foxutech/terraform_cloudfront.tf

## terraform_cloudfront.tf
variable "name"       { default = "us-west-2-cloudfront-resource-demo" }
variable "region"     { default = "us-west-2" }
variable "access_key" { }
variable "secret_key" { }

variable "acl"         { default = "public-read" }
variable "policy_file" { default = "policy.json.tpl" }
variable "index"       { default = "index.html" }

provider "aws" {
  region     = "${var.region}"
  access_key = "${var.access_key}"
  secret_key = "${var.secret_key}"
}

resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
  comment = "${var.name}"
}

resource "template_file" "s3_policy" {
  template = "${file(concat(path.module, "/", var.policy_file))}"

  vars {
    bucket_name            = "${var.name}"
    origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.id}"
  }
}

resource "aws_s3_bucket" "s3" {
  bucket        = "${var.name}"
  acl           = "${var.acl}"
  force_destroy = true
  policy        = "${template_file.s3_policy.rendered}"

  website {
    index_document = "${var.index}"
  }
}

resource "aws_s3_bucket_object" "s3" {
  bucket       = "${aws_s3_bucket.s3.bucket}"
  key          = "${var.index}"
  source       = "${concat(path.module, "/", var.index)}"
  content_type = "text/html"
}

resource "aws_cloudfront_distribution" "cf" {
  enabled             = true
  comment             = "${var.name}"
  default_root_object = "${var.index}"
  price_class         = "PriceClass_200"
  retain_on_delete    = true

  origin {
    domain_name = "${concat(aws_s3_bucket.s3.id, ".s3.amazonaws.com")}"
    origin_id   = "${var.name}"

    s3_origin_config {
      origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
    }
  }

  default_cache_behavior {
    allowed_methods  = ["GET", "HEAD"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "${aws_s3_bucket.s3.id}"

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "allow-all"
    min_ttl                = 0
    default_ttl            = 3600
    max_ttl                = 86400
  }

  restrictions {
    geo_restriction {
      restriction_type = "whitelist"
      locations        = ["US", "CA", "GB", "DE", "JP"]
    }
  }

  viewer_certificate {
    cloudfront_default_certificate = true
  }
}

output "s3_website_endpoint"    { value = "${aws_s3_bucket.s3.website_endpoint}" }
output "cloudfront_domain_name" { value = "${aws_cloudfront_distribution.cf.domain_name}" }
	variable "name" { default = "us-west-2-cloudfront-resource-demo" }
	variable "region" { default = "us-west-2" }
	variable "access_key" { }
	variable "secret_key" { }

	variable "acl" { default = "public-read" }
	variable "policy_file" { default = "policy.json.tpl" }
	variable "index" { default = "index.html" }

	provider "aws" {
	region = "${var.region}"
	access_key = "${var.access_key}"
	secret_key = "${var.secret_key}"
	}

	resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
	comment = "${var.name}"
	}

	resource "template_file" "s3_policy" {
	template = "${file(concat(path.module, "/", var.policy_file))}"

	vars {
	bucket_name = "${var.name}"
	origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.id}"
	}
	}

	resource "aws_s3_bucket" "s3" {
	bucket = "${var.name}"
	acl = "${var.acl}"
	force_destroy = true
	policy = "${template_file.s3_policy.rendered}"

	website {
	index_document = "${var.index}"
	}
	}

	resource "aws_s3_bucket_object" "s3" {
	bucket = "${aws_s3_bucket.s3.bucket}"
	key = "${var.index}"
	source = "${concat(path.module, "/", var.index)}"
	content_type = "text/html"
	}

	resource "aws_cloudfront_distribution" "cf" {
	enabled = true
	comment = "${var.name}"
	default_root_object = "${var.index}"
	price_class = "PriceClass_200"
	retain_on_delete = true

	origin {
	domain_name = "${concat(aws_s3_bucket.s3.id, ".s3.amazonaws.com")}"
	origin_id = "${var.name}"

	s3_origin_config {
	origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
	}
	}

	default_cache_behavior {
	allowed_methods = ["GET", "HEAD"]
	cached_methods = ["GET", "HEAD"]
	target_origin_id = "${aws_s3_bucket.s3.id}"

	forwarded_values {
	query_string = false

	cookies {
	forward = "none"
	}
	}

	viewer_protocol_policy = "allow-all"
	min_ttl = 0
	default_ttl = 3600
	max_ttl = 86400
	}

	restrictions {
	geo_restriction {
	restriction_type = "whitelist"
	locations = ["US", "CA", "GB", "DE", "JP"]
	}
	}

	viewer_certificate {
	cloudfront_default_certificate = true
	}
	}

	output "s3_website_endpoint" { value = "${aws_s3_bucket.s3.website_endpoint}" }
	output "cloudfront_domain_name" { value = "${aws_cloudfront_distribution.cf.domain_name}" }