nagelflorian · November 22, 2024 13:19 · ivan-navi-studios · Aug 31, 2022 · jottasystem · Sep 5, 2022
diff --git a/buckets.tf b/buckets.tf
 # AWS S3 bucket for static hosting
 resource "aws_s3_bucket" "website" {
  bucket = "${var.website_bucket_name}"
  acl = "public-read"

  tags {
    Name = "Website"
    Environment = "production"
  }

  cors_rule {
    allowed_headers = ["*"]
    allowed_methods = ["PUT","POST"]
    allowed_origins = ["*"]
    expose_headers = ["ETag"]
    max_age_seconds = 3000
  }

  policy = <<EOF
 {
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "PublicReadForGetBucketObjects",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::${var.website_bucket_name}/*"
    }
  ]
 }
 EOF

  website {
    index_document = "index.html"
    error_document = "error.html"
  }
 }

 # AWS S3 bucket for www-redirect
 resource "aws_s3_bucket" "website_redirect" {
  bucket = "www.${var.website_bucket_name}"
  acl = "public-read"

  website {
    redirect_all_requests_to = "${var.website_bucket_name}"
  }
 }
diff --git a/cdn.tf b/cdn.tf
 # AWS Cloudfront for caching
 resource "aws_cloudfront_distribution" "s3_distribution" {
  origin {
    domain_name = "${aws_s3_bucket.website.bucket}.s3.amazonaws.com"
    origin_id   = "website"
  }

  enabled             = true
  is_ipv6_enabled     = true
  comment             = "Managed by Terraform"
  default_root_object = "index.html"

  aliases = ["${var.domain_name}"]

  default_cache_behavior {
    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "website"

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "allow-all"
    min_ttl                = 0
    default_ttl            = 3600
    max_ttl                = 86400
  }

  price_class = "PriceClass_100"

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  tags {
    Environment = "production"
  }

  viewer_certificate {
    cloudfront_default_certificate = true
  }
 }
diff --git a/hosted-zone.tf b/hosted-zone.tf
 resource "aws_route53_zone" "main" {
  name = "${var.domain_name}"
  comment = "Managed by Terraform"

  tags {
    Environment = "production"
  }
 }

 resource "aws_route53_record" "main-a-record" {
   zone_id = "${aws_route53_zone.main.zone_id}"
   name = "${var.domain_name}"
   type = "A"
   alias {
    name = "${aws_s3_bucket.website.website_domain}"
    zone_id = "${aws_s3_bucket.website.hosted_zone_id}"
    evaluate_target_health = false
  }
 }

 resource "aws_route53_record" "main-c-name" {
  zone_id = "${aws_route53_zone.main.zone_id}"
  name = "www"
  type = "CNAME"
  ttl = "300"
  records = ["${var.domain_name}"]
 }
diff --git a/provider.tf b/provider.tf
 provider "aws" {
  access_key = "${var.aws_access_key}"
  secret_key = "${var.aws_secret_key}"
  region = "${var.aws_region}"
 }
diff --git a/variables.tf b/variables.tf
 variable "aws_access_key" {}
 variable "aws_secret_key" {}
 variable "aws_region" {}

 variable "domain_name" {}

 variable "website_bucket_name" {}
 variable "website_zone_id" {}
	# AWS S3 bucket for static hosting
	resource "aws_s3_bucket" "website" {
	bucket = "${var.website_bucket_name}"
	acl = "public-read"

	tags {
	Name = "Website"
	Environment = "production"
	}

	cors_rule {
	allowed_headers = ["*"]
	allowed_methods = ["PUT","POST"]
	allowed_origins = ["*"]
	expose_headers = ["ETag"]
	max_age_seconds = 3000
	}

	policy = <<EOF
	{
	"Version": "2008-10-17",
	"Statement": [
	{
	"Sid": "PublicReadForGetBucketObjects",
	"Effect": "Allow",
	"Principal": {
	"AWS": "*"
	},
	"Action": "s3:GetObject",
	"Resource": "arn:aws:s3:::${var.website_bucket_name}/*"
	}
	]
	}
	EOF

	website {
	index_document = "index.html"
	error_document = "error.html"
	}
	}

	# AWS S3 bucket for www-redirect
	resource "aws_s3_bucket" "website_redirect" {
	bucket = "www.${var.website_bucket_name}"
	acl = "public-read"

	website {
	redirect_all_requests_to = "${var.website_bucket_name}"
	}
	}
	# AWS Cloudfront for caching
	resource "aws_cloudfront_distribution" "s3_distribution" {
	origin {
	domain_name = "${aws_s3_bucket.website.bucket}.s3.amazonaws.com"
	origin_id = "website"
	}

	enabled = true
	is_ipv6_enabled = true
	comment = "Managed by Terraform"
	default_root_object = "index.html"

	aliases = ["${var.domain_name}"]

	default_cache_behavior {
	allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
	cached_methods = ["GET", "HEAD"]
	target_origin_id = "website"

	forwarded_values {
	query_string = false

	cookies {
	forward = "none"
	}
	}

	viewer_protocol_policy = "allow-all"
	min_ttl = 0
	default_ttl = 3600
	max_ttl = 86400
	}

	price_class = "PriceClass_100"

	restrictions {
	geo_restriction {
	restriction_type = "none"
	}
	}

	tags {
	Environment = "production"
	}

	viewer_certificate {
	cloudfront_default_certificate = true
	}
	}
	resource "aws_route53_zone" "main" {
	name = "${var.domain_name}"
	comment = "Managed by Terraform"

	tags {
	Environment = "production"
	}
	}

	resource "aws_route53_record" "main-a-record" {
	zone_id = "${aws_route53_zone.main.zone_id}"
	name = "${var.domain_name}"
	type = "A"
	alias {
	name = "${aws_s3_bucket.website.website_domain}"
	zone_id = "${aws_s3_bucket.website.hosted_zone_id}"
	evaluate_target_health = false
	}
	}

	resource "aws_route53_record" "main-c-name" {
	zone_id = "${aws_route53_zone.main.zone_id}"
	name = "www"
	type = "CNAME"
	ttl = "300"
	records = ["${var.domain_name}"]
	}
	provider "aws" {
	access_key = "${var.aws_access_key}"
	secret_key = "${var.aws_secret_key}"
	region = "${var.aws_region}"
	}
	variable "aws_access_key" {}
	variable "aws_secret_key" {}
	variable "aws_region" {}

	variable "domain_name" {}

	variable "website_bucket_name" {}
	variable "website_zone_id" {}