http_redirect.tf

variable "source_domain" {}

variable "destination_domain" {}

variable "certificate_arn" {}

variable "protocol" {
  default = "https"
}

variable "status_code" {
  default = 301
}

data "aws_route53_zone" "main" {
  name = "${var.source_domain}"
}

resource "aws_s3_bucket" "main" {
  bucket = "${var.source_domain}"
  acl    = "private"

  versioning {
    enabled = true
  }

  tags {
    Name = "${var.source_domain}"
  }

  lifecycle {
    prevent_destroy = false
  }

  website {
    index_document = "index.html"

    routing_rules = <<EOF
      [{
        "Redirect": {
          "HostName": "${var.destination_domain}",
          "Protocol": "${var.protocol}",
          "HttpRedirectCode": "${var.status_code}"
        }
      }]
EOF
  }
}

resource "aws_cloudfront_distribution" "main" {
  enabled          = true
  aliases          = ["${var.source_domain}"]
  price_class      = "PriceClass_All"
  comment          = "Managed by Terraform"
  retain_on_delete = true
  http_version     = "http2"
  is_ipv6_enabled  = true

  origin {
    origin_id   = "${var.source_domain}"
    origin_path = ""
    domain_name = "${aws_s3_bucket.main.website_endpoint}"

    custom_origin_config {
      http_port              = 80
      https_port             = 443
      origin_protocol_policy = "http-only"
      origin_ssl_protocols   = ["TLSv1.1", "TLSv1.2"]
    }
  }

  default_cache_behavior {
    target_origin_id       = "${var.source_domain}"
    viewer_protocol_policy = "allow-all"
    allowed_methods        = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
    cached_methods         = ["GET", "HEAD", "OPTIONS"]
    compress               = true
    min_ttl                = 0
    max_ttl                = 3600
    default_ttl            = 3600

    forwarded_values {
      query_string = true
      headers      = ["*"]

      cookies {
        forward = "all"
      }
    }
  }

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  viewer_certificate {
    cloudfront_default_certificate = false
    acm_certificate_arn            = "${var.certificate_arn}"
    minimum_protocol_version       = "TLSv1.1_2016"
    ssl_support_method             = "sni-only"
  }

  custom_error_response {
    error_code            = 400
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code            = 403
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code            = 404
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code            = 405
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code            = 414
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code            = 416
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code            = 500
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code            = 501
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code            = 502
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code            = 503
    error_caching_min_ttl = 0
  }

  custom_error_response {
    error_code            = 504
    error_caching_min_ttl = 0
  }

  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_route53_record" "main" {
  zone_id = "${data.aws_route53_zone.main.zone_id}"
  name    = "${var.source_domain}"
  type    = "A"

  alias {
    name                   = "${aws_cloudfront_distribution.main.domain_name}"
    zone_id                = "${aws_cloudfront_distribution.main.hosted_zone_id}"
    evaluate_target_health = false
    evaluate_target_health = false
  }
}