viewsourceconf s3 hosting

apps/viewsourceconf/tf/.terraform/terraform.tfstate

@@ -0,0 +1,24 @@
+{
+    "version": 3,
+    "serial": 0,
+    "lineage": "cd558051-a474-4171-b8e0-27677e41fdc3",
+    "backend": {
+        "type": "s3",
+        "config": {
+            "bucket": "viewsourceconf-provisioning-tf-state",
+            "key": "tf-state",
+            "region": "us-west-2"
+        },
+        "hash": 5132883548062227893
+    },
+    "modules": [
+        {
+            "path": [
+                "root"
+            ],
+            "outputs": {},
+            "resources": {},
+            "depends_on": []
+        }
+    ]
+}

apps/viewsourceconf/tf/provision.sh

@@ -0,0 +1,68 @@
+#!/bin/bash
+
+set -e
+set -u
+
+VIEWSOURCECONF_PROVISIONING_REGION="us-west-2"
+TERRAFORM_ENV="viewsourceconf"
+VIEWSOURCECONF_PROVISIONING_BUCKET="viewsourceconf-s3-provisioning-tf-state"
+STATE_BUCKET_REGION="us-west-2"
+
+setup_tf_s3_state_store() {
+    echo "Creating Terraform state bucket at s3://${VIEWSOURCECONF_PROVISIONING_BUCKET} (region ${STATE_BUCKET_REGION})"
+    # The following environment variables are defined in config.sh
+    aws s3 mb s3://${VIEWSOURCECONF_PROVISIONING_BUCKET} --region ${STATE_BUCKET_REGION}
+}
+
+setup_tf_envs() {
+    # this MUST be run in the dir that this file resides in
+    set +e
+    terraform env new viewsourceconf
+    set -e
+}
+
+check_state_store() {
+    echo "Checking state store"
+    set +e
+    if aws s3 ls s3://${VIEWSOURCECONF_PROVISIONING_BUCKET} > /dev/null 2>&1; then
+        echo "State store already exists"
+    else
+        echo "Setting up state store"
+        setup_tf_s3_state_store
+        echo "Setting up envs"
+        setup_tf_envs
+    fi
+    set -e
+}
+
+tf_main() {
+    # it's safe to always init the s3 backend
+    terraform init
+
+    setup_tf_envs
+
+    # switch env to virginia, tokyo etc
+    terraform env select ${TERRAFORM_ENV}
+
+    # import local modules
+    terraform get
+
+    PLAN=$(mktemp)
+    terraform plan --out $PLAN
+
+
+    echo "Please verify plan output above and enter the command"
+    echo "'make it so' followed by enter to continue."
+    echo "Otherwise, Ctrl-C to abort"
+    read
+
+    # if terraform plan fails, the next command won't run due to
+    # set -e at the top of the script.
+    terraform apply $PLAN
+    rm $PLAN
+}
+
+check_state_store
+tf_main
+
+

apps/viewsourceconf/tf/terraform.tfstate.d/viewsourceconf/terraform.tfstate.backup

@@ -0,0 +1,16 @@
+{
+    "version": 3,
+    "terraform_version": "0.9.8",
+    "serial": 1,
+    "lineage": "c0d3f410-7a99-4733-a3a6-1338c43b4ef1",
+    "modules": [
+        {
+            "path": [
+                "root"
+            ],
+            "outputs": {},
+            "resources": {},
+            "depends_on": []
+        }
+    ]
+}

apps/viewsourceconf/tf/variables.tf

@@ -0,0 +1,13 @@
+variable "region" {
+  default = "us-west-2"
+}
+
+variable "hosted-zone-id-defs" {
+  # See: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_website_region_endpoints
+  type = "map"
+
+  default = {
+    us-east-1 = "Z3AQBSTGFYJSTF"
+    us-west-2 = "Z3BJ6K6RIION7M"
+  }
+}

apps/viewsourceconf/tf/viewsourceconf.tf

@@ -0,0 +1,132 @@
+provider "aws" {
+  region = "${var.region}"
+}
+
+terraform {
+  backend "s3" {
+    bucket = "viewsourceconf-provisioning-tf-state"
+    key    = "tf-state"
+    region = "us-west-2"
+  }
+}
+
+resource "aws_s3_bucket" "logs" {
+  bucket = "viewsourceconf-logs"
+  acl    = "log-delivery-write"
+}
+
+resource "aws_s3_bucket" "viewsourceconf" {
+  bucket = "viewsourceconf"
+  region = "${var.region}"
+  acl    = "log-delivery-write"
+
+  force_destroy = ""
+
+  cors_rule {
+    allowed_headers = ["*"]
+    allowed_methods = ["GET"]
+    allowed_origins = ["*"]
+    max_age_seconds = 3000
+  }
+
+  hosted_zone_id = "${lookup(var.hosted-zone-id-defs, var.region)}"
+
+  logging {
+    target_bucket = "${aws_s3_bucket.logs.id}"
+    target_prefix = "logs/"
+  }
+
+  website {
+    index_document = "index.html"
+    error_document = "error.html"
+  }
+
+  website_domain   = "s3-website-${var.region}.amazonaws.com"
+  website_endpoint = "viewsourceconf.s3-website-${var.region}.amazonaws.com"
+
+  versioning {
+    enabled = true
+  }
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Id": "viewsourceconf policy",
+  "Statement": [
+    {
+      "Sid": "viewsourceconfAllowListBucket",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "s3:ListBucket",
+      "Resource": "arn:aws:s3:::viewsourceconf"
+    },
+    {
+      "Sid": "viewsourceconfAllowIndexDotHTML",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "s3:GetObject",
+      "Resource": "arn:aws:s3:::viewsourceconf/*"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_cloudfront_distribution" "s3_distribution" {
+  origin {
+    domain_name = "viewsourceconf.s3-website-us-west-2.amazonaws.com"
+    origin_id   = "viewsourceconf"
+    custom_origin_config {
+      origin_protocol_policy = "http-only"
+      http_port = "80"
+      https_port = "443"
+      origin_ssl_protocols = ["TLSv1"]
+    }
+  }
+
+  enabled             = true
+  is_ipv6_enabled     = true
+  comment             = "No comment"
+  default_root_object = "index.html"
+
+  logging_config {
+    include_cookies = false
+    bucket          = "viewsourceconf-logs.s3.amazonaws.com"
+    prefix          = "cflogs"
+  }
+
+  aliases = ["viewsourceconf.org"]
+
+  default_cache_behavior {
+    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = "viewsourceconf"
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "redirect-to-https"
+    min_ttl                = 0
+    default_ttl            = 60
+    max_ttl                = 86400
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+
+  viewer_certificate {
+    acm_certificate_arn = "arn:aws:acm:us-east-1:236517346949:certificate/92927e4f-8b1a-4d52-9f92-3912151e5dea"
+    ssl_support_method  = "sni-only"
+
+    # https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#minimum_protocol_version
+    minimum_protocol_version = "TLSv1"
+  }
+}