diff --git a/modules/cloudfront/README.md b/modules/cloudfront/README.md
index 23b16702..4d02e733 100644
--- a/modules/cloudfront/README.md
+++ b/modules/cloudfront/README.md
@@ -166,7 +166,7 @@ module "cloudfront" {
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [acm\_cert\_arn](#input\_acm\_cert\_arn) | ACM certificate arn. | `string` | `""` | no |
-| [cache\_policy\_id](#input\_cache\_policy\_id) | Unique identifier of the cache policy that is attached to the cache behavior | `string` | `null` | no |
+| [cache\_policy\_id](#input\_cache\_policy\_id) | Unique identifier of the cache policy that is attached to the cache behavior | `string` | `""` | no |
| [cloudfront\_default\_certificate](#input\_cloudfront\_default\_certificate) | true if you want viewers to use HTTPS to request your objects and you're using the CloudFront domain name for your distribution. | `bool` | `true` | no |
| [connection\_attempts](#input\_connection\_attempts) | The number of times that CloudFront attempts to connect to the origin. | `number` | `3` | no |
| [connection\_timeout](#input\_connection\_timeout) | The number of seconds that CloudFront waits when trying to establish a connection to the origin. | `number` | `10` | no |
@@ -185,6 +185,7 @@ module "cloudfront" {
| [default\_viewer\_protocol\_policy](#input\_default\_viewer\_protocol\_policy) | Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https. | `string` | `"allow-all"` | no |
| [domain\_names](#input\_domain\_names) | The list of domain names (aliases) for which cloudfront will used for | `list(string)` | n/a | yes |
| [enabled](#input\_enabled) | Whether the distribution is enabled to accept end user requests for content. | `bool` | `true` | no |
+| [forwarded\_values](#input\_forwarded\_values) | Origin Forwarded value | object({
query_string = optional(bool, false)
headers = optional(list(string), ["Origin"])
forward = optional(string, "none")
}) | {
"forward": "none",
"headers": [
"Origin"
],
"query_string": false
} | no |
| [function\_associations](#input\_function\_associations) | A list of Cloudfront function associations. | list(object({
event_type = string
function_arn = string
})) | `[]` | no |
| [http\_port](#input\_http\_port) | The HTTP port the custom origin listens on. | `number` | `80` | no |
| [https\_port](#input\_https\_port) | The HTTPS port the custom origin listens on. | `number` | `443` | no |
diff --git a/modules/cloudfront/distribution.tf b/modules/cloudfront/distribution.tf
index 0794906d..1cbc54b0 100644
--- a/modules/cloudfront/distribution.tf
+++ b/modules/cloudfront/distribution.tf
@@ -45,7 +45,7 @@ resource "aws_cloudfront_distribution" "main" {
cache_policy_id = var.cache_policy_id
dynamic "forwarded_values" {
- for_each = var.cache_policy_id == null ? [] : [var.forwarded_values]
+ for_each = var.cache_policy_id == "" ? [] : [var.forwarded_values]
content {
query_string = forwarded_values.value.query_string
@@ -96,7 +96,7 @@ resource "aws_cloudfront_distribution" "main" {
cache_policy_id = var.cache_policy_id
dynamic "forwarded_values" {
- for_each = var.cache_policy_id == null ? [] : [var.forwarded_values]
+ for_each = var.cache_policy_id == "" ? [] : [var.forwarded_values]
content {
query_string = forwarded_values.value.query_string
diff --git a/modules/cloudfront/variables.tf b/modules/cloudfront/variables.tf
index c92e7e17..e594898f 100644
--- a/modules/cloudfront/variables.tf
+++ b/modules/cloudfront/variables.tf
@@ -43,7 +43,7 @@ variable "forwarded_values" {
variable "cache_policy_id" {
type = string
- default = null
+ default = ""
description = "Unique identifier of the cache policy that is attached to the cache behavior"
}