Skip to content

Instantly share code, notes, and snippets.

@CTFries
Last active Feb 27, 2022
Embed
What would you like to do?
IaC for static site deployed to s3, cloudfront with ACM cert and R53 dns records configured. CD setup with GithubActions to build static nextJS and push it to s3 bucket.
name: Deploy to S3 upon push to main
on:
pull_request:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: 16
- run: npm install -g yarn
- run: yarn install --frozen-lockfile
- run: yarn s3Deploy
- name: Deploy to S3
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- run: aws s3 sync ./out s3://s3.ctfries.dev
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.2"
}
}
required_version = ">= 0.14.9"
}
data "aws_iam_policy_document" "public_read" {
statement {
sid = "PublicReadForGetBucketObjects"
effect = "Allow"
principals {
type = "AWS"
identifiers = ["*"]
}
actions = ["s3:GetObject"]
resources = ["arn:aws:s3:::${aws_s3_bucket.s3-ctfries-dev.bucket}/*"]
}
}
data "aws_route53_zone" "primary" {
name = "ctfries.dev"
private_zone = false
}
data "aws_acm_certificate" "ctfries-dev" {
domain = "*.ctfries.dev"
statuses = ["ISSUED"]
}
provider "aws" {
profile = "ctfries"
region = "us-east-1"
}
resource "aws_s3_bucket" "s3-ctfries-dev" {
bucket = "s3.ctfries.dev"
tags = {
Name = "s3.ctfries.dev"
Environment = "production"
}
}
resource "aws_s3_bucket_policy" "public_read" {
bucket = aws_s3_bucket.s3-ctfries-dev.id
policy = data.aws_iam_policy_document.public_read.json
}
resource "aws_s3_bucket_acl" "s3-ctfries-dev" {
bucket = aws_s3_bucket.s3-ctfries-dev.id
acl = "public-read"
}
resource "aws_s3_bucket_website_configuration" "bucket-config" {
bucket = aws_s3_bucket.s3-ctfries-dev.bucket
index_document {
suffix = "index.html"
}
error_document {
key = "404.html"
}
}
resource "aws_cloudfront_distribution" "s3_distribution" {
origin {
domain_name = aws_s3_bucket.s3-ctfries-dev.bucket_regional_domain_name
origin_id = "s3.ctfries.dev"
}
restrictions {
geo_restriction {
restriction_type = "whitelist"
locations = ["US", "CA", "GB", "DE"]
}
}
enabled = true
is_ipv6_enabled = true
default_root_object = "index.html"
aliases = ["s3.ctfries.dev"]
default_cache_behavior {
allowed_methods = ["HEAD", "GET"]
cached_methods = ["HEAD", "GET"]
target_origin_id = "s3.ctfries.dev"
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
price_class = "PriceClass_All"
tags = {
Environment = "production"
}
viewer_certificate {
ssl_support_method = "sni-only"
acm_certificate_arn = data.aws_acm_certificate.ctfries-dev.arn
}
}
resource "aws_route53_record" "s3-ctfries-dev" {
zone_id = data.aws_route53_zone.primary.zone_id
name = "s3.ctfries.dev"
type = "A"
alias {
name = aws_cloudfront_distribution.s3_distribution.domain_name
zone_id = aws_cloudfront_distribution.s3_distribution.hosted_zone_id
evaluate_target_health = true
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment