Merge commit '78ab4d0f60d3e4c32aeb6f782168377c218f667c' into release

Author: github-actions[bot]

.github/workflows/tf-docs.yml

@@ -12,9 +12,9 @@ jobs:
   update-docs:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Update Terraform docs in README
-        uses: terraform-docs/gh-actions@v0.10.0
+        uses: terraform-docs/gh-actions@v1.0.0
         with:
           config-file: '.terraform-docs.yml'
           output-file: README.md

CHANGELOG.md

@@ -2,6 +2,13 @@
 
 ## [Unreleased]
 
+## [12.1.3] - 2022-08-12
+
+- Uses Image Optimizer module of [Next.js 12.1.3](https://github.com/vercel/next.js/releases/tag/v12.1.3) ([#121](https://github.com/milliHQ/terraform-aws-next-js-image-optimization/pull/121))
+- Updates sharp from `v0.30.3` to [`v0.30.7`](https://github.com/lovell/sharp/releases/tag/v0.30.7) ([#136](https://github.com/milliHQ/terraform-aws-next-js-image-optimization/pull/136))
+- Support usage of custom domain and SSL certificate with the default CloudFront distribution ([#134](https://github.com/milliHQ/terraform-aws-next-js-image-optimization/pull/134))
+- Minimum protocol version for the default CloudFront distribution can now set using `cloudfront_minimum_protocol_version` variable. New default value is `TLSv1` (was `TLSv1.2_2018` before) ([#134](https://github.com/milliHQ/terraform-aws-next-js-image-optimization/pull/134))
+
 ## [12.1.2] - 2022-04-16
 
 - Uses Image Optimizer module of [Next.js 12.1.2](https://github.com/vercel/next.js/releases/tag/v12.1.2) ([#118](https://github.com/milliHQ/terraform-aws-next-js-image-optimization/pull/118))

README.md

@@ -104,8 +104,8 @@ Then rebuild and redeploy your Next.js application to make use of the changed co
   Use the image optimizer with an existing CloudFront distribution.
 
 <!-- prettier-ignore-start -->
-<!--- STOP: Auto generated values - Make no manual edits here --->
-<!--- BEGIN_TF_DOCS --->
+<!-- STOP: Auto generated values - Make no manual edits here -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -123,10 +123,13 @@ Then rebuild and redeploy your Next.js application to make use of the changed co
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| cloudfront\_acm\_certificate\_arn | CloudFront ACM certificate to use. | `string` | `null` | no |
+| cloudfront\_aliases | Custom domain(s) for CloudFront. | `list(string)` | `[]` | no |
 | cloudfront\_create\_distribution | Controls whether a CloudFront distribution should be created. | `bool` | `true` | no |
 | cloudfront\_enable\_origin\_shield | Controls whether CloudFront Origin Shield should be enabled on the image optimizer lambdas. | `bool` | `true` | no |
+| cloudfront\_minimum\_protocol\_version | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. One of SSLv3, TLSv1, TLSv1\_2016, TLSv1.1\_2016, TLSv1.2\_2018 TLSv1.2\_2019 or TLSv1.2\_2021. | `string` | `"TLSv1"` | no |
 | cloudfront\_origin\_id | Override the id for the custom CloudFront id. | `string` | `"tf-next-image-optimizer"` | no |
-| cloudfront\_origin\_shield\_region | Override the region choosen for the CloudFront origin shield. Use `auto` to automatically determine the optimal region. | `string` | `"auto"` | no |
+| cloudfront\_origin\_shield\_region | Override the region chosen for the CloudFront origin shield. Use `auto` to automatically determine the optimal region. | `string` | `"auto"` | no |
 | cloudfront\_price\_class | Price class for the CloudFront distribution. One of PriceClass\_All, PriceClass\_200, PriceClass\_100. | `string` | `"PriceClass_100"` | no |
 | debug\_use\_local\_packages | (Debug) Use local packages instead of downloading them from npm. | `bool` | `false` | no |
 | deployment\_name | Identifier for the deployment group (only lowercase alphanumeric characters and hyphens are allowed). | `string` | `"tf-next-image"` | no |
@@ -142,7 +145,7 @@ Then rebuild and redeploy your Next.js application to make use of the changed co
 | next\_image\_domains | Allowed origin domains that can be used for fetching images. | `list(string)` | `[]` | no |
 | next\_image\_formats | If the Accept head matches more than one of the configured formats, the first match in the array is used. Therefore, the array order matters. If there is no match, the Image Optimization API will fallback to the original image's format. | `list(string)` | <pre>[<br>  "image/webp"<br>]</pre> | no |
 | next\_image\_image\_sizes | Allowed image sizes that should be used for image optimization. | `list(number)` | `null` | no |
-| next\_image\_version | Next.js version from where you want to use the image optimizer from. Supports semver ranges. | `string` | `"12.1.2"` | no |
+| next\_image\_version | Next.js version from where you want to use the image optimizer from. Supports semver ranges. | `string` | `"12.1.3"` | no |
 | source\_bucket\_id | When your static files are deployed to a Bucket (e.g. with Terraform Next.js) the optimizer can pull the source from the bucket rather than over the internet. | `string` | `null` | no |
 | tags | Tag metadata to label AWS resources that support tags. | `map(string)` | `{}` | no |
 
