Skip to content

feat!: Upgrade MSV of AWS provider to 6.20, remove support for origin access identities #177

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 29, 2025
Merged

feat!: Upgrade MSV of AWS provider to 6.20, remove support for origin access identities #177

merged 4 commits into from
Nov 29, 2025

Conversation

@bryantbiggs
Copy link
Member

@bryantbiggs bryantbiggs commented Nov 28, 2025
edited
Loading

List of backwards incompatible changes

  • AWS provider v6.20 is now minimum supported version
  • Support for aws_cloudfront_origin_access_identity has been removed in favor of aws_cloudfront_origin_access_control

Additional changes

Added

  • None

Modified

  • Variable definitions now contain detailed object types in place of the previously used any type
  • is_ipv6_enabled now defaults to true if not specified
  • default_cache_behavior.compress and ordered_cache_behavior.compress now default to true
  • origin.origin_ssl_protocols now defaults to ["TLSv1.2"]
  • vpc_origin.origin_ssl_protocols.items now defaults to ["TLSv1.2"]
  • vpc_origin_timeouts is now embedded under vpc_origin
  • viewer_certificate.minimum_protocol_version now defaults to "TLSv1.2_2025"
  • See the the Before vs After examples below for more details on variable type definition changes

Variable and output changes

  1. Removed variables:

    • create_origin_access_identity
    • origin_access_identities
    • create_origin_access_control
    • create_vpc_origin
    • vpc_origin_timeouts - use timeouts block within vpc_origin variable instead
    • create_response_headers_policy
    • create_cloudfront_function

  2. Renamed variables:

    • create_distribution -> create

  3. Added variables:

    • anycast_ip_list_id

  4. Removed outputs:

    • cloudfront_vpc_origin_ids
    • cloudfront_origin_access_controls_ids
    • cloudfront_origin_access_identities
    • cloudfront_origin_access_identity_ids
    • cloudfront_origin_access_identity_iam_arns
    • cloudfront_distribution_tags

  5. Renamed outputs:

    • None

  6. Added outputs:

    • cloudfront_vpc_origins

Motivation and Context

Breaking Changes

  • Yes

How Has This Been Tested?

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects
  • I have executed pre-commit run -a on my pull request

bryantbiggs
bryantbiggs commented Nov 28, 2025
View reviewed changes
README.md

- [Complete](https://github.com/terraform-aws-modules/terraform-aws-cloudfront/tree/master/examples/complete) - Complete example which creates AWS CloudFront distribution and integrates it with other [terraform-aws-modules](https://github.com/terraform-aws-modules) to create additional resources: S3 buckets, Lambda Functions, CloudFront Functions, VPC Origins, ACM Certificate, Route53 Records.

## Notes
Copy link
Member Author

@bryantbiggs bryantbiggs Nov 28, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is now solved by these added guards (both default and ordered cache behaviors) so users don't need to worry about this https://github.com/terraform-aws-modules/terraform-aws-cloudfront/pull/177/files#diff-dc46acf24afd63ef8c556b77c126ccc6e578bc87e3aa09a931f33d9bf2532fbbR36-R37

antonbabenko
antonbabenko approved these changes Nov 29, 2025
View reviewed changes
Copy link
Member

@antonbabenko antonbabenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well done! +1 for simplifying OAC vs OAI. I am always confused which one I should use. :)

@bryantbiggs bryantbiggs merged commit 5896259 into master Nov 29, 2025
7 checks passed
@bryantbiggs bryantbiggs deleted the feat/upgrade branch November 29, 2025 17:59
antonbabenko pushed a commit that referenced this pull request Nov 29, 2025
@semantic-release-bot
chore(release): version 6.0.0 [skip ci]
501d39e 
## [6.0.0](v5.2.0...v6.0.0) (2025-11-29)

### ⚠ BREAKING CHANGES

* Upgrade MSV of AWS provider to `6.20`, remove support for origin access identities (#177)

### Features

* Upgrade MSV of AWS provider to `6.20`, remove support for origin access identities ([#177](#177)) ([5896259](5896259))
@antonbabenko
Copy link
Member

antonbabenko commented Nov 29, 2025

This PR is included in version 6.0.0 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@antonbabenko antonbabenko antonbabenko approved these changes

+1 more reviewer

@magreenbaum magreenbaum magreenbaum approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

4 participants

@bryantbiggs @antonbabenko @magreenbaum