first real commit (#1)

* first real commit
telia-oss · Dec 7, 2018 · 6ed225c · 6ed225c
1 parent 4ff74ee
commit 6ed225c
Show file tree

Hide file tree

Showing 6 changed files with 195 additions and 14 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,6 @@
+#InteliJ IDE
+.idea/
+
 # Terraform
 **/.terraform
 **/*.tfstate*

diff --git a/README.md b/README.md
@@ -1,20 +1,14 @@
-
-
-## Instructions for this Terraform template
-
-Use this module template to scaffold a new one. Remember to change the following:
-
-- [ ] The descriptions and build badges in this [README](README).
-- [ ] Any examples in this section [examples](#examples).
-- [ ] Update [CODEOWNERS](CODEOWNERS).
-
-
-# Terraform Template Module
+# Static Site
 
 [![Build Status](https://travis-ci.com/telia-oss/terraform-module-template.svg?branch=master)](https://travis-ci.com/telia-oss/terraform-aws-static-site)
 ![](https://img.shields.io/maintenance/yes/2018.svg)
 
-Terraform module which creates *describe your intent* resources on AWS.
+Use this module to create a static website that is hosted in S3 and delivered everywhere from local edge locations using Cloudfront
+#### Prerequisites
+AWS Account with hosted zone for domain to deploy to
+
+#### Note
+This module creates a us-east-1 certificate as this is a requirement for cloudfront.
 
 ## Examples
 
@@ -27,3 +21,5 @@ Currently maintained by [these contributors](../../graphs/contributors).
 ## License
 
 MIT License. See [LICENSE](LICENSE) for full details.
+
+
diff --git a/examples/default/example.tf b/examples/default/example.tf
@@ -11,4 +11,9 @@ data "aws_subnet_ids" "main" {
 }
 
 # REST OF THE EXAMPLE
-
+module "static-example" {
+  source      = "../../"
+  name_prefix = "static-example"
+  domain_name = "example.com"
+  zone_id     = "<zone_id>"
+}
diff --git a/main.tf b/main.tf
@@ -1,4 +1,158 @@
 # ------------------------------------------------------------------------------
 # Resources
 # ------------------------------------------------------------------------------
+provider "aws" {
+  region  = "us-east-1"
+  alias   = "virginia"
+  version = "1.50"
+}
 
+resource "aws_acm_certificate" "cert_website" {
+  domain_name       = "${var.host_name}.${var.domain_name}"
+  validation_method = "DNS"
+  provider          = "aws.virginia"
+  tags              = "${var.tags}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_route53_record" "cert_website_validation" {
+  name    = "${aws_acm_certificate.cert_website.domain_validation_options.0.resource_record_name}"
+  type    = "${aws_acm_certificate.cert_website.domain_validation_options.0.resource_record_type}"
+  zone_id = "${var.zone_id}"
+  records = ["${aws_acm_certificate.cert_website.domain_validation_options.0.resource_record_value}"]
+  ttl     = 60
+}
+
+resource "aws_acm_certificate_validation" "main" {
+  certificate_arn         = "${aws_acm_certificate.cert_website.arn}"
+  validation_record_fqdns = ["${aws_route53_record.cert_website_validation.fqdn}"]
+  provider                = "aws.virginia"
+}
+
+resource "aws_s3_bucket" "website_bucket" {
+  bucket_prefix = "${var.name_prefix}-static-website-bucket"
+  acl           = "private"
+
+  website {
+    index_document = "index.html"
+    error_document = "index.html"
+  }
+}
+
+resource "aws_s3_bucket_policy" "website_bucket_policy" {
+  bucket = "${aws_s3_bucket.website_bucket.id}"
+  policy = "${data.aws_iam_policy_document.s3_policy.json}"
+}
+
+resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
+  comment = "origin access identity for s3/cloudfront"
+}
+
+resource "aws_cloudfront_distribution" "s3_distribution" {
+  depends_on = [
+    "aws_s3_bucket.website_bucket",
+    "aws_acm_certificate_validation.main",
+  ]
+
+  origin {
+    domain_name = "${aws_s3_bucket.website_bucket.bucket_regional_domain_name}"
+    origin_id   = "${aws_cloudfront_origin_access_identity.origin_access_identity.id}"
+
+    s3_origin_config {
+      origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
+    }
+  }
+
+  enabled             = true
+  is_ipv6_enabled     = true
+  default_root_object = "index.html"
+  aliases             = ["${aws_acm_certificate.cert_website.domain_name}"]
+
+  custom_error_response {
+    error_code         = 404
+    response_code      = 200
+    response_page_path = "/index.html"
+  }
+
+  default_cache_behavior {
+    allowed_methods = [
+      "DELETE",
+      "GET",
+      "HEAD",
+      "OPTIONS",
+      "PATCH",
+      "POST",
+      "PUT",
+    ]
+
+    cached_methods = [
+      "GET",
+      "HEAD",
+    ]
+
+    target_origin_id = "${aws_cloudfront_origin_access_identity.origin_access_identity.id}"
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "redirect-to-https"
+    min_ttl                = 0
+    default_ttl            = 0
+    max_ttl                = 0
+  }
+
+  price_class = "PriceClass_200"
+
+  viewer_certificate {
+    acm_certificate_arn = "${aws_acm_certificate.cert_website.arn}"
+    ssl_support_method  = "sni-only"
+  }
+
+  "restrictions" {
+    "geo_restriction" {
+      restriction_type = "none"
+    }
+  }
+}
+
+resource "aws_route53_record" "wwww_a" {
+  name    = "${var.host_name}.${var.domain_name}."
+  type    = "A"
+  zone_id = "${var.zone_id}"
+
+  alias {
+    name                   = "${aws_cloudfront_distribution.s3_distribution.domain_name}"
+    zone_id                = "${aws_cloudfront_distribution.s3_distribution.hosted_zone_id}"
+    evaluate_target_health = false
+  }
+}
+
+data "aws_iam_policy_document" "s3_policy" {
+  statement {
+    actions   = ["s3:GetObject"]
+    resources = ["${aws_s3_bucket.website_bucket.arn}/*"]
+
+    principals {
+      type        = "AWS"
+      identifiers = ["${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}"]
+    }
+  }
+
+  statement {
+    actions   = ["s3:ListBucket"]
+    resources = ["${aws_s3_bucket.website_bucket.arn}"]
+
+    principals {
+      type        = "AWS"
+      identifiers = ["${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}"]
+    }
+  }
+}
diff --git a/outputs.tf b/outputs.tf
@@ -1,4 +1,14 @@
 # ------------------------------------------------------------------------------
 # Output
 # ------------------------------------------------------------------------------
+output "website_bucket_id" {
+  value = "${aws_s3_bucket.website_bucket.id}"
+}
 
+output "website_bucket_arn" {
+  value = "${aws_s3_bucket.website_bucket.arn}"
+}
+
+output "initial_bucket_policy" {
+  value = "${data.aws_iam_policy_document.s3_policy.json}"
+}
diff --git a/variables.tf b/variables.tf
@@ -5,8 +5,21 @@ variable "name_prefix" {
   description = "A prefix used for naming resources."
 }
 
+variable "domain_name" {
+  description = "The domain (or subdomain) for this site."
+}
+
+variable "zone_id" {
+  description = "The ID of the hosted zone to contain the dns record for this site."
+}
+
 variable "tags" {
   description = "A map of tags (key-value pairs) passed to resources."
   type        = "map"
   default     = {}
 }
+
+variable "host_name" {
+  description = "The host name for this site"
+  default     = "www"
+}