phouse512/main.tf

## main.tf
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "3.19.0"
    }
  }
}

provider "aws" {
  # region can be overriden, parameterized if desired
  region = "us-east-2"
}

# PARAMETERS, certificate and hosted zone id required
locals {
  s3_origin_id = "myS3Origin"
  certficate_arn = "<certificate_arn_here>"
  dns_zone_id = "<hosted_zone_id>"
}

# s3 bucket configuration
resource "aws_s3_bucket" "bucket" {
  bucket = "<your_bucket_name_here>"
  acl    = "private"

  website {
    # change this if you have something like root.html or home.html configured instead
    index_document = "index.html"
  }

  # feel free to modify tags for your own use, used for cost analytics
  tags = {
    Service = "<service_name>"
    Operation = "app-hosting"
    Environment = "prod"
  }
}

// cloudfront principal identity for s3 access
resource "aws_cloudfront_origin_access_identity" "s3_access_identity" {
  comment = "Cloudfront user for S3 bucket access."
}

// cloudfront distribution configuration
resource "aws_cloudfront_distribution" "s3_distribution" {
  origin {
    domain_name = aws_s3_bucket.bucket.bucket_regional_domain_name
    origin_id = local.s3_origin_id

    s3_origin_config {
      origin_access_identity = aws_cloudfront_origin_access_identity.s3_access_identity.cloudfront_access_identity_path
    }
  }

  enabled = true
  is_ipv6_enabled = true
  comment = "Host for Blog"
  default_root_object = "index.html"

  # logging_config {
  #   include_cookies = false
  #   bucket          = "mylogs.s3.amazonaws.com"
  #   prefix          = "myprefix"
  # }

  aliases = ["<domain desired here, ex: blog.customdomain.com>"]

  default_cache_behavior {
    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = local.s3_origin_id

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "allow-all"
    min_ttl                = 0
    default_ttl            = 3600
    max_ttl                = 86400
  }

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  price_class = "PriceClass_100"

  viewer_certificate {
    acm_certificate_arn = local.certficate_arn
    ssl_support_method = "sni-only"
  }

  tags = {
    Service = "<your_service_name>"
    Operation = "cdn"
    Environment = "prod"
  }
}

// json policy for cloudfront -> s3 access
data "aws_iam_policy_document" "s3_policy" {
  statement {
    actions = ["s3:GetObject"]
    resources = [
      "${aws_s3_bucket.bucket.arn}/*"
    ]

    principals {
      type = "AWS"
      identifiers = [ aws_cloudfront_origin_access_identity.s3_access_identity.iam_arn ]
    }
  }
}

// iam policy
resource "aws_s3_bucket_policy" "s3_read_access" {
  bucket = aws_s3_bucket.bucket.id
  policy = data.aws_iam_policy_document.s3_policy.json
}

// dns route to cloudfront
resource "aws_route53_record" "app_route" {
  zone_id = local.dns_zone_id
  name = "blog.customdomain.com"
  type = "A"

  alias {
    name = aws_cloudfront_distribution.s3_distribution.domain_name
    zone_id = aws_cloudfront_distribution.s3_distribution.hosted_zone_id
    evaluate_target_health = false
  }
}
	terraform {
	required_providers {
	aws = {
	source = "hashicorp/aws"
	version = "3.19.0"
	}
	}
	}

	provider "aws" {
	# region can be overriden, parameterized if desired
	region = "us-east-2"
	}

	# PARAMETERS, certificate and hosted zone id required
	locals {
	s3_origin_id = "myS3Origin"
	certficate_arn = "<certificate_arn_here>"
	dns_zone_id = "<hosted_zone_id>"
	}

	# s3 bucket configuration
	resource "aws_s3_bucket" "bucket" {
	bucket = "<your_bucket_name_here>"
	acl = "private"

	website {
	# change this if you have something like root.html or home.html configured instead
	index_document = "index.html"
	}

	# feel free to modify tags for your own use, used for cost analytics
	tags = {
	Service = "<service_name>"
	Operation = "app-hosting"
	Environment = "prod"
	}
	}

	// cloudfront principal identity for s3 access
	resource "aws_cloudfront_origin_access_identity" "s3_access_identity" {
	comment = "Cloudfront user for S3 bucket access."
	}

	// cloudfront distribution configuration
	resource "aws_cloudfront_distribution" "s3_distribution" {
	origin {
	domain_name = aws_s3_bucket.bucket.bucket_regional_domain_name
	origin_id = local.s3_origin_id

	s3_origin_config {
	origin_access_identity = aws_cloudfront_origin_access_identity.s3_access_identity.cloudfront_access_identity_path
	}
	}

	enabled = true
	is_ipv6_enabled = true
	comment = "Host for Blog"
	default_root_object = "index.html"

	# logging_config {
	# include_cookies = false
	# bucket = "mylogs.s3.amazonaws.com"
	# prefix = "myprefix"
	# }

	aliases = ["<domain desired here, ex: blog.customdomain.com>"]

	default_cache_behavior {
	allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
	cached_methods = ["GET", "HEAD"]
	target_origin_id = local.s3_origin_id

	forwarded_values {
	query_string = false

	cookies {
	forward = "none"
	}
	}

	viewer_protocol_policy = "allow-all"
	min_ttl = 0
	default_ttl = 3600
	max_ttl = 86400
	}

	restrictions {
	geo_restriction {
	restriction_type = "none"
	}
	}

	price_class = "PriceClass_100"

	viewer_certificate {
	acm_certificate_arn = local.certficate_arn
	ssl_support_method = "sni-only"
	}

	tags = {
	Service = "<your_service_name>"
	Operation = "cdn"
	Environment = "prod"
	}
	}

	// json policy for cloudfront -> s3 access
	data "aws_iam_policy_document" "s3_policy" {
	statement {
	actions = ["s3:GetObject"]
	resources = [
	"${aws_s3_bucket.bucket.arn}/*"
	]

	principals {
	type = "AWS"
	identifiers = [ aws_cloudfront_origin_access_identity.s3_access_identity.iam_arn ]
	}
	}
	}

	// iam policy
	resource "aws_s3_bucket_policy" "s3_read_access" {
	bucket = aws_s3_bucket.bucket.id
	policy = data.aws_iam_policy_document.s3_policy.json
	}

	// dns route to cloudfront
	resource "aws_route53_record" "app_route" {
	zone_id = local.dns_zone_id
	name = "blog.customdomain.com"
	type = "A"

	alias {
	name = aws_cloudfront_distribution.s3_distribution.domain_name
	zone_id = aws_cloudfront_distribution.s3_distribution.hosted_zone_id
	evaluate_target_health = false
	}
	}