@@ -157,8 +160,7 @@ Then rebuild and redeploy your Next.js application to make use of the changed co
 | cloudfront\_origin | Predefined CloudFront origin. Can be used to embed the image optimizer into an existing CloudFront resource. |
 | cloudfront\_origin\_id | Id of the custom origin used for image optimization. |
 | cloudfront\_origin\_request\_policy\_id | Request policy id used for image optimization. |
-
-<!--- END_TF_DOCS --->
+<!-- END_TF_DOCS -->
 <!-- prettier-ignore-end -->
 
 ## Limits

examples/with-custom-domain/README.md

@@ -0,0 +1,66 @@
+# Custom Domain Example
+
+This example shows how to configure a custom domain for the [Terraform Next.js Image Optimization module for AWS](https://github.com/milliHQ/terraform-aws-next-js-image-optimization).
+
+> **Note:** The full example code is available on [GitHub](https://github.com/milliHQ/terraform-aws-next-js-image-optimization/tree/main/examples/with-custom-domain)
+
+## Setup the Terraform module
+
+1. Create a new file called `main.tf` and paste the code from the following source: [main.tf on GitHub](https://github.com/milliHQ/terraform-aws-next-js-image-optimization/blob/main/examples/with-custom-domain/main.tf):
+
+2. Then configure the domain you want to use:
+
+   ```tf
+   # main.tf
+
+   ...
+   ###########
+   # Variables
+   ###########
+
+   variable "custom_domain" {
+     description = "Your custom domain"
+     type        = string
+     default     = "example.com"
+   }
+
+   variable "custom_domain_zone_name" {
+     description = "The Route53 zone name of the custom domain"
+     type        = string
+     default     = "example.com."
+   }
+
+   ...
+   ```
+
+3. Run Terraform to deploy the image optimizer to your AWS account:
+
+   ```sh
+   terraform init  # Only needed on the first time running Terraform
+
+   terraform plan  # (Optional) See what resources Terraform will create
+   terraform apply # Deploy the image optimizer module to your AWS account
+   ```
+
+   After Terraform has successfully created all resources in your AWS account, you should see the following output on the terminal:
+
+   ```sh
+   > Apply complete!
+   >
+   > Outputs:
+   >
+   > custom_domain     = "example.com"
+   > cloudfront_domain = "<distribution-id>.cloudfront.net"
+   ```
+
+4. Integrate with Next.js by editing `next.config.js`:
+
+   ```diff
+   // next.config.js
+
+   module.exports = {
+   +  images: {
+   +    path: 'https://example.com/_next/image'
+   +  },
+   }
+   ```

examples/with-custom-domain/main.tf

@@ -0,0 +1,98 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.0"
+    }
+  }
+}
+
+# AWS region where the image optimizer should be deployed to.
+# While the optimized images are cached globally (via CloudFront CDN) this
+# determines the location where the optimization (Lambda) should happen, when
+# the cache is missed.
+provider "aws" {
+  region = "us-east-1"
+}
+
+###########
+# Variables
+###########
+
+variable "custom_domain" {
+  description = "Your custom domain"
+  type        = string
+  default     = "example.com"
+}
+
+# Assuming that the hosted ZONE of your domain is already registered in your
+# AWS account (Route 53)
+# https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/AboutHZWorkingWith.html
+variable "custom_domain_zone_name" {
+  description = "The Route53 zone name of the custom domain"
+  type        = string
+  default     = "example.com."
+}
+
+# Get the hosted zone for the custom domain
+data "aws_route53_zone" "custom_domain_zone" {
+  name = var.custom_domain_zone_name
+}
+
+# Create a new record in Route 53 for the domain
+resource "aws_route53_record" "cloudfront_alias_domain" {
+  zone_id = data.aws_route53_zone.custom_domain_zone.zone_id
+  name    = each.key
+  type    = "A"
+
+  alias {
+    name                   = module.next_image_optimizer.cloudfront_domain_name
+    zone_id                = module.next_image_optimizer.cloudfront_hosted_zone_id
+    evaluate_target_health = false
+  }
+}
+
+##########
+# SSL Cert
+##########
+
+# Creates a free SSL certificate for CloudFront distribution
+# For more options (e.g. multiple domains) see:
+# https://registry.terraform.io/modules/terraform-aws-modules/acm/aws/
+module "cloudfront_cert" {
+  source  = "terraform-aws-modules/acm/aws"
+  version = "~> 3.0"
+
+  domain_name               = var.custom_domain
+  zone_id                   = data.aws_route53_zone.custom_domain_zone.zone_id
+  subject_alternative_names = slice(local.aliases, 1, length(local.aliases))
+
+  tags = {
+    Name = "CloudFront ${var.custom_domain}"
+  }
+
+  # CloudFront works only with certs stored in us-east-1
+  providers = {
+    aws = aws.global_region
+  }
+}
+
+#######################
+# Route53 Domain record
+#######################
+
+module "next_image_optimizer" {
+  source = "milliHQ/next-js-image-optimization/aws"
+
+  cloudfront_aliases             = [var.custom_domain]
+  cloudfront_acm_certificate_arn = module.cloudfront_cert.acm_certificate_arn
+  next_image_domains             = ["assets.vercel.com"]
+}
+
+output "custom_domain" {
+  value = var.custom_domain
+}
+
+output "cloudfront_domain" {
+  value = module.next_image_optimizer.cloudfront_domain_name
+}

