Skip to content

Latest commit

 

History

History
166 lines (144 loc) · 26.7 KB

README.md

File metadata and controls

166 lines (144 loc) · 26.7 KB
Raw

AWS S3 Static Website

This Terraform module provides the required infrastructure to host a static website on S3.

Usage

Check versions for this module on:

Install pre commit hooks.

Run this command right after cloning the repository.

    pre-commit install

For that you may need to install the following tools:

In order to run all checks at any point run the following command:

    pre-commit run --all-files

Requirements

Name Version
terraform >= 0.13
aws >= 4.0

Providers

Name Version
aws.acm_provider 4.15.1
aws.main 4.15.1

Modules

Name Source Version
s3_logs_bucket cn-terraform/logs-s3-bucket/aws 1.0.5

Resources

Name Type
aws_acm_certificate.cert resource
aws_acm_certificate_validation.cert_validation resource
aws_cloudfront_distribution.website resource
aws_cloudfront_origin_access_identity.cf_oai resource
aws_route53_record.acm_certificate_validation_records resource
aws_route53_record.website_cloudfront_record resource
aws_route53_record.www_website_record resource
aws_route53_zone.hosted_zone resource
aws_s3_bucket.website resource
aws_s3_bucket_acl.website resource
aws_s3_bucket_cors_configuration.website resource
aws_s3_bucket_logging.website resource
aws_s3_bucket_policy.website resource
aws_s3_bucket_public_access_block.website_bucket_public_access_block resource
aws_s3_bucket_server_side_encryption_configuration.website_bucket_website_server_side_encryption_configuration resource
aws_s3_bucket_versioning.website resource

