blog.ligthert.net/terraform.tf

# Terraform, compulsary.
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.16.0"
    }
  }
  required_version = ">= 0.15"
}

# Providers!
# S3 Bucket in Ireland
provider "aws" {
  region = "eu-west-1"
}

# Global for Certificates 
provider "aws" {
  region = "us-east-1"
  alias  = "global"
}

# Variables
variable "domainname" {
  type    = string
  default = "blog.ligthert.net"
}

#
# <S3
#

# Create a bucket
resource "aws_s3_bucket" "bucket" {
  bucket        = var.domainname
  force_destroy = true
}

# Place ACL on the bucket
resource "aws_s3_bucket_acl" "bucket_acl" {
  bucket = aws_s3_bucket.bucket.id
  acl    = "public-read"
}

# Enable the static file hosting
resource "aws_s3_bucket_website_configuration" "bucket_website" {
  bucket = aws_s3_bucket.bucket.bucket

  index_document {
    suffix = "index.html"
  }
  error_document {
    key = "error.html"
  }
}

# Give bucket a policy
resource "aws_s3_bucket_policy" "bucket_policy" {
  bucket = aws_s3_bucket.bucket.id
  policy = data.aws_iam_policy_document.bucket_policy_document.json
}

# Create a policy document
data "aws_iam_policy_document" "bucket_policy_document" {
  statement {
    sid    = "PublicReadGetObject"
    effect = "Allow"
    principals {
      type        = "AWS"
      identifiers = ["*"]
    }
    actions = ["s3:GetObject"]
    resources = [
      var.domainname,
      "${var.domainname}/*",
    ]
  }
}

#
# S3>
#

#
# <CloudFront
#

locals {
  s3_origin_id = "S3Origin"
}

resource "aws_cloudfront_origin_access_identity" "dafaim" {
  comment = "Manage access and identities."
}

resource "aws_cloudfront_distribution" "s3_distribution" {

  aliases = ["${var.domainname}"]
  comment = "A CloudFront distribution"

  default_cache_behavior {
    allowed_methods = ["GET", "HEAD", "OPTIONS"]
    cached_methods  = ["GET", "HEAD", "OPTIONS"]
    compress        = true
    default_ttl     = 3600
    forwarded_values {
      query_string = false
      cookies {
        forward = "none"
      }
    }
    max_ttl                = 86400
    target_origin_id       = local.s3_origin_id
    viewer_protocol_policy = "https-only"
  }
  default_root_object = "index.html"
  enabled             = true
  is_ipv6_enabled     = true

  ordered_cache_behavior {
    path_pattern     = "/*"
    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
    cached_methods   = ["GET", "HEAD", "OPTIONS"]
    target_origin_id = local.s3_origin_id

    forwarded_values {
      query_string = false
      headers      = ["Origin"]

      cookies {
        forward = "none"
      }
    }

    default_ttl            = 86400
    max_ttl                = 31536000
    compress               = true
    viewer_protocol_policy = "https-only"
  }

  origin {
    domain_name = aws_s3_bucket.bucket.bucket_regional_domain_name
    origin_id   = local.s3_origin_id
    s3_origin_config {
      origin_access_identity = aws_cloudfront_origin_access_identity.dafaim.cloudfront_access_identity_path
    }
  }

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  price_class = "PriceClass_All"
  viewer_certificate {
    acm_certificate_arn            = "arn:aws:acm:us-east-1:131289899509:certificate/affaa360-86e8-40e9-b008-e691e55646c8"
    cloudfront_default_certificate = false
    ssl_support_method             = "sni-only"
  }

}

#
# CloudFront>
#
Site + TF 2022-10-20 18:39:53 +02:00			`# Terraform, compulsary.`
			`terraform {`
			`required_providers {`
			`aws = {`
			`source = "hashicorp/aws"`
			`version = "~> 4.16.0"`
			`}`
			`}`
			`required_version = ">= 0.15"`
			`}`

			`# Providers!`
			`# S3 Bucket in Ireland`
			`provider "aws" {`
			`region = "eu-west-1"`
			`}`

			`# Global for Certificates`
			`provider "aws" {`
			`region = "us-east-1"`
			`alias = "global"`
			`}`

			`# Variables`
			`variable "domainname" {`
			`type = string`
			`default = "blog.ligthert.net"`
			`}`

			`#`
			`# <S3`
			`#`

			`# Create a bucket`
			`resource "aws_s3_bucket" "bucket" {`
			`bucket = var.domainname`
			`force_destroy = true`
			`}`

			`# Place ACL on the bucket`
			`resource "aws_s3_bucket_acl" "bucket_acl" {`
			`bucket = aws_s3_bucket.bucket.id`
			`acl = "public-read"`
			`}`

			`# Enable the static file hosting`
			`resource "aws_s3_bucket_website_configuration" "bucket_website" {`
			`bucket = aws_s3_bucket.bucket.bucket`

			`index_document {`
			`suffix = "index.html"`
			`}`
			`error_document {`
			`key = "error.html"`
			`}`
			`}`

			`# Give bucket a policy`
			`resource "aws_s3_bucket_policy" "bucket_policy" {`
			`bucket = aws_s3_bucket.bucket.id`
			`policy = data.aws_iam_policy_document.bucket_policy_document.json`
			`}`

			`# Create a policy document`
			`data "aws_iam_policy_document" "bucket_policy_document" {`
			`statement {`
			`sid = "PublicReadGetObject"`
			`effect = "Allow"`
			`principals {`
			`type = "AWS"`
			`identifiers = ["*"]`
			`}`
			`actions = ["s3:GetObject"]`
			`resources = [`
			`var.domainname,`
			`"${var.domainname}/*",`
			`]`
			`}`
			`}`

			`#`
			`# S3>`
			`#`

			`#`
			`# <CloudFront`
			`#`

			`locals {`
			`s3_origin_id = "S3Origin"`
			`}`

			`resource "aws_cloudfront_origin_access_identity" "dafaim" {`
			`comment = "Manage access and identities."`
			`}`

			`resource "aws_cloudfront_distribution" "s3_distribution" {`

			`aliases = ["${var.domainname}"]`
			`comment = "A CloudFront distribution"`

			`default_cache_behavior {`
			`allowed_methods = ["GET", "HEAD", "OPTIONS"]`
			`cached_methods = ["GET", "HEAD", "OPTIONS"]`
			`compress = true`
			`default_ttl = 3600`
			`forwarded_values {`
			`query_string = false`
			`cookies {`
			`forward = "none"`
			`}`
			`}`
			`max_ttl = 86400`
			`target_origin_id = local.s3_origin_id`
			`viewer_protocol_policy = "https-only"`
			`}`
			`default_root_object = "index.html"`
			`enabled = true`
			`is_ipv6_enabled = true`

			`ordered_cache_behavior {`
			`path_pattern = "/*"`
			`allowed_methods = ["GET", "HEAD", "OPTIONS"]`
			`cached_methods = ["GET", "HEAD", "OPTIONS"]`
			`target_origin_id = local.s3_origin_id`

			`forwarded_values {`
			`query_string = false`
			`headers = ["Origin"]`

			`cookies {`
			`forward = "none"`
			`}`
			`}`

			`default_ttl = 86400`
			`max_ttl = 31536000`
			`compress = true`
			`viewer_protocol_policy = "https-only"`
			`}`

			`origin {`
			`domain_name = aws_s3_bucket.bucket.bucket_regional_domain_name`
			`origin_id = local.s3_origin_id`
			`s3_origin_config {`
			`origin_access_identity = aws_cloudfront_origin_access_identity.dafaim.cloudfront_access_identity_path`
			`}`
			`}`

			`restrictions {`
			`geo_restriction {`
			`restriction_type = "none"`
			`}`
			`}`

			`price_class = "PriceClass_All"`
			`viewer_certificate {`
			`acm_certificate_arn = "arn:aws:acm:us-east-1:131289899509:certificate/affaa360-86e8-40e9-b008-e691e55646c8"`
			`cloudfront_default_certificate = false`
			`ssl_support_method = "sni-only"`
			`}`

			`}`

			`#`
			`# CloudFront>`
			`#`