buckmaxwell/main.tf

## main.tf
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.0"
    }
  }
}

provider "aws" {
  region = "us-east-2"
}

provider "aws" {
  alias  = "us-east-1"
  region = "us-east-1"
}

resource "aws_s3_bucket" "tandem_owned_static" {
  bucket = "tandem-owned-static"
}

resource "aws_s3_bucket_acl" "tandem_owned_static_acl" {
  bucket = aws_s3_bucket.tandem_owned_static.id
  acl    = null
}

resource "aws_s3_bucket_ownership_controls" "tandem_owned_static_acl_ownership" {
  bucket = aws_s3_bucket.tandem_owned_static.id
  rule {
    object_ownership = "BucketOwnerEnforced"
  }
}

resource "aws_s3_bucket" "user_generated_static" {
  bucket = "user-generated-static"
}

resource "aws_s3_bucket_ownership_controls" "user_generated_static_acl_ownership" {
  bucket = aws_s3_bucket.user_generated_static.id
  rule {
    object_ownership = "ObjectWriter"
  }
}

resource "aws_cloudfront_distribution" "E2VZO2KY5JGYYA" {
  comment             = "Javascript and non-user generated static assets for join-tandem.com"
  is_ipv6_enabled     = true
  price_class         = "PriceClass_100"
  default_root_object = "index.html"
  aliases = [
    "cdn.join-tandem.com",
    "families.join-tandem.com",
    "join-tandem.com",
  ]
  enabled = true

  origin {
    connection_attempts = 3
    connection_timeout  = 10
    domain_name         = "tandem-owned-static.s3.us-east-2.amazonaws.com"
    origin_id           = "tandem-owned-static.s3.us-east-2.amazonaws.com"

    s3_origin_config {
      origin_access_identity = "origin-access-identity/cloudfront/E1M683Z04QQOF7"
    }
  }

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }
  default_cache_behavior {
    compress         = true
    cache_policy_id  = "658327ea-f89d-4fab-a63d-7e88639e58f6"
    target_origin_id = "tandem-owned-static.s3.us-east-2.amazonaws.com"
    min_ttl          = 0
    max_ttl          = 0
    cached_methods = [
      "GET",
      "HEAD",
    ]
    allowed_methods = [
      "GET",
      "HEAD",
    ]
    viewer_protocol_policy = "allow-all"
    lambda_function_association {
      event_type   = "origin-response"
      include_body = false
      lambda_arn   = "arn:aws:lambda:us-east-1:009060434378:function:custom_index_html_manipulations:26"
    }
  }
  viewer_certificate {
    acm_certificate_arn            = "arn:aws:acm:us-east-1:009060434378:certificate/c7ac7811-72bd-4b11-a643-56bebd4ba3e4"
    cloudfront_default_certificate = false
    ssl_support_method             = "sni-only"
    minimum_protocol_version       = "TLSv1.2_2021"
  }
}

resource "aws_cloudfront_distribution" "E2BAXCBKFSOMWI" {
  comment = "User generated content for join-tandem.com"
  aliases = [
    "static.join-tandem.com",
  ]
  origin {
    domain_name = "user-generated-static.s3.us-east-2.amazonaws.com"
    origin_id   = "user-generated-static.s3.us-east-2.amazonaws.com"
    s3_origin_config {
      origin_access_identity = "origin-access-identity/cloudfront/E3NIEXNJ03GML7"
    }
  }

