Feature: CloudFront response headers policies

.changelog/21620.txt

@@ -0,0 +1,15 @@
+```release-note:new-resource
+aws_cloudfront_response_headers_policy
+```
+
+```release-note:new-data-source
+aws_cloudfront_response_headers_policy
+```
+
+```release-note:enhancement
+resource/aws_cloudfront_distribution: Add `response_headers_policy_id` argument to `ordered_cache_behavior` configuration block
+```
+
+```release-note:enhancement
+resource/aws_cloudfront_distribution: Add `response_headers_policy_id` argument to `default_cache_behavior` configuration block
+```

internal/provider/provider.go

@@ -375,6 +375,7 @@ func Provider() *schema.Provider {
 			"aws_cloudfront_function":                       cloudfront.DataSourceFunction(),
 			"aws_cloudfront_log_delivery_canonical_user_id": cloudfront.DataSourceLogDeliveryCanonicalUserID(),
 			"aws_cloudfront_origin_request_policy":          cloudfront.DataSourceOriginRequestPolicy(),
+			"aws_cloudfront_response_headers_policy":        cloudfront.DataSourceResponseHeadersPolicy(),
 
 			"aws_cloudhsm_v2_cluster": cloudhsmv2.DataSourceCluster(),
 
@@ -851,6 +852,7 @@ func Provider() *schema.Provider {
 			"aws_cloudfront_origin_request_policy":   cloudfront.ResourceOriginRequestPolicy(),
 			"aws_cloudfront_public_key":              cloudfront.ResourcePublicKey(),
 			"aws_cloudfront_realtime_log_config":     cloudfront.ResourceRealtimeLogConfig(),
+			"aws_cloudfront_response_headers_policy": cloudfront.ResourceResponseHeadersPolicy(),
 
 			"aws_cloudhsm_v2_cluster": cloudhsmv2.ResourceCluster(),
 			"aws_cloudhsm_v2_hsm":     cloudhsmv2.ResourceHSM(),

internal/service/cloudfront/distribution.go

@@ -6,7 +6,6 @@ import (
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/cloudfront"
 	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
@@ -191,6 +190,10 @@ func ResourceDistribution() *schema.Resource {
 							Optional:     true,
 							ValidateFunc: verify.ValidARN,
 						},
+						"response_headers_policy_id": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
 						"smooth_streaming": {
 							Type:     schema.TypeBool,
 							Optional: true,
@@ -387,6 +390,10 @@ func ResourceDistribution() *schema.Resource {
 							Optional:     true,
 							ValidateFunc: verify.ValidARN,
 						},
+						"response_headers_policy_id": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
 						"smooth_streaming": {
 							Type:     schema.TypeBool,
 							Optional: true,
@@ -863,7 +870,7 @@ func resourceDistributionRead(d *schema.ResourceData, meta interface{}) error {
 
 	resp, err := conn.GetDistribution(params)
 	if err != nil {
-		if errcode, ok := err.(awserr.Error); ok && errcode.Code() == "NoSuchDistribution" {
+		if tfawserr.ErrMessageContains(err, cloudfront.ErrCodeNoSuchDistribution, "") {
 			log.Printf("[WARN] No Distribution found: %s", d.Id())
 			d.SetId("")
 			return nil

internal/service/cloudfront/distribution_configuration_structure.go

@@ -190,12 +190,13 @@ func flattenCacheBehaviors(cbs *cloudfront.CacheBehaviors) []interface{} {
 
 func ExpandDefaultCacheBehavior(m map[string]interface{}) *cloudfront.DefaultCacheBehavior {
 	dcb := &cloudfront.DefaultCacheBehavior{
-		CachePolicyId:          aws.String(m["cache_policy_id"].(string)),
-		Compress:               aws.Bool(m["compress"].(bool)),
-		FieldLevelEncryptionId: aws.String(m["field_level_encryption_id"].(string)),
-		OriginRequestPolicyId:  aws.String(m["origin_request_policy_id"].(string)),
-		TargetOriginId:         aws.String(m["target_origin_id"].(string)),
-		ViewerProtocolPolicy:   aws.String(m["viewer_protocol_policy"].(string)),
+		CachePolicyId:           aws.String(m["cache_policy_id"].(string)),
+		Compress:                aws.Bool(m["compress"].(bool)),
+		FieldLevelEncryptionId:  aws.String(m["field_level_encryption_id"].(string)),
+		OriginRequestPolicyId:   aws.String(m["origin_request_policy_id"].(string)),
+		ResponseHeadersPolicyId: aws.String(m["response_headers_policy_id"].(string)),
+		TargetOriginId:          aws.String(m["target_origin_id"].(string)),
+		ViewerProtocolPolicy:    aws.String(m["viewer_protocol_policy"].(string)),
 	}
 
