Skip to content

Instantly share code, notes, and snippets.

@marazt marazt/main.tf
Last active Mar 12, 2018

Embed
What would you like to do?
Setup Static Website on AWS S3 with Cloudfront, HTTPS and Route53
provider "aws" {
region = "${var.region}"
version = "1.10.0"
}
provider "aws" {
region = "us-east-1"
alias = "certificate-region"
version = "1.10.0"
}
// Create website bucket
resource "aws_s3_bucket" "s3_bucket" {
bucket = "${var.bucket_name}"
acl = "public-read"
website {
index_document = "index.html"
error_document = "error.html"
}
force_destroy = true
}
// Create log bucket
resource "aws_s3_bucket" "s3_bucket_log" {
bucket = "${var.bucket_name}-logs"
acl = "private"
force_destroy = true
}
// Set proper policies to access bucket
data "aws_iam_policy_document" "s3_bucket_policies" {
statement {
actions = [
"s3:GetObject",
]
principals {
type = "*"
identifiers = ["*"]
}
resources = [
"arn:aws:s3:::${var.bucket_name}/*",
]
}
}
resource "aws_s3_bucket_policy" "s3_bucket_policy" {
bucket = "${aws_s3_bucket.s3_bucket.id}"
policy = "${data.aws_iam_policy_document.s3_bucket_policies.json}"
}
// Get certificate for Cloudfront from Certificate Manager
// We have to use us-east-1 region for custom Cludfront ceritificates.
// To be able to use it with Cloudfront from a different regions, a new
// provider must be used.
data "aws_acm_certificate" "s3_domain_certificate" {
provider = "aws.certificate-region"
domain = "${var.bucket_name}"
most_recent = true
}
// Add Cloudfront for HTTPS
resource "aws_cloudfront_distribution" "s3_distribution" {
origin {
domain_name = "${aws_s3_bucket.s3_bucket.bucket_domain_name}"
origin_id = "S3Origin-${var.bucket_name}"
}
price_class = "PriceClass_200"
enabled = true
is_ipv6_enabled = false
default_root_object = "index.html"
aliases = ["${var.bucket_name}"]
logging_config {
include_cookies = false
bucket = "${aws_s3_bucket.s3_bucket_log.bucket_domain_name}"
}
default_cache_behavior {
compress = true
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "S3Origin-${var.bucket_name}"
forwarded_values {
query_string = false
cookies {
forward = "all"
}
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
acm_certificate_arn = "${data.aws_acm_certificate.s3_domain_certificate.arn}"
ssl_support_method = "sni-only"
}
}
// Add route with alias to the bucket
resource "aws_route53_record" "s3_bucket_route" {
zone_id = "${var.route53_zone_id}"
name = "${var.bucket_name}"
type = "A"
alias {
name = "${aws_cloudfront_distribution.s3_distribution.domain_name}"
zone_id = "${aws_cloudfront_distribution.s3_distribution.hosted_zone_id}"
evaluate_target_health = true
}
}
// Module main region
variable "region" {
type = "string"
}
// ID of your Route53 zone
variable "route53_zone_id" {
type = "string"
}
// Name of the S3 bucket that must have same name as the website address, e.g., mysite.example.com
variable "bucket_name" {
type = "string"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.