feat: allow aws_cloudfront_origin_access_identity to be toggled on/off

README.md

@@ -187,6 +187,7 @@ Available targets:
 | <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
 | <a name="input_ordered_cache"></a> [ordered\_cache](#input\_ordered\_cache) | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.<br>The fields can be described by the other variables in this file. For example, the field 'lambda\_function\_association' in this object has<br>a description in var.lambda\_function\_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest<br>of the vars in this file apply only to the default cache. Put value `""` on field `target_origin_id` to specify default s3 bucket origin. | <pre>list(object({<br>    target_origin_id = string<br>    path_pattern     = string<br><br>    allowed_methods          = list(string)<br>    cached_methods           = list(string)<br>    cache_policy_id          = string<br>    origin_request_policy_id = string<br>    compress                 = bool<br><br>    viewer_protocol_policy = string<br>    min_ttl                = number<br>    default_ttl            = number<br>    max_ttl                = number<br><br>    forward_query_string  = bool<br>    forward_header_values = list(string)<br>    forward_cookies       = string<br><br>    response_headers_policy_id = string<br><br>    lambda_function_association = list(object({<br>      event_type   = string<br>      include_body = bool<br>      lambda_arn   = string<br>    }))<br><br>    function_association = list(object({<br>      event_type   = string<br>      function_arn = string<br>    }))<br>  }))</pre> | `[]` | no |
+| <a name="input_origin_access_identity_enabled"></a> [origin\_access\_identity\_enabled](#input\_origin\_access\_identity\_enabled) | When true, creates origin access identity resource | `bool` | `true` | no |
 | <a name="input_origin_domain_name"></a> [origin\_domain\_name](#input\_origin\_domain\_name) | The DNS domain name of your custom origin (e.g. website) | `string` | `""` | no |
 | <a name="input_origin_http_port"></a> [origin\_http\_port](#input\_origin\_http\_port) | The HTTP port the custom origin listens on | `number` | `"80"` | no |
 | <a name="input_origin_https_port"></a> [origin\_https\_port](#input\_origin\_https\_port) | The HTTPS port the custom origin listens on | `number` | `443` | no |

docs/terraform.md

@@ -82,6 +82,7 @@
 | <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
 | <a name="input_ordered_cache"></a> [ordered\_cache](#input\_ordered\_cache) | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.<br>The fields can be described by the other variables in this file. For example, the field 'lambda\_function\_association' in this object has<br>a description in var.lambda\_function\_association variable earlier in this file. The only difference is that fields on this object are in ordered caches, whereas the rest<br>of the vars in this file apply only to the default cache. Put value `""` on field `target_origin_id` to specify default s3 bucket origin. | <pre>list(object({<br>    target_origin_id = string<br>    path_pattern     = string<br><br>    allowed_methods          = list(string)<br>    cached_methods           = list(string)<br>    cache_policy_id          = string<br>    origin_request_policy_id = string<br>    compress                 = bool<br><br>    viewer_protocol_policy = string<br>    min_ttl                = number<br>    default_ttl            = number<br>    max_ttl                = number<br><br>    forward_query_string  = bool<br>    forward_header_values = list(string)<br>    forward_cookies       = string<br><br>    response_headers_policy_id = string<br><br>    lambda_function_association = list(object({<br>      event_type   = string<br>      include_body = bool<br>      lambda_arn   = string<br>    }))<br><br>    function_association = list(object({<br>      event_type   = string<br>      function_arn = string<br>    }))<br>  }))</pre> | `[]` | no |
+| <a name="input_origin_access_identity_enabled"></a> [origin\_access\_identity\_enabled](#input\_origin\_access\_identity\_enabled) | When true, creates origin access identity resource | `bool` | `true` | no |
 | <a name="input_origin_domain_name"></a> [origin\_domain\_name](#input\_origin\_domain\_name) | The DNS domain name of your custom origin (e.g. website) | `string` | `""` | no |
 | <a name="input_origin_http_port"></a> [origin\_http\_port](#input\_origin\_http\_port) | The HTTP port the custom origin listens on | `number` | `"80"` | no |
 | <a name="input_origin_https_port"></a> [origin\_https\_port](#input\_origin\_https\_port) | The HTTPS port the custom origin listens on | `number` | `443` | no |

main.tf

@@ -8,7 +8,7 @@ module "origin_label" {
 }
 
 resource "aws_cloudfront_origin_access_identity" "default" {
-  count = module.this.enabled ? 1 : 0
+  count = module.this.enabled && var.origin_access_identity_enabled ? 1 : 0
 
   comment = module.origin_label.id
 }

variables.tf

@@ -134,6 +134,12 @@ variable "comment" {
   description = "Comment for the origin access identity"
 }
 
+variable "origin_access_identity_enabled" {
+  type        = bool
+  default     = true
+  description = "When true, creates origin access identity resource"
+}
+
 variable "logging_enabled" {
   type        = bool
   default     = true