Skip to content

Latest commit

 

History

History
157 lines (136 loc) · 15.5 KB

README.md

File metadata and controls

157 lines (136 loc) · 15.5 KB

Terraform AWS Static Site Hosting

Terraform CI Tflint Tfsec GitHub release

This module creates and manages Static Site hosting on AWS, mainly using S3 and Cloudfront.

Usage

Example module usage:

# Because this module _might_ utilise CloudFront resources,
# which are required to be launched in the us-east-1 region,
# an AWS provider with the 'us-east-1' region must be provided
#
# It's not yet possible to conditionally require a regional AWS provider
provider "aws" {
  region = "us-east-1"
  alias  = "useast1"
}

module "static_site_hosting" {
  source  = "github.com/chris-qa-org/terraform-aws-static-site-hosting?ref=v0.1.0"

  project_name = "my-project"

  # site_host_name = ""

  #  providers = {
  #    aws.useast1 = aws.useast1
  #  }

  # static_site_s3_acl               = "private"
  # static_site_s3_enable_encryption = true
  # enable_s3_access_logs            = false
  # s3_static_site_force_destroy     = false
  # s3_logs_force_destroy            = false

  # enable_cloudfront                          = true
  # cloudfront_static_site_web_acl_id          = null
  # cloudfront_static_site_tls_certificate_arn = ""
  # cloudfront_static_site_default_cache_behaviour = {}
  # cloudfront_static_site_custom_error_responses = {
  #    "404" = {
  #      response_code      = "404",
  #      response_page_path = "/404.html"
  #   }
  # }
  # cloudfront_static_site_default_root_object = "index.html"
  # cloudfront_static_site_price_class         = "PriceClass_100"
  # cloudfront_static_site_restrictions = {
  #   geo_restriction = {
  #     restriction_type = "none"
  #     locations        = []
  #   }
  # }
  # cloudfront_static_site_is_ipv6_enabled = true
  # cloudfront_static_site_http_version = "http2"
  # enable_cloudfront_static_site_logs = true
}

Requirements

Name Version
terraform >= 1.4.4
aws >= 4.64.0

Providers

Name Version
aws 4.64.0
aws.useast1 4.64.0

Resources

Name Type
aws_acm_certificate.cloudfront_static_site resource
aws_acm_certificate_validation.cloudfront_static_site resource
aws_cloudfront_cache_policy.static_site resource
aws_cloudfront_distribution.site_www_redirect resource
aws_cloudfront_distribution.static_site resource
aws_cloudfront_origin_access_control.static_site resource
aws_cloudfront_origin_request_policy.static_site resource
aws_route53_record.cloudfront_static_site_tls_certificate_dns_validation resource
aws_route53_record.static_site resource
aws_route53_record.static_site_www_redirect resource
aws_s3_bucket.logs resource
aws_s3_bucket.site_redirect_to_www resource
aws_s3_bucket.static_site resource
aws_s3_bucket_acl.cloudfront_logs resource
aws_s3_bucket_acl.logs resource
aws_s3_bucket_acl.site_redirect_to_www resource
aws_s3_bucket_acl.static_site resource
aws_s3_bucket_logging.site_redirect_to_www resource
aws_s3_bucket_logging.static_site resource
aws_s3_bucket_ownership_controls.logs resource
aws_s3_bucket_ownership_controls.site_redirect_to_www resource
aws_s3_bucket_ownership_controls.static_site resource
aws_s3_bucket_policy.logs resource
aws_s3_bucket_policy.site_redirect_to_www resource
aws_s3_bucket_policy.static_site resource
aws_s3_bucket_public_access_block.logs resource
aws_s3_bucket_public_access_block.site_redirect_to_www resource
aws_s3_bucket_public_access_block.static_site resource
aws_s3_bucket_server_side_encryption_configuration.logs resource
aws_s3_bucket_server_side_encryption_configuration.site_redirect_to_www resource
aws_s3_bucket_server_side_encryption_configuration.static_site resource
aws_s3_bucket_versioning.logs resource
aws_s3_bucket_versioning.site_redirect_to_www resource
aws_s3_bucket_versioning.static_site resource
aws_s3_bucket_website_configuration.site_redirect_to_www resource
aws_s3_bucket_website_configuration.static_site resource
aws_s3_object.static_site_index resource
aws_caller_identity.current data source
aws_canonical_user_id.current data source
aws_route53_zone.static_site data source

Inputs

Name Description Type Default Required
cloudfront_static_site_custom_error_responses CloudFront Static Site custom error responses 
map(object({
    response_code      = string
    response_page_path = string
  }))
 
{
  "404": {
    "response_code": "404",
    "response_page_path": "/404.html"
  }
}
 no
cloudfront_static_site_default_cache_behaviour Default cache behaviour block for the Static Site CloudFront Distribution 
object({
    allowed_methods = optional(list(string), ["GET", "HEAD"])
    cached_methods  = optional(list(string), ["GET", "HEAD"])
    cache_policy_id = optional(string, null)
    compress        = optional(bool, true)
    default_ttl     = optional(number, 0)
    lambda_function_associations = optional(map(object({
      event_type   = string
      lambda_arn   = string
      include_body = optional(bool, false)
    })), {})
    function_associations = optional(map(object({
      event_type   = string
      function_arn = string
    })), {})
    max_ttl                    = optional(number, 31536000)
    min_ttl                    = optional(number, 1)
    origin_request_policy_id   = optional(string, null)
    realtime_log_config_arn    = optional(string, null)
    response_headers_policy_id = optional(string, null)
    smooth_streaming           = optional(bool, false)
    trusted_signers            = optional(list(string), null)
    viewer_protocol_policy     = optional(string, "redirect-to-https")
  })
 {} no
cloudfront_static_site_default_root_object CloudFront Static Site default root object string "index.html" no
cloudfront_static_site_http_version CloudFront Static Site http version string "http2" no
cloudfront_static_site_is_ipv6_enabled CloudFront Static Site enable ipv6 bool true no
cloudfront_static_site_price_class CloudFront Static Site price class string "PriceClass_100" no
cloudfront_static_site_restrictions Cloudfront Static Site restrictions block 
object({
    geo_restriction = optional(object({
      restriction_type = string
      locations        = list(string)
    }))
  })
 
{
  "geo_restriction": {
    "locations": [],
    "restriction_type": "none"
  }
}
 no
cloudfront_static_site_tls_certificate_arn CloudFront static site TLS Certificate ARN. This is not required, as one will be created based on the site_url. Use this only if the created certificate is not sufficient. string "" no
cloudfront_static_site_web_acl_id CloudFront static site Web ACL id string null no
enable_cloudfront Enable creation of CloudFront Distribution bool true no
enable_cloudfront_static_site_logs Enable CloudFront Staci Site logging to the logs bucket bool true no
enable_s3_access_logs Enable S3 access logs bool true no
project_name Project Name string n/a yes
route53_zone_id Route53 zone id. If provided, the certificate validation records and site records will be created in that zone string "" no
s3_logs_force_destroy Force destroy Logs S3 bucket bool false no
s3_static_site_force_destroy Force destroy Static Site S3 bucket bool false no
site_host_name Site Host Name. This will be used for Certificate generation and CloudFront aliases string "" no
site_redirect_to_www Conditionally redirect to www.<site_host_name> bool false no
static_site_s3_acl Static Site S3 ACL string "private" no
static_site_s3_enable_encryption Static Site S3 Enable Encyption bool true no

Outputs

Name Description
aws_s3_bucket_logs The Logs S3 resource
aws_s3_bucket_static_site The Static Site S3 resource