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }
  default_cache_behavior {
    compress        = true
    cache_policy_id = "658327ea-f89d-4fab-a63d-7e88639e58f6"
    allowed_methods = [
      "GET",
      "HEAD",
      "OPTIONS",
    ]
    cached_methods = [
      "GET",
      "HEAD",
    ]
    viewer_protocol_policy = "allow-all"
    target_origin_id       = "user-generated-static.s3.us-east-2.amazonaws.com"
  }
  viewer_certificate {
    minimum_protocol_version = "TLSv1.2_2021"
    acm_certificate_arn      = "arn:aws:acm:us-east-1:009060434378:certificate/25192413-4494-41de-be95-e3b8f97e99dc"
    ssl_support_method       = "sni-only"
  }
  enabled         = true
  is_ipv6_enabled = true
}


data "archive_file" "custom_index_html_manipulations_lambda_zip_dir" {
  type        = "zip"
  output_path = "/tmp/custom_index_html_manipulations_lambda_dir.zip"
  source_dir  = "${path.module}/../../lambdas/custom_index_html_manipulations"
}

resource "aws_iam_role" "custom_index_html_manipulations_role" {
  assume_role_policy = jsonencode(
    {
      Version = "2012-10-17"
      Statement = [
        {
          Effect = "Allow"
          Action = "sts:AssumeRole"

          Principal = {
            Service = "lambda.amazonaws.com"
          }
        },
        {
          Effect = "Allow"
          Action = "sts:AssumeRole"
          Principal = {
            Service = "edgelambda.amazonaws.com"
          }
        },
      ]
    }
  )
  managed_policy_arns = [
    "arn:aws:iam::009060434378:policy/service-role/AWSLambdaBasicExecutionRole-eb911a38-aabe-4742-bbc7-37aed85790b2",
  ]
  name     = "custom_index_html_manipulations-role-lzwp0pkp"
  path     = "/service-role/"
  tags     = {}
  tags_all = {}
}

resource "aws_lambda_function" "custom_index_html_manipulations" {
  provider         = aws.us-east-1
  filename         = data.archive_file.custom_index_html_manipulations_lambda_zip_dir.output_path
  source_code_hash = data.archive_file.custom_index_html_manipulations_lambda_zip_dir.output_base64sha256
  function_name    = "custom_index_html_manipulations"
  role             = aws_iam_role.custom_index_html_manipulations_role.arn

  handler = "function.lamda_handler"

  runtime = "python3.9"

}
	terraform {
	required_providers {
	aws = {
	source = "hashicorp/aws"
	version = "~> 3.0"
	}
	}
	}

	provider "aws" {
	region = "us-east-2"
	}

	provider "aws" {
	alias = "us-east-1"
	region = "us-east-1"
	}

	resource "aws_s3_bucket" "tandem_owned_static" {
	bucket = "tandem-owned-static"
	}

	resource "aws_s3_bucket_acl" "tandem_owned_static_acl" {
	bucket = aws_s3_bucket.tandem_owned_static.id
	acl = null
	}

	resource "aws_s3_bucket_ownership_controls" "tandem_owned_static_acl_ownership" {
	bucket = aws_s3_bucket.tandem_owned_static.id
	rule {
	object_ownership = "BucketOwnerEnforced"
	}
	}

	resource "aws_s3_bucket" "user_generated_static" {
	bucket = "user-generated-static"
	}

	resource "aws_s3_bucket_ownership_controls" "user_generated_static_acl_ownership" {
	bucket = aws_s3_bucket.user_generated_static.id
	rule {
	object_ownership = "ObjectWriter"
	}
	}

	resource "aws_cloudfront_distribution" "E2VZO2KY5JGYYA" {
	comment = "Javascript and non-user generated static assets for join-tandem.com"
	is_ipv6_enabled = true
	price_class = "PriceClass_100"
	default_root_object = "index.html"
	aliases = [
	"cdn.join-tandem.com",
	"families.join-tandem.com",
	"join-tandem.com",
	]
	enabled = true

	origin {
	connection_attempts = 3
	connection_timeout = 10
	domain_name = "tandem-owned-static.s3.us-east-2.amazonaws.com"
	origin_id = "tandem-owned-static.s3.us-east-2.amazonaws.com"

	s3_origin_config {
	origin_access_identity = "origin-access-identity/cloudfront/E1M683Z04QQOF7"
	}
	}

