168 lines
3.3 KiB
HCL
168 lines
3.3 KiB
HCL
# Terraform, compulsary.
|
|
terraform {
|
|
required_providers {
|
|
aws = {
|
|
source = "hashicorp/aws"
|
|
version = "~> 4.16.0"
|
|
}
|
|
}
|
|
required_version = ">= 0.15"
|
|
}
|
|
|
|
# Providers!
|
|
# S3 Bucket in Ireland
|
|
provider "aws" {
|
|
region = "eu-west-1"
|
|
}
|
|
|
|
# Global for Certificates
|
|
provider "aws" {
|
|
region = "us-east-1"
|
|
alias = "global"
|
|
}
|
|
|
|
# Variables
|
|
variable "domainname" {
|
|
type = string
|
|
default = "blog.ligthert.net"
|
|
}
|
|
|
|
#
|
|
# <S3
|
|
#
|
|
|
|
# Create a bucket
|
|
resource "aws_s3_bucket" "bucket" {
|
|
bucket = var.domainname
|
|
force_destroy = true
|
|
}
|
|
|
|
# Place ACL on the bucket
|
|
resource "aws_s3_bucket_acl" "bucket_acl" {
|
|
bucket = aws_s3_bucket.bucket.id
|
|
acl = "public-read"
|
|
}
|
|
|
|
# Enable the static file hosting
|
|
resource "aws_s3_bucket_website_configuration" "bucket_website" {
|
|
bucket = aws_s3_bucket.bucket.bucket
|
|
|
|
index_document {
|
|
suffix = "index.html"
|
|
}
|
|
error_document {
|
|
key = "error.html"
|
|
}
|
|
}
|
|
|
|
# Give bucket a policy
|
|
resource "aws_s3_bucket_policy" "bucket_policy" {
|
|
bucket = aws_s3_bucket.bucket.id
|
|
policy = data.aws_iam_policy_document.bucket_policy_document.json
|
|
}
|
|
|
|
# Create a policy document
|
|
data "aws_iam_policy_document" "bucket_policy_document" {
|
|
statement {
|
|
sid = "PublicReadGetObject"
|
|
effect = "Allow"
|
|
principals {
|
|
type = "AWS"
|
|
identifiers = ["*"]
|
|
}
|
|
actions = ["s3:GetObject"]
|
|
resources = [
|
|
aws_s3_bucket.bucket.arn,
|
|
"${aws_s3_bucket.bucket.arn}/*",
|
|
]
|
|
}
|
|
}
|
|
|
|
#
|
|
# S3>
|
|
#
|
|
|
|
#
|
|
# <CloudFront
|
|
#
|
|
|
|
locals {
|
|
s3_origin_id = "S3Origin"
|
|
}
|
|
|
|
resource "aws_cloudfront_origin_access_identity" "dafaim" {
|
|
comment = "Manage access and identities."
|
|
}
|
|
|
|
resource "aws_cloudfront_distribution" "s3_distribution" {
|
|
|
|
aliases = ["${var.domainname}"]
|
|
comment = "A CloudFront distribution"
|
|
|
|
default_cache_behavior {
|
|
allowed_methods = ["GET", "HEAD", "OPTIONS"]
|
|
cached_methods = ["GET", "HEAD", "OPTIONS"]
|
|
compress = true
|
|
default_ttl = 3600
|
|
forwarded_values {
|
|
query_string = false
|
|
cookies {
|
|
forward = "none"
|
|
}
|
|
}
|
|
max_ttl = 86400
|
|
target_origin_id = local.s3_origin_id
|
|
viewer_protocol_policy = "https-only"
|
|
}
|
|
default_root_object = "index.html"
|
|
enabled = true
|
|
is_ipv6_enabled = true
|
|
|
|
ordered_cache_behavior {
|
|
path_pattern = "/*"
|
|
allowed_methods = ["GET", "HEAD", "OPTIONS"]
|
|
cached_methods = ["GET", "HEAD", "OPTIONS"]
|
|
target_origin_id = local.s3_origin_id
|
|
|
|
forwarded_values {
|
|
query_string = false
|
|
headers = ["Origin"]
|
|
|
|
cookies {
|
|
forward = "none"
|
|
}
|
|
}
|
|
|
|
default_ttl = 86400
|
|
max_ttl = 31536000
|
|
compress = true
|
|
viewer_protocol_policy = "https-only"
|
|
}
|
|
|
|
origin {
|
|
domain_name = aws_s3_bucket.bucket.bucket_regional_domain_name
|
|
origin_id = local.s3_origin_id
|
|
s3_origin_config {
|
|
origin_access_identity = aws_cloudfront_origin_access_identity.dafaim.cloudfront_access_identity_path
|
|
}
|
|
}
|
|
|
|
restrictions {
|
|
geo_restriction {
|
|
restriction_type = "none"
|
|
}
|
|
}
|
|
|
|
price_class = "PriceClass_All"
|
|
viewer_certificate {
|
|
acm_certificate_arn = "arn:aws:acm:us-east-1:131289899509:certificate/affaa360-86e8-40e9-b008-e691e55646c8"
|
|
cloudfront_default_certificate = false
|
|
ssl_support_method = "sni-only"
|
|
}
|
|
|
|
}
|
|
|
|
#
|
|
# CloudFront>
|
|
#
|