/settings.yml` from org level
• Use organization level auto-release settings

📦 references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub
• </details>
• <details>
• <summary>Update .github/settings.yml @osterman (#312)</summary>

📦 what

• Update `.github/settings.yml`
• Drop `.github/auto-release.yml` files

📦 why

• Re-apply `.github/settings.yml` from org level
• Use organization level auto-release settings

📦 references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub
• </details>

📋 What's Changed

• Update README.md by @keithrozario in https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/308
• fix: private policies cannot use wildcard principal by @dudymas in https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/311

✨ New Contributors

• @keithrozario made their first contribution in https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/308
• @dudymas made their first contribution in https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/311
• Full Changelog: https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/compare/0.94.0...0.95.0

📦 what

• This PR adds realtime log config support for additional cache behaviours (Similar to #162 which added default cache behaviour)

📦 references

• </details>

📦 what

• disable creating acl resource in that case.

📦 why

• BucketOwnerEnforeced s3 bucket can't have an acl.

📦 references

• https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
• </details>

📦 🤖 Automatic Updates

• <details>
• <summary>Add GitHub Settings @osterman (#302)</summary>

📦 what

• Install a repository config (`.github/settings.yaml`)

📦 why

• Programmatically manage GitHub repo settings
• </details>
• <details>
• <summary>Update README.md and docs @cloudpossebot (#297)</summary>

📦 what

• This is an auto-generated PR that updates the README.md and docs

📦 why

• To have most recent changes of README.md and doc from origin templates
• </details>
• <details>
• <summary>Update Scaffolding @osterman (#298)</summary>

📦 what

• Reran `make readme` to rebuild `README.md` from `README.yaml`
• Migrate to square badges
• Add scaffolding for repo settings and Mergify

📦 why

• Upstream template changed in the `.github` repo
• Work better with repository rulesets
• Modernize look & feel
• </details>

📋 Changes

• `server_side_encryption_configuration` replaced with `aws_s3_bucket_server_side_encryption_configuration` resource
• `versioning` replaced with `aws_s3_bucket_versioning resource`
• `cors_rule` replaced with `aws_s3_bucket_cors_configuration resource`
• `acl` replaced with `aws_s3_bucket_acl resource`
• `bucket_versioning` input added

📦 🚀 Enhancements

• <details>
• <summary>Readme/example fix @samcrudge (#229)</summary>

📦 what

• Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
• Example of 'Origin Group with the origin created by this module as a primary origin and an additional
• S3 bucket as a failover origin' showed the s3_origins & origin_group as a map(any) rather than a list(map) causing builds to fail when using said example.

📦 why

• Provide the justifications for the changes (e.g. business case).
• Describe why these changes were made (e.g. why do these commits fix the problem?)
• Examples that reflect the required schema.

📦 references

• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
• [README.md](https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/blob/master/README.md) & [README.yaml](https://github.com/Cyber-Duck/terraform-aws-cloudfront-s3-cdn/blob/master/README.yaml)
• </details>

📦 🤖 Automatic Updates

• <details>
• <summary>chore(deps): update terraform cloudposse/iam-role/aws to v0.19.0 (main) @renovate (#271)</summary>
• This PR contains the following updates:
• | Package | Type | Update | Change |
• |---|---|---|---|
• | [cloudposse/iam-role/aws](https://registry.terraform.io/modules/cloudposse/iam-role/aws) ([source](https://togithub.com/cloudposse/terraform-aws-iam-role)) | module | minor | `0.16.0` -> `0.19.0` |
• ---

📦 Release Notes

• <details>
• <summary>cloudposse/terraform-aws-iam-role (cloudposse/iam-role/aws)</summary>

📦 [`v0.19.0`](https://togithub.com/cloudposse/terraform-aws-iam-role/releases/tag/0.19.0)

• [Compare Source](https://togithub.com/cloudposse/terraform-aws-iam-role/compare/0.18.0...0.19.0)
• <details>
• <summary>IAM Role name length limit @&#8203;goruha (#&#8203;58)</summary>
• Fix IAM role name length limit
• Fix IAM role name length limited to 64
• </details>
• <details>
• <summary>Sync github @&#8203;max-lobur (#&#8203;54)</summary>
• + 2 more

📦 [`v0.18.0`](https://togithub.com/cloudposse/terraform-aws-iam-role/releases/tag/0.18.0)

• [Compare Source](https://togithub.com/cloudposse/terraform-aws-iam-role/compare/0.17.0...0.18.0)
• No changes

📦 [`v0.17.0`](https://togithub.com/cloudposse/terraform-aws-iam-role/releases/tag/0.17.0)

