terraform-aws-modules/terraform-aws-cloudfront v6.0.0

on GitHub

6.0.0 (2025-11-29)

⚠ BREAKING CHANGES

• Upgrade MSV of AWS provider to 6.20, remove support for origin access identities (#177)

See the docs/UPGRADE-6.0.md for further details

List of backwards incompatible changes

• AWS provider v6.20 is now minimum supported version
• Support for aws_cloudfront_origin_access_identity has been removed in favor of aws_cloudfront_origin_access_control

Additional changes

Added

• None

Modified

• Variable definitions now contain detailed object types in place of the previously used any type
• is_ipv6_enabled now defaults to true if not specified
• default_cache_behavior.compress and ordered_cache_behavior.compress now default to true
• origin.origin_ssl_protocols now defaults to ["TLSv1.2"]
• vpc_origin.origin_ssl_protocols.items now defaults to ["TLSv1.2"]
• vpc_origin_timeouts is now embedded under vpc_origin
• viewer_certificate.minimum_protocol_version now defaults to "TLSv1.2_2025"
• See the the Before vs After examples below for more details on variable type definition changes

Variable and output changes

1. Removed variables:

   • create_origin_access_identity
   • origin_access_identities
   • create_origin_access_control
   • create_vpc_origin
   • vpc_origin_timeouts - use timeouts block within vpc_origin variable instead
   • create_response_headers_policy
   • create_cloudfront_function

2. Renamed variables:

   • create_distribution -> create

3. Added variables:

   • anycast_ip_list_id

4. Removed outputs:

   • cloudfront_vpc_origin_ids
   • cloudfront_origin_access_controls_ids
   • cloudfront_origin_access_identities
   • cloudfront_origin_access_identity_ids
   • cloudfront_origin_access_identity_iam_arns
   • cloudfront_distribution_tags

5. Renamed outputs:

   • None

6. Added outputs:

   • cloudfront_vpc_origins