blog.ligthert.net/terraform.tf
2025-01-20 23:29:30 +01:00

168 lines
3.3 KiB
HCL

# Terraform, compulsary.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.16.0"
}
}
required_version = ">= 0.15"
}
# Providers!
# S3 Bucket in Ireland
provider "aws" {
region = "eu-west-1"
}
# Global for Certificates
provider "aws" {
region = "us-east-1"
alias = "global"
}
# Variables
variable "domainname" {
type = string
default = "blog.ligthert.net"
}
#
# <S3
#
# Create a bucket
resource "aws_s3_bucket" "bucket" {
bucket = var.domainname
force_destroy = true
}
# Place ACL on the bucket
resource "aws_s3_bucket_acl" "bucket_acl" {
bucket = aws_s3_bucket.bucket.id
acl = "public-read"
}
# Enable the static file hosting
resource "aws_s3_bucket_website_configuration" "bucket_website" {
bucket = aws_s3_bucket.bucket.bucket
index_document {
suffix = "index.html"
}
error_document {
key = "error.html"
}
}
# Give bucket a policy
resource "aws_s3_bucket_policy" "bucket_policy" {
bucket = aws_s3_bucket.bucket.id
policy = data.aws_iam_policy_document.bucket_policy_document.json
}
# Create a policy document
data "aws_iam_policy_document" "bucket_policy_document" {
statement {
sid = "PublicReadGetObject"
effect = "Allow"
principals {
type = "AWS"
identifiers = ["*"]
}
actions = ["s3:GetObject"]
resources = [
aws_s3_bucket.bucket.arn,
"${aws_s3_bucket.bucket.arn}/*",
]
}
}
#
# S3>
#
#
# <CloudFront
#
locals {
s3_origin_id = "S3Origin"
}
resource "aws_cloudfront_origin_access_identity" "dafaim" {
comment = "Manage access and identities."
}
resource "aws_cloudfront_distribution" "s3_distribution" {
aliases = ["${var.domainname}"]
comment = "A CloudFront distribution"
default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
compress = true
default_ttl = 3600
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
max_ttl = 86400
target_origin_id = local.s3_origin_id
viewer_protocol_policy = "https-only"
}
default_root_object = "index.html"
enabled = true
is_ipv6_enabled = true
ordered_cache_behavior {
path_pattern = "/*"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = local.s3_origin_id
forwarded_values {
query_string = false
headers = ["Origin"]
cookies {
forward = "none"
}
}
default_ttl = 86400
max_ttl = 31536000
compress = true
viewer_protocol_policy = "https-only"
}
origin {
domain_name = aws_s3_bucket.bucket.bucket_regional_domain_name
origin_id = local.s3_origin_id
s3_origin_config {
origin_access_identity = aws_cloudfront_origin_access_identity.dafaim.cloudfront_access_identity_path
}
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
price_class = "PriceClass_All"
viewer_certificate {
acm_certificate_arn = "arn:aws:acm:us-east-1:131289899509:certificate/affaa360-86e8-40e9-b008-e691e55646c8"
cloudfront_default_certificate = false
ssl_support_method = "sni-only"
}
}
#
# CloudFront>
#