Skip to content

Instantly share code, notes, and snippets.

@cmthakur
Forked from danihodovic/main.tf
Created July 3, 2023 08:14
Show Gist options
  • Save cmthakur/b17d1576cd66214c4c2642c6d2eef8a9 to your computer and use it in GitHub Desktop.
Save cmthakur/b17d1576cd66214c4c2642c6d2eef8a9 to your computer and use it in GitHub Desktop.
Terraform - deployment using S3, Cloudfront and Route53
variable "aws_region" {
default = "eu-west-1"
}
variable "domain" {
default = "my_domain"
}
provider "aws" {
region = "${var.aws_region}"
}
# Note: The bucket name needs to carry the same name as the domain!
# http://stackoverflow.com/a/5048129/2966951
resource "aws_s3_bucket" "site" {
bucket = "${var.domain}"
acl = "public-read"
policy = <<EOF
{
"Version":"2008-10-17",
"Statement":[{
"Sid":"AllowPublicRead",
"Effect":"Allow",
"Principal": {"AWS": "*"},
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::${var.domain}/*"]
}]
}
EOF
website {
index_document = "index.html"
}
}
# Note: Creating this route53 zone is not enough. The domain's name servers need to point to the NS
# servers of the route53 zone. Otherwise the DNS lookup will fail.
# To verify that the dns lookup succeeds: `dig site @nameserver`
resource "aws_route53_zone" "main" {
name = "${var.domain}"
}
resource "aws_route53_record" "root_domain" {
zone_id = "${aws_route53_zone.main.zone_id}"
name = "${var.domain}"
type = "A"
alias {
name = "${aws_cloudfront_distribution.cdn.domain_name}"
zone_id = "${aws_cloudfront_distribution.cdn.hosted_zone_id}"
evaluate_target_health = false
}
}
resource "aws_cloudfront_distribution" "cdn" {
origin {
origin_id = "${var.domain}"
domain_name = "${var.domain}.s3.amazonaws.com"
}
# If using route53 aliases for DNS we need to declare it here too, otherwise we'll get 403s.
aliases = ["${var.domain}"]
enabled = true
default_root_object = "index.html"
default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "${var.domain}"
forwarded_values {
query_string = true
cookies {
forward = "none"
}
}
viewer_protocol_policy = "allow-all"
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
# The cheapest priceclass
price_class = "PriceClass_100"
# This is required to be specified even if it's not used.
restrictions {
geo_restriction {
restriction_type = "none"
locations = []
}
}
viewer_certificate {
cloudfront_default_certificate = true
}
}
output "s3_website_endpoint" {
value = "${aws_s3_bucket.site.website_endpoint}"
}
output "route53_domain" {
value = "${aws_route53_record.root_domain.fqdn}"
}
output "cdn_domain" {
value = "${aws_cloudfront_distribution.cdn.domain_name}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment