Last active
March 26, 2023 16:50
-
-
Save ixonae/fe3d1bdd6bba97a1754c3f08a7b421bc to your computer and use it in GitHub Desktop.
Terraform script to setup the AWS infrastructure required to setup a Hugo website
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform { | |
| required_providers { | |
| aws = { | |
| source = "hashicorp/aws" | |
| version = "~> 4.60.0" | |
| } | |
| } | |
| } | |
| provider "aws" { | |
| region = "xx-xxxx-x" | |
| } | |
| resource "aws_s3_bucket" "example-website-s3" { | |
| bucket = "example-website" | |
| } | |
| resource "aws_s3_bucket_acl" "example-website-s3-acl" { | |
| bucket = aws_s3_bucket.example-website-s3.id | |
| acl = "private" | |
| } | |
| resource "aws_s3_bucket_versioning" "example-website-s3-versioning" { | |
| bucket = aws_s3_bucket.example-website-s3.id | |
| versioning_configuration { | |
| status = "Enabled" | |
| } | |
| } | |
| resource "aws_s3_bucket_lifecycle_configuration" "example-website-s3-lifecycle" { | |
| bucket = aws_s3_bucket.example-website-s3.id | |
| rule { | |
| id = "keep-versions-30-days" | |
| status = "Enabled" | |
| noncurrent_version_expiration { | |
| noncurrent_days = 30 | |
| newer_noncurrent_versions = 1 | |
| } | |
| } | |
| } | |
| resource "aws_s3_bucket_public_access_block" "example-website-s3-access" { | |
| bucket = aws_s3_bucket.example-website-s3.id | |
| block_public_acls = true | |
| block_public_policy = true | |
| ignore_public_acls = true | |
| restrict_public_buckets = true | |
| } | |
| resource "aws_s3_bucket_server_side_encryption_configuration" "example-website-s3-encryption" { | |
| bucket = aws_s3_bucket.example-website-s3.id | |
| rule { | |
| apply_server_side_encryption_by_default { | |
| sse_algorithm = "AES256" | |
| } | |
| bucket_key_enabled = true | |
| } | |
| } | |
| resource "aws_s3_bucket" "example-website-logs-s3" { | |
| bucket = "example-website-logs" | |
| } | |
| resource "aws_s3_bucket_acl" "example-website-logs-3-acl" { | |
| bucket = aws_s3_bucket.example-website-logs-s3.id | |
| acl = "log-delivery-write" | |
| } | |
| resource "aws_s3_bucket_public_access_block" "example-website-s3-logs-access" { | |
| bucket = aws_s3_bucket.example-website-logs-s3.id | |
| block_public_acls = true | |
| block_public_policy = true | |
| ignore_public_acls = true | |
| restrict_public_buckets = true | |
| } | |
| resource "aws_s3_bucket_server_side_encryption_configuration" "example-website-logs-s3-encryption" { | |
| bucket = aws_s3_bucket.example-website-logs-s3.id | |
| rule { | |
| apply_server_side_encryption_by_default { | |
| sse_algorithm = "AES256" | |
| } | |
| bucket_key_enabled = true | |
| } | |
| } | |
| resource "aws_cloudfront_distribution" "example-website-cloudfront" { | |
| enabled = true | |
| is_ipv6_enabled = true | |
| aliases = ["www.example.com", "example.com"] | |
| default_cache_behavior { | |
| allowed_methods = ["GET", "HEAD"] | |
| cached_methods = ["GET", "HEAD"] | |
| target_origin_id = aws_s3_bucket.example-website-s3.bucket_regional_domain_name | |
| viewer_protocol_policy = "redirect-to-https" | |
| compress = true | |
| cache_policy_id = data.aws_cloudfront_cache_policy.example-website-cloudfront-cache.id | |
| function_association { | |
| event_type = "viewer-request" | |
| function_arn = aws_cloudfront_function.cloudfront-add-index-to-url.arn | |
| } | |
| } | |
| origin { | |
| domain_name = aws_s3_bucket.example-website-s3.bucket_regional_domain_name | |
| origin_id = aws_s3_bucket.example-website-s3.bucket_regional_domain_name | |
| origin_access_control_id = aws_cloudfront_origin_access_control.example-website-cloudfront-origin-ac.id | |
| } | |
| restrictions { | |
| geo_restriction { | |
| restriction_type = "none" | |
| } | |
| } | |
| viewer_certificate { | |
| cloudfront_default_certificate = true | |
| acm_certificate_arn = "arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxx-xxxx-xxxx-xxxx-xxxxxx" | |
| ssl_support_method = "sni-only" | |
| minimum_protocol_version = "TLSv1.2_2021" | |
| } | |
| logging_config { | |
| bucket = aws_s3_bucket.example-website-logs-s3.bucket_domain_name | |
| prefix = "logs" | |
| } | |
| } | |
| data "aws_cloudfront_cache_policy" "example-website-cloudfront-cache" { | |
| name = "Managed-CachingOptimized" | |
| } | |
| resource "aws_cloudfront_function" "cloudfront-add-index-to-url" { | |
| code = file("${path.module}/cloudfront-add-index-to-url.js") | |
| name = "cloudfront-add-index-to-url" | |
| runtime = "cloudfront-js-1.0" | |
| } | |
| resource "aws_cloudfront_origin_access_control" "example-website-cloudfront-origin-ac" { | |
| name = aws_s3_bucket.example-website-s3.bucket_regional_domain_name | |
| origin_access_control_origin_type = "s3" | |
| signing_behavior = "always" | |
| signing_protocol = "sigv4" | |
| } | |
| resource "aws_s3_bucket_policy" "example-website-s3-policy" { | |
| bucket = aws_s3_bucket.example-website-s3.id | |
| policy = data.aws_iam_policy_document.example-website-cloudfront-policy.json | |
| } | |
| data "aws_iam_policy_document" "example-website-cloudfront-policy" { | |
| statement { | |
| principals { | |
| identifiers = ["cloudfront.amazonaws.com"] | |
| type = "Service" | |
| } | |
| actions = ["s3:GetObject"] | |
| resources = ["${aws_s3_bucket.example-website-s3.arn}/*"] | |
| condition { | |
| test = "StringEquals" | |
| variable = "aws:SourceArn" | |
| values = [aws_cloudfront_distribution.example-website-cloudfront.arn] | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment