Setup Static Website on AWS S3 with Cloudfront, HTTPS and Route53
provider "aws" { | |
region = "${var.region}" | |
version = "1.10.0" | |
} | |
provider "aws" { | |
region = "us-east-1" | |
alias = "certificate-region" | |
version = "1.10.0" | |
} | |
// Create website bucket | |
resource "aws_s3_bucket" "s3_bucket" { | |
bucket = "${var.bucket_name}" | |
acl = "public-read" | |
website { | |
index_document = "index.html" | |
error_document = "error.html" | |
} | |
force_destroy = true | |
} | |
// Create log bucket | |
resource "aws_s3_bucket" "s3_bucket_log" { | |
bucket = "${var.bucket_name}-logs" | |
acl = "private" | |
force_destroy = true | |
} | |
// Set proper policies to access bucket | |
data "aws_iam_policy_document" "s3_bucket_policies" { | |
statement { | |
actions = [ | |
"s3:GetObject", | |
] | |
principals { | |
type = "*" | |
identifiers = ["*"] | |
} | |
resources = [ | |
"arn:aws:s3:::${var.bucket_name}/*", | |
] | |
} | |
} | |
resource "aws_s3_bucket_policy" "s3_bucket_policy" { | |
bucket = "${aws_s3_bucket.s3_bucket.id}" | |
policy = "${data.aws_iam_policy_document.s3_bucket_policies.json}" | |
} | |
// Get certificate for Cloudfront from Certificate Manager | |
// We have to use us-east-1 region for custom Cludfront ceritificates. | |
// To be able to use it with Cloudfront from a different regions, a new | |
// provider must be used. | |
data "aws_acm_certificate" "s3_domain_certificate" { | |
provider = "aws.certificate-region" | |
domain = "${var.bucket_name}" | |
most_recent = true | |
} | |
// Add Cloudfront for HTTPS | |
resource "aws_cloudfront_distribution" "s3_distribution" { | |
origin { | |
domain_name = "${aws_s3_bucket.s3_bucket.bucket_domain_name}" | |
origin_id = "S3Origin-${var.bucket_name}" | |
} | |
price_class = "PriceClass_200" | |
enabled = true | |
is_ipv6_enabled = false | |
default_root_object = "index.html" | |
aliases = ["${var.bucket_name}"] | |
logging_config { | |
include_cookies = false | |
bucket = "${aws_s3_bucket.s3_bucket_log.bucket_domain_name}" | |
} | |
default_cache_behavior { | |
compress = true | |
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"] | |
cached_methods = ["GET", "HEAD"] | |
target_origin_id = "S3Origin-${var.bucket_name}" | |
forwarded_values { | |
query_string = false | |
cookies { | |
forward = "all" | |
} | |
} | |
viewer_protocol_policy = "redirect-to-https" | |
min_ttl = 0 | |
default_ttl = 3600 | |
max_ttl = 86400 | |
} | |
restrictions { | |
geo_restriction { | |
restriction_type = "none" | |
} | |
} | |
viewer_certificate { | |
acm_certificate_arn = "${data.aws_acm_certificate.s3_domain_certificate.arn}" | |
ssl_support_method = "sni-only" | |
} | |
} | |
// Add route with alias to the bucket | |
resource "aws_route53_record" "s3_bucket_route" { | |
zone_id = "${var.route53_zone_id}" | |
name = "${var.bucket_name}" | |
type = "A" | |
alias { | |
name = "${aws_cloudfront_distribution.s3_distribution.domain_name}" | |
zone_id = "${aws_cloudfront_distribution.s3_distribution.hosted_zone_id}" | |
evaluate_target_health = true | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment