Skip to content

Latest commit

 

History

History

aws-frontend

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
example
example
 
 
lambda-functions
lambda-functions
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

AWS Frontend

This module creates complete environment for frontend applications:

  • S3 bucket to store SPA files
  • CloudFront distribution to ensure fast access and caching
  • Lambda@Edge to ensure proper CORS headers
  • ACM certificate for HTTPS (created via aws.global provider)
  • Route53 entries to set user-friendly domain (created via aws.hosted_zone provider)

You may want to set custom providers to deploy some parts of frontend:

  • S3 bucket & IAM policies is deployed using the default aws provider
  • Lambda@Edge & ACM certificate have to be created on us-east-1 region (via aws.global provider),
  • Route53 entries can be on a different AWS account (via aws.hosted_zone provider)

If you wish to gracefully destroy this module, make sure to set scheduled_for_deletion parameter to true. Otherwise you won't be able to remove non-empty S3 bucket or Lambda@Edge functions still connected to CloudFront. Setting this flag to true may render your environment unusable, so make sure to migrate gracefully to a different environment by provisioning replacement and swapping DNS entries first.

Requirements

Name Version
terraform >= 1.0
aws ~>4.0, < 5.0

Providers

Name Version
archive n/a
aws ~>4.0, < 5.0
aws.global ~>4.0, < 5.0
aws.hosted_zone ~>4.0, < 5.0
random n/a
template n/a

Modules

No modules.

Resources

Name Type
aws_acm_certificate.certificate resource
aws_acm_certificate_validation.certificate_validation resource
aws_cloudfront_distribution.distribution resource
aws_cloudfront_origin_access_identity.s3 resource
aws_cloudwatch_log_group.edge_lambda resource
aws_cloudwatch_log_group.edge_lambda_custom resource
aws_iam_policy.deployer resource
aws_iam_role.edge_lambda resource
aws_iam_role.edge_lambda_custom resource
aws_iam_role_policy_attachment.edge_lambda resource
aws_iam_role_policy_attachment.edge_lambda_custom resource
aws_lambda_function.edge_lambda resource
aws_lambda_function.edge_lambda_custom resource
aws_route53_record.certificate_validation resource
aws_route53_record.distribution resource
aws_s3_bucket.bucket resource
aws_s3_bucket_policy.bucket resource
random_pet.s3_origin resource
archive_file.edge_lambda data source
archive_file.edge_lambda_custom data source
aws_iam_policy_document.deployer data source
aws_iam_policy_document.edge_lambda_role data source
aws_iam_policy_document.s3_policy data source
template_file.edge_lambda data source

Inputs

Name Description Type Default Required
alternative_domain_names Alternative domains under which frontend app will become available. list(string) [] no
cache_disabled_path_patterns List of path patterns that won't be cached on CloudFront. list(string) [] no
comment Comment that will be applied to all underlying resources that support it. string "Frontend application environment" no
content_security_policy Content Security Policy header parameters. map(string) 
{
  "default-src": "'self' blob:",
  "font-src": "'self'",
  "img-src": "'self'",
  "object-src": "'none'",
  "script-src": "'self' 'unsafe-inline' 'unsafe-eval'",
  "style-src": "'self' 'unsafe-inline'",
  "worker-src": "blob:"
}
 no
create_distribution_dns_records Set to false if you don't want to create DNS records for frontend. DNS domain validation will take place regardless of this flag. bool true no
custom_headers Custom headers that may override headers returned by default. map(string) {} no
default_root_object The object that you want CloudFront to return when an end user requests the root URL. string "index.html" no
domain_name Domain under which frontend app will become available. string n/a yes
edge_functions Additional Lambda@Edge functions that tmay be added to CloudFront setup. 
map(object({
    event_type     = string
    include_body   = bool
    lambda_code    = string
    lambda_runtime = string
  }))
 {} no
enabled Set to false if you don't want to create any resources. bool true no
hosted_zone_id Route53 Zone ID to put DNS record for frontend app. string n/a yes
lambda_log_retention_in_days CloudWatch log rentention time for Lambda@Edge functions. number 14 no
name Name of S3 bucket to store frontend app in. string n/a yes
not_found_page_path Fallback file to return when 404 error is encountered string "/index.html" no
scheduled_for_deletion Enable this to disconnect Lambda@Edge functions from CloudFront distribution and enables force_Destroy on S3 bucket. It's necessary to proceed with module deletion. bool false no
tags Tags that will be applied to all underlying resources that support it. map(string) {} no
wait_for_deployment If enabled, the resource will wait for the CloudFront distribution status to change from InProgress to Deployed. bool false no
web_acl_id WebACL ID for enabling whitelist access to CloudFront distribution. string null no

Outputs

Name Description
cf_distribution_id CloudFront Distribution ID
deployer_policy_arn Policy that allows for performing S3 bucket actions & CloudFront invalidation.
edge_function_roles Map of IAM role ids for custom Lambda@Edge functions passed to module.
s3_bucket S3 Bucket Name
s3_bucket_arn S3 Bucket ARN