 	if forwardedValuesFlat, ok := m["forwarded_values"].([]interface{}); ok && len(forwardedValuesFlat) == 1 {
@@ -251,13 +252,14 @@ func expandCacheBehavior(m map[string]interface{}) *cloudfront.CacheBehavior {
 	}
 
 	cb := &cloudfront.CacheBehavior{
-		CachePolicyId:          aws.String(m["cache_policy_id"].(string)),
-		Compress:               aws.Bool(m["compress"].(bool)),
-		FieldLevelEncryptionId: aws.String(m["field_level_encryption_id"].(string)),
-		ForwardedValues:        forwardedValues,
-		OriginRequestPolicyId:  aws.String(m["origin_request_policy_id"].(string)),
-		TargetOriginId:         aws.String(m["target_origin_id"].(string)),
-		ViewerProtocolPolicy:   aws.String(m["viewer_protocol_policy"].(string)),
+		CachePolicyId:           aws.String(m["cache_policy_id"].(string)),
+		Compress:                aws.Bool(m["compress"].(bool)),
+		FieldLevelEncryptionId:  aws.String(m["field_level_encryption_id"].(string)),
+		ForwardedValues:         forwardedValues,
+		OriginRequestPolicyId:   aws.String(m["origin_request_policy_id"].(string)),
+		ResponseHeadersPolicyId: aws.String(m["response_headers_policy_id"].(string)),
+		TargetOriginId:          aws.String(m["target_origin_id"].(string)),
+		ViewerProtocolPolicy:    aws.String(m["viewer_protocol_policy"].(string)),
 	}
 
 	if m["cache_policy_id"].(string) == "" {
@@ -307,14 +309,15 @@ func expandCacheBehavior(m map[string]interface{}) *cloudfront.CacheBehavior {
 
 func flattenCloudFrontDefaultCacheBehavior(dcb *cloudfront.DefaultCacheBehavior) map[string]interface{} {
 	m := map[string]interface{}{
-		"cache_policy_id":           aws.StringValue(dcb.CachePolicyId),
-		"compress":                  aws.BoolValue(dcb.Compress),
-		"field_level_encryption_id": aws.StringValue(dcb.FieldLevelEncryptionId),
-		"viewer_protocol_policy":    aws.StringValue(dcb.ViewerProtocolPolicy),
-		"target_origin_id":          aws.StringValue(dcb.TargetOriginId),
-		"min_ttl":                   aws.Int64Value(dcb.MinTTL),
-		"origin_request_policy_id":  aws.StringValue(dcb.OriginRequestPolicyId),
-		"realtime_log_config_arn":   aws.StringValue(dcb.RealtimeLogConfigArn),
+		"cache_policy_id":            aws.StringValue(dcb.CachePolicyId),
+		"compress":                   aws.BoolValue(dcb.Compress),
+		"field_level_encryption_id":  aws.StringValue(dcb.FieldLevelEncryptionId),
+		"viewer_protocol_policy":     aws.StringValue(dcb.ViewerProtocolPolicy),
+		"target_origin_id":           aws.StringValue(dcb.TargetOriginId),
+		"min_ttl":                    aws.Int64Value(dcb.MinTTL),
+		"origin_request_policy_id":   aws.StringValue(dcb.OriginRequestPolicyId),
+		"realtime_log_config_arn":    aws.StringValue(dcb.RealtimeLogConfigArn),
+		"response_headers_policy_id": aws.StringValue(dcb.ResponseHeadersPolicyId),
 	}
 
 	if dcb.ForwardedValues != nil {
@@ -362,6 +365,7 @@ func flattenCacheBehavior(cb *cloudfront.CacheBehavior) map[string]interface{} {
 	m["min_ttl"] = int(aws.Int64Value(cb.MinTTL))
 	m["origin_request_policy_id"] = aws.StringValue(cb.OriginRequestPolicyId)
 	m["realtime_log_config_arn"] = aws.StringValue(cb.RealtimeLogConfigArn)
+	m["response_headers_policy_id"] = aws.StringValue(cb.ResponseHeadersPolicyId)
 
 	if cb.ForwardedValues != nil {
 		m["forwarded_values"] = []interface{}{FlattenForwardedValues(cb.ForwardedValues)}

internal/service/cloudfront/distribution_configuration_structure_test.go

@@ -30,6 +30,7 @@ func defaultCacheBehaviorConf() map[string]interface{} {
 		"compress":                    true,
 		"field_level_encryption_id":   "",
 		"realtime_log_config_arn":     "",
+		"response_headers_policy_id":  "",
 	}
 }