Skip to content

Instantly share code, notes, and snippets.

@marazt marazt/main.tf
Last active Mar 12, 2018

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Setup Static Website on AWS S3 with Cloudfront, HTTPS and Route53
Raw
main.tf
provider "aws" {
region = "${var.region}"
version = "1.10.0"
}
provider "aws" {
region = "us-east-1"
alias = "certificate-region"
version = "1.10.0"
}
// Create website bucket
resource "aws_s3_bucket" "s3_bucket" {
bucket = "${var.bucket_name}"
acl = "public-read"
website {
index_document = "index.html"
error_document = "error.html"
}
force_destroy = true
}
// Create log bucket
resource "aws_s3_bucket" "s3_bucket_log" {
bucket = "${var.bucket_name}-logs"
acl = "private"
force_destroy = true
}
// Set proper policies to access bucket
data "aws_iam_policy_document" "s3_bucket_policies" {
statement {
actions = [
"s3:GetObject",
]
principals {
type = "*"
identifiers = ["*"]
}
resources = [
"arn:aws:s3:::${var.bucket_name}/*",
]
}
}
resource "aws_s3_bucket_policy" "s3_bucket_policy" {
bucket = "${aws_s3_bucket.s3_bucket.id}"
policy = "${data.aws_iam_policy_document.s3_bucket_policies.json}"
}
// Get certificate for Cloudfront from Certificate Manager
// We have to use us-east-1 region for custom Cludfront ceritificates.
// To be able to use it with Cloudfront from a different regions, a new
// provider must be used.
data "aws_acm_certificate" "s3_domain_certificate" {
provider = "aws.certificate-region"
domain = "${var.bucket_name}"
most_recent = true
}
// Add Cloudfront for HTTPS
resource "aws_cloudfront_distribution" "s3_distribution" {
origin {
domain_name = "${aws_s3_bucket.s3_bucket.bucket_domain_name}"
origin_id = "S3Origin-${var.bucket_name}"
}
price_class = "PriceClass_200"
enabled = true
is_ipv6_enabled = false
default_root_object = "index.html"
aliases = ["${var.bucket_name}"]
logging_config {
include_cookies = false
bucket = "${aws_s3_bucket.s3_bucket_log.bucket_domain_name}"
}
default_cache_behavior {
compress = true
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "S3Origin-${var.bucket_name}"
forwarded_values {
query_string = false
cookies {
forward = "all"
}
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
acm_certificate_arn = "${data.aws_acm_certificate.s3_domain_certificate.arn}"
ssl_support_method = "sni-only"
}
}
// Add route with alias to the bucket
resource "aws_route53_record" "s3_bucket_route" {
zone_id = "${var.route53_zone_id}"
name = "${var.bucket_name}"
type = "A"
alias {
name = "${aws_cloudfront_distribution.s3_distribution.domain_name}"
zone_id = "${aws_cloudfront_distribution.s3_distribution.hosted_zone_id}"
evaluate_target_health = true
}
}
Raw
vars.tf
// Module main region
variable "region" {
type = "string"
}
// ID of your Route53 zone
variable "route53_zone_id" {
type = "string"
}
// Name of the S3 bucket that must have same name as the website address, e.g., mysite.example.com
variable "bucket_name" {
type = "string"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.