Removing extra variables

README.md

@@ -78,7 +78,7 @@ No modules.
 | <a name="input_cloudfront_http_version"></a> [cloudfront\_http\_version](#input\_cloudfront\_http\_version) | (Optional) - The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2. | `string` | `"http2"` | no |
 | <a name="input_cloudfront_origin_http_port"></a> [cloudfront\_origin\_http\_port](#input\_cloudfront\_origin\_http\_port) | The HTTP port the custom origin listens on. Defaults to 80 | `number` | `80` | no |
 | <a name="input_cloudfront_origin_https_port"></a> [cloudfront\_origin\_https\_port](#input\_cloudfront\_origin\_https\_port) | The HTTPS port the custom origin listens on. Defaults to 443 | `number` | `443` | no |
-| <a name="input_cloudfront_origin_protocol_policy"></a> [cloudfront\_origin\_protocol\_policy](#input\_cloudfront\_origin\_protocol\_policy) | The origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer. | `string` | `"match-viewer"` | no |
+| <a name="input_cloudfront_origin_protocol_policy"></a> [cloudfront\_origin\_protocol\_policy](#input\_cloudfront\_origin\_protocol\_policy) | The origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer. | `string` | `"https-only"` | no |
 | <a name="input_cloudfront_origin_ssl_protocols"></a> [cloudfront\_origin\_ssl\_protocols](#input\_cloudfront\_origin\_ssl\_protocols) | The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2. Defaults to TLSv1, TLSv1.1 and TLSv1.2 | `list(string)` | <pre>[<br>  "TLSv1",<br>  "TLSv1.1",<br>  "TLSv1.2"<br>]</pre> | no |
 | <a name="input_cloudfront_price_class"></a> [cloudfront\_price\_class](#input\_cloudfront\_price\_class) | (Optional) - The price class for this distribution. One of PriceClass\_All, PriceClass\_200, PriceClass\_100. Defaults to PriceClass\_100 | `string` | `"PriceClass_100"` | no |
 | <a name="input_cloudfront_viewer_protocol_policy"></a> [cloudfront\_viewer\_protocol\_policy](#input\_cloudfront\_viewer\_protocol\_policy) | Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https. Defautls to redirect-to-https | `string` | `"redirect-to-https"` | no |

variables.tf

@@ -193,7 +193,7 @@ variable "cloudfront_origin_https_port" {
 variable "cloudfront_origin_protocol_policy" {
   description = "The origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer."
   type        = string
-  default     = "match-viewer"
+  default     = "https-only"
 }
 
 variable "cloudfront_origin_ssl_protocols" {
@@ -243,15 +243,3 @@ variable "cloudfront_www_website_wait_for_deployment" {
   type        = bool
   default     = true
 }
-
-# variable "cloudfront_viewer_certificate_ssl_support_method" {
-#   description = "Specifies how you want CloudFront to serve HTTPS requests. One of vip or sni-only. Required if you specify acm_certificate_arn or iam_certificate_id. NOTE: vip causes CloudFront to use a dedicated IP address and may incur extra charges."
-#   type        = string
-#   default     = "sni-only"
-# }
-
-# variable "cloudfront_viewer_certificate_minimum_protocol_version" {
-#   description = "The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018 or TLSv1.2_2019. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified."
-#   type        = string
-#   default     = "TLSv1"
-# }

website.tf

@@ -140,10 +140,8 @@ resource "aws_cloudfront_distribution" "website" { # tfsec:ignore:AWS045
 
   # TODO - Work on SSL certificates
   # viewer_certificate (Required) - The SSL configuration for this distribution (maximum one).
-  viewer_certificate {
+  viewer_certificate { # tfsec:ignore:AWS021
     cloudfront_default_certificate = true
-    # ssl_support_method             = var.cloudfront_viewer_certificate_ssl_support_method
-    # minimum_protocol_version       = var.cloudfront_viewer_certificate_minimum_protocol_version # tfsec:ignore:AWS021
   }
 
   # TODO - Work to add Web ACL variables

website_www_redirect.tf

@@ -121,10 +121,8 @@ resource "aws_cloudfront_distribution" "www_website" { # tfsec:ignore:AWS045
 
   # TODO - Work on SSL certificates
   # viewer_certificate (Required) - The SSL configuration for this distribution (maximum one).
-  viewer_certificate {
+  viewer_certificate { # tfsec:ignore:AWS021
     cloudfront_default_certificate = true
-    # ssl_support_method             = var.cloudfront_viewer_certificate_ssl_support_method
-    # minimum_protocol_version       = var.cloudfront_viewer_certificate_minimum_protocol_version # tfsec:ignore:AWS021
   }
 
   # TODO - Work to add Web ACL variables