• [Compare Source](https://togithub.com/cloudposse/terraform-aws-iam-role/compare/0.16.2...0.17.0)
• <details>
• <summary>Update main.tf @&#8203;karinatitov (#&#8203;50)</summary>
• have a chance to configure the name of the policy
• With this change i want to have an ability to provide a custom name for the policy
• the resources i'm working with were not created in the same way this module assumes
• to have a chance to configure the name of the policy
• </details>
• + 5 more

📦 [`v0.16.2`](https://togithub.com/cloudposse/terraform-aws-iam-role/releases/tag/0.16.2)

• [Compare Source](https://togithub.com/cloudposse/terraform-aws-iam-role/compare/0.16.1...0.16.2)
• <details>
• <summary>Add enabled check to data source @&#8203;nitrocode (#&#8203;45)</summary>
• [x] Add enabled check to data source
• [x] Add TestExamplesCompleteDisabled check
• Prevent creation if enabled is false
• [https://github.com/cloudposse/terraform-aws-s3-bucket/pull/148](https://togithub.com/cloudposse/terraform-aws-s3-bucket/pull/148)
• </details>

📦 [`v0.16.1`](https://togithub.com/cloudposse/terraform-aws-iam-role/releases/tag/0.16.1)

• [Compare Source](https://togithub.com/cloudposse/terraform-aws-iam-role/compare/0.16.0...0.16.1)
• <details>
• <summary>Disabling all tags in all iam resources @&#8203;jamengual (#&#8203;44)</summary>
• In [https://github.com/cloudposse/terraform-aws-iam-role/pull/43](https://togithub.com/cloudposse/terraform-aws-iam-role/pull/43) I added the option to disable role tags but in environments where roles are created under very strict controls, the policy tags for the roles sometimes can't be tagged. This change disable tags for all IAM related resources.
• *
• to disable tags for role-related things. Use one variable instead of two.
• [https://github.com/cloudposse/terraform-aws-iam-role/pull/43](https://togithub.com/cloudposse/terraform-aws-iam-role/pull/43)
• </details>
• + 4 more

📦 what

• Set [restrict_public_buckets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block#restrict_public_buckets) to the same value as `var.block_origin_public_access_enabled`

📦 why

• Only restrict public access on the bucket if we're blocking public access. Otherwise Cloudfront will not be able to access the bucket

📦 references

• Corrects bug created by #284
• </details>

📦 🚀 Enhancements

• <details>
• <summary>Correct a comment @alexjurkiewicz (#239)</summary>
• `var.comment` is for the distribution, not Origin Access Identity.
• </details>

📦 what

• Support AWS Provider V5
• Linter fixes

📦 why

• Maintenance

📦 references

• https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.0.0
• </details>
• <details>
• <summary>Sync github @max-lobur (#273)</summary>
• Rebuild github dir from the template
• </details>

📋 Changes

• No changes

📋 Changes

• No changes

📦 what

• Added support `source_zip` option for lambda@edge functions.

📦 why

• There are cases when we need to send the archive as a source for Lambda@Edge. For example, include `node_modules` for node js projects.
• So at the moment, this module supports 3 types of sources for Cloudfront Lambda@Edge:
• `source` - just a string with source code that is going to be saved to a file and archived by this module
• `source_dir` - path to the directory that contains a few files and/or subdirectories that are going to be archived by this module
• `source_zip` - path to a single zip file. This is useful when Lambda@Edge has a lot of dependencies for example in the case of NodeJS - `node_modules` directory
• See `examples/complete` for usage examples.

📦 references

• Closes #205
• </details>

📦 what

• Ability to specify source directory for Lambda@Edge submodule

📦 why

• Currently, we can pass the list of files that will be archived and uploaded as Lambda sources. This is not an option if more advanced logic is used and a lot of files should be used.
• Example
• For example, we have the following file structure for lambda@edge submodule:
• ```
• lambda_edge_example/
• lib/
• node_modules/
• index.js
• + 25 more

📦 Related

• Closes #205
• </details>

📦 what

• Adds `http_version` variable.

📦 why

• To be able to control the maximum HTTP version to be supported by the CloudFront Distribution, defaults to `http2`

📦 references

• Finishing work started in https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/pull/238 by @kim0
• </details>

📦 what

• Reverts #253

📦 why

• misunderstanding of use cases
• </details>

📦 🚀 Enhancements

• <details>
• <summary>bugfix `website_enabled` @Benbentwo (#253)</summary>

📦 what

• website enabled means we should use
• Public Bucket
• No TLS Verify on bucket assets (not used by cloudfront in website mode)
• No Lambda Edge association

📦 why

• Bugfix Website Mode

📦 references

• 4. on [this doc](https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-https-requests-s3/)
• </details>