examples/with-next-js/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.0"
+      version = "~> 4.0"
     }
   }
 }

main.tf

@@ -239,10 +239,13 @@ resource "aws_cloudfront_cache_policy" "this" {
 module "cloudfront" {
   source = "./modules/cloudfront-cache"
 
-  cloudfront_create_distribution = var.cloudfront_create_distribution
-  cloudfront_price_class         = var.cloudfront_price_class
-  cloudfront_origin              = local.cloudfront_origin
-  cloudfront_default_behavior    = local.cloudfront_cache_behavior
+  cloudfront_create_distribution      = var.cloudfront_create_distribution
+  cloudfront_price_class              = var.cloudfront_price_class
+  cloudfront_origin                   = local.cloudfront_origin
+  cloudfront_default_behavior         = local.cloudfront_cache_behavior
+  cloudfront_minimum_protocol_version = var.cloudfront_minimum_protocol_version
+  cloudfront_acm_certificate_arn      = var.cloudfront_acm_certificate_arn
+  cloudfront_aliases                  = var.cloudfront_aliases
 
   deployment_name = var.deployment_name
   tags            = var.tags

modules/cloudfront-cache/main.tf

@@ -8,6 +8,7 @@ resource "aws_cloudfront_distribution" "distribution" {
   is_ipv6_enabled = true
   comment         = var.deployment_name
   price_class     = var.cloudfront_price_class
+  aliases         = var.cloudfront_aliases
 
   dynamic "default_cache_behavior" {
     for_each = [var.cloudfront_default_behavior]
@@ -68,7 +69,10 @@ resource "aws_cloudfront_distribution" "distribution" {
   }
 
   viewer_certificate {
-    cloudfront_default_certificate = true
+    acm_certificate_arn            = var.cloudfront_acm_certificate_arn
+    cloudfront_default_certificate = var.cloudfront_acm_certificate_arn == null
+    minimum_protocol_version       = var.cloudfront_minimum_protocol_version
+    ssl_support_method             = var.cloudfront_acm_certificate_arn != null ? "sni-only" : null
   }
 
   restrictions {

modules/cloudfront-cache/variables.tf

@@ -21,3 +21,17 @@ variable "deployment_name" {
 variable "tags" {
   type = map(string)
 }
+
+variable "cloudfront_minimum_protocol_version" {
+  type = string
+}
+
+variable "cloudfront_acm_certificate_arn" {
+  type    = string
+  default = null
+}
+
+variable "cloudfront_aliases" {
+  type    = list(string)
+  default = []
+}

variables.tf

@@ -4,7 +4,7 @@
 variable "next_image_version" {
   description = "Next.js version from where you want to use the image optimizer from. Supports semver ranges."
   type        = string
-  default     = "12.1.2"
+  default     = "12.1.3"
 }
 
 variable "next_image_base_origin" {
@@ -118,7 +118,7 @@ variable "cloudfront_enable_origin_shield" {
 }
 
 variable "cloudfront_origin_shield_region" {
-  description = "Override the region choosen for the CloudFront origin shield. Use `auto` to automatically determine the optimal region."
+  description = "Override the region chosen for the CloudFront origin shield. Use `auto` to automatically determine the optimal region."
   type        = string
   default     = "auto"
 }
@@ -129,6 +129,24 @@ variable "cloudfront_origin_id" {
   default     = "tf-next-image-optimizer"
 }
 
+variable "cloudfront_minimum_protocol_version" {
+  description = "The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018 TLSv1.2_2019 or TLSv1.2_2021."
+  type        = string
+  default     = "TLSv1"
+}
+
+variable "cloudfront_acm_certificate_arn" {
+  description = "CloudFront ACM certificate to use."
+  type        = string
+  default     = null
+}
+
+variable "cloudfront_aliases" {
+  description = "Custom domain(s) for CloudFront."
+  type        = list(string)
+  default     = []
+}
+
 ##########
 # Labeling
 ##########