This repository has been archived by the owner on Nov 27, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
147 lines (119 loc) · 3.33 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
provider "aws" {
region = var.aws_region
profile = var.aws_profile
version = "~> 2.7"
assume_role {
role_arn = "arn:aws:iam::754135023419:role/administrator-service"
}
}
provider "aws" {
alias = "us-east-1"
region = "us-east-1"
profile = var.aws_profile
assume_role {
role_arn = "arn:aws:iam::754135023419:role/administrator-service"
}
}
# Data source for the availability zones in this zone
data "aws_availability_zones" "available" {}
# Data source for current account number
data "aws_caller_identity" "current" {}
# Data source for ACM certificate
data "aws_acm_certificate" "vulnpryer" {
provider = aws.us-east-1
domain = "vulnpryer.net"
}
/*
------------------
| Certificate(s) |
------------------
*/
resource "aws_acm_certificate" "vulnpryer" {
provider = aws.us-east-1
domain_name = "vulnpryer.net"
subject_alternative_names = ["*.vulnpryer.net"]
validation_method = "DNS"
tags = {
managed_by = "Terraform"
project = var.project
Name = "vulnpryer.net"
}
lifecycle {
create_before_destroy = true
}
}
resource "aws_route53_record" "vulnpryer_cert_validation" {
zone_id = aws_route53_zone.vulnpryer.zone_id
name = aws_acm_certificate.vulnpryer.domain_validation_options.0.resource_record_name
type = aws_acm_certificate.vulnpryer.domain_validation_options.0.resource_record_type
records = [aws_acm_certificate.vulnpryer.domain_validation_options.0.resource_record_value]
ttl = "600"
}
data "terraform_remote_state" "main" {
backend = "s3"
config = {
bucket = "infrastructure-severski"
key = "terraform/infrastructure.tfstate"
region = "us-west-2"
encrypt = "true"
}
}
/*
---------------------------
| CloudFront Distribution |
---------------------------
*/
resource "aws_cloudfront_distribution" "vp" {
origin {
origin_id = "myGithubOrigin"
domain_name = "davidski.github.io"
origin_path = "/VulnPryer"
custom_origin_config {
http_port = 80
https_port = 443
origin_protocol_policy = "https-only"
origin_ssl_protocols = ["TLSv1.2"]
}
}
enabled = true
is_ipv6_enabled = true
comment = "VulnPryer Website"
default_root_object = "index.html"
logging_config {
include_cookies = false
bucket = "${data.terraform_remote_state.main.outputs.auditlogs}.s3.amazonaws.com"
prefix = "cloudfront/vulnpryer"
}
aliases = ["www.vulnpryer.net", "vulnpryer.net"]
default_cache_behavior {
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "myGithubOrigin"
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
}
price_class = "PriceClass_100"
restrictions {
geo_restriction {
restriction_type = "none"
}
}
tags = {
Name = "VP CloudFront"
project = var.project
managed_by = "Terraform"
}
viewer_certificate {
acm_certificate_arn = aws_acm_certificate.vulnpryer.arn
minimum_protocol_version = "TLSv1.2_2018"
ssl_support_method = "sni-only"
}
}