	restrictions {
	geo_restriction {
	restriction_type = "none"
	}
	}
	default_cache_behavior {
	compress = true
	cache_policy_id = "658327ea-f89d-4fab-a63d-7e88639e58f6"
	target_origin_id = "tandem-owned-static.s3.us-east-2.amazonaws.com"
	min_ttl = 0
	max_ttl = 0
	cached_methods = [
	"GET",
	"HEAD",
	]
	allowed_methods = [
	"GET",
	"HEAD",
	]
	viewer_protocol_policy = "allow-all"
	lambda_function_association {
	event_type = "origin-response"
	include_body = false
	lambda_arn = "arn:aws:lambda:us-east-1:009060434378:function:custom_index_html_manipulations:26"
	}
	}
	viewer_certificate {
	acm_certificate_arn = "arn:aws:acm:us-east-1:009060434378:certificate/c7ac7811-72bd-4b11-a643-56bebd4ba3e4"
	cloudfront_default_certificate = false
	ssl_support_method = "sni-only"
	minimum_protocol_version = "TLSv1.2_2021"
	}
	}

	resource "aws_cloudfront_distribution" "E2BAXCBKFSOMWI" {
	comment = "User generated content for join-tandem.com"
	aliases = [
	"static.join-tandem.com",
	]
	origin {
	domain_name = "user-generated-static.s3.us-east-2.amazonaws.com"
	origin_id = "user-generated-static.s3.us-east-2.amazonaws.com"
	s3_origin_config {
	origin_access_identity = "origin-access-identity/cloudfront/E3NIEXNJ03GML7"
	}
	}

	restrictions {
	geo_restriction {
	restriction_type = "none"
	}
	}
	default_cache_behavior {
	compress = true
	cache_policy_id = "658327ea-f89d-4fab-a63d-7e88639e58f6"
	allowed_methods = [
	"GET",
	"HEAD",
	"OPTIONS",
	]
	cached_methods = [
	"GET",
	"HEAD",
	]
	viewer_protocol_policy = "allow-all"
	target_origin_id = "user-generated-static.s3.us-east-2.amazonaws.com"
	}
	viewer_certificate {
	minimum_protocol_version = "TLSv1.2_2021"
	acm_certificate_arn = "arn:aws:acm:us-east-1:009060434378:certificate/25192413-4494-41de-be95-e3b8f97e99dc"
	ssl_support_method = "sni-only"
	}
	enabled = true
	is_ipv6_enabled = true
	}


	data "archive_file" "custom_index_html_manipulations_lambda_zip_dir" {
	type = "zip"
	output_path = "/tmp/custom_index_html_manipulations_lambda_dir.zip"
	source_dir = "${path.module}/../../lambdas/custom_index_html_manipulations"
	}

	resource "aws_iam_role" "custom_index_html_manipulations_role" {
	assume_role_policy = jsonencode(
	{
	Version = "2012-10-17"
	Statement = [
	{
	Effect = "Allow"
	Action = "sts:AssumeRole"

	Principal = {
	Service = "lambda.amazonaws.com"
	}
	},
	{
	Effect = "Allow"
	Action = "sts:AssumeRole"
	Principal = {
	Service = "edgelambda.amazonaws.com"
	}
	},
	]
	}
	)
	managed_policy_arns = [
	"arn:aws:iam::009060434378:policy/service-role/AWSLambdaBasicExecutionRole-eb911a38-aabe-4742-bbc7-37aed85790b2",
	]
	name = "custom_index_html_manipulations-role-lzwp0pkp"
	path = "/service-role/"
	tags = {}
	tags_all = {}
	}

	resource "aws_lambda_function" "custom_index_html_manipulations" {
	provider = aws.us-east-1
	filename = data.archive_file.custom_index_html_manipulations_lambda_zip_dir.output_path
	source_code_hash = data.archive_file.custom_index_html_manipulations_lambda_zip_dir.output_base64sha256
	function_name = "custom_index_html_manipulations"
	role = aws_iam_role.custom_index_html_manipulations_role.arn

	handler = "function.lamda_handler"

	runtime = "python3.9"

	}