Inputs

Name Description Type Default Required
acm_certificate_arn_to_use ACM Certificate ARN to use in case you disable automatic certificate creation. Certificate must be in us-east-1 region. string "" no
aws_accounts_with_read_view_log_bucket List of AWS accounts with read permissions to log bucket list(string) [] no
cloudfront_additional_origins (Optional) List of origin configurations in addiiton to the bucket that hosts the static web site. No support yet for origin shield. list(object) [] no
cloudfront_allowed_cached_methods (Optional) Specifies which methods are allowed and cached by CloudFront. Can be GET, PUT, POST, DELETE or HEAD. Defaults to GET and HEAD list(string) 
[
  "GET",
  "HEAD"
]
 no
cloudfront_custom_error_responses A list of custom error responses 
list(object({
    error_caching_min_ttl = number
    error_code            = number
    response_code         = number
    response_page_path    = string
  }))
 [] no
cloudfront_default_root_object (Optional) - The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. Defaults to index.html string "index.html" no
cloudfront_enable_compression (Optional, Default:false) Enable compression with Gzip or Brotli for requests with a valid Accept-Encoding header bool false no
cloudfront_function_association (Optional - up to 2 per distribution) List containing information to associate a CF function to cloudfront. The first field is event_type of the CF function associated with default cache behavior, it can be viewer-request or viewer-response 
list(object({
    event_type   = string
    function_arn = string
  }))
 [] no
cloudfront_geo_restriction_locations (Optional) - The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist). Defaults to [] list(string) [] no
cloudfront_geo_restriction_type The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist. Defaults to none string "none" no
cloudfront_http_version (Optional) - The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2. string "http2" no
cloudfront_ordered_cache_behaviors (Optional) - List of ordered cache behavior configurations. No support yet for function associations or trusted key groups. list(object) [] no
cloudfront_price_class (Optional) - The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100. Defaults to PriceClass_100 string "PriceClass_100" no
cloudfront_viewer_protocol_policy Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https. Defautls to redirect-to-https string "redirect-to-https" no
cloudfront_web_acl_id (Optional) A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. string null no
cloudfront_website_retain_on_delete (Optional) - Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. Defaults to false. bool false no
cloudfront_website_wait_for_deployment (Optional) - If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Defaults to true. bool true no
comment_for_cloudfront_website Comment for the Website CloudFront Distribution string "" no
create_acm_certificate Enable or disable automatic ACM certificate creation. If set to false, the variable acm_certificate_arn_to_use is required. Defaults to true bool true no
create_route53_hosted_zone Enable or disable Route 53 hosted zone creation. If set to false, the variable route53_hosted_zone_id is required. Defaults to true bool true no
create_route53_website_records Enable or disable creation of Route 53 records in the hosted zone. Defaults to true bool true no
is_ipv6_enabled (Optional) - Whether the IPv6 is enabled for the distribution. Defaults to true bool true no
log_bucket_force_destroy (Optional, Default:false) A boolean that indicates all objects (including any locked objects) should be deleted from the log bucket so that the bucket can be destroyed without error. These objects are not recoverable. bool false no
log_bucket_versioning_mfa_delete (Optional) Specifies whether MFA delete is enabled in the bucket versioning configuration. Valid values: Enabled or Disabled. Defaults to Disabled string "Disabled" no
log_bucket_versioning_status (Optional) The versioning state of the bucket. Valid values: Enabled or Suspended. Defaults to Enabled string "Enabled" no
name_prefix Name prefix for resources on AWS any n/a yes
route53_hosted_zone_id The Route 53 hosted zone ID to use if create_route53_hosted_zone is false string "" no
tags Resource tags map(string) {} no
website_bucket_acl (Optional) The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. string "private" no
website_bucket_force_destroy (Optional, Default:false) A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. bool false no
website_cors_additional_allowed_origins (Optional) Specifies which origins are allowed besides the domain name specified list(string) [] no
website_cors_allowed_headers (Optional) Specifies which headers are allowed. Defaults to Authorization and Content-Length list(string) 
[
  "Authorization",
  "Content-Length"
]
 no
website_cors_allowed_methods (Optional) Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD. Defaults to GET and POST list(string) 
[
  "GET",
  "POST"
]
 no
website_cors_expose_headers (Optional) Specifies expose header in the response. list(string) [] no
website_cors_max_age_seconds (Optional) Specifies time in seconds that browser can cache the response for a preflight request. Defaults to 3600 number 3600 no
website_domain_name The domain name to use for the website string n/a yes
website_error_document (Optional) An absolute path to the document to return in case of a 4XX error. Defaults to 404.html string "404.html" no
website_index_document Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders. Defaults to index.html string "index.html" no
website_server_side_encryption_configuration (Optional) Map containing server-side encryption configuration for the website bucket. Defaults to no encryption. See examples/complete/main.tf for configuration example. any {} no
website_versioning_mfa_delete (Optional) Specifies whether MFA delete is enabled in the bucket versioning configuration. Valid values: Enabled or Disabled. Defaults to Disabled string "Disabled" no
website_versioning_status (Optional) The versioning state of the bucket. Valid values: Enabled or Suspended. Defaults to Enabled string "Enabled" no
www_website_bucket_acl (Optional) The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. string "private" no
www_website_bucket_force_destroy (Optional, Default:false) A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. bool false no
www_website_redirect_enabled (Optional) Whether to redirect www subdomain. Defaults to true. bool true no
www_website_versioning_enabled (Optional) Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. Defaults to true bool true no
www_website_versioning_mfa_delete (Optional) Enable MFA delete for either change the versioning state of your bucket or permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS. bool false no

Outputs

Name Description
acm_certificate_arn The ARN of the certificate
acm_certificate_domain_name The domain name for which the certificate is issued
acm_certificate_domain_validation_options Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g. if SANs are defined.
acm_certificate_id The ARN of the certificate
acm_certificate_status Status of the certificate.
acm_certificate_tags_all A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
cert_validation_certificate_arn The ARN of the certificate that is being validated.
cert_validation_id The time at which the certificate was issued
cert_validation_validation_record_fqdns List of FQDNs that implement the validation.
cloudfront_website_arn The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
cloudfront_website_caller_reference Internal value used by CloudFront to allow future updates to the distribution configuration.
cloudfront_website_domain_name The domain name corresponding to the distribution. For example: d604721fxaaqy9.cloudfront.net.
cloudfront_website_etag The current version of the distribution's information. For example: E2QWRUHAPOMQZL.
cloudfront_website_hosted_zone_id The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
cloudfront_website_id The identifier for the distribution. For example: EDFDVBD632BHDS5.
cloudfront_website_in_progress_validation_batches The number of invalidation batches currently in progress.
cloudfront_website_last_modified_time The date and time the distribution was last modified.
cloudfront_website_status The current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system.
cloudfront_website_tags_all A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
cloudfront_website_trusted_key_groups List of nested attributes for active trusted key groups, if the distribution is set up to serve private content with signed URLs
cloudfront_website_trusted_signers List of nested attributes for active trusted signers, if the distribution is set up to serve private content with signed URLs
hosted_zone_id The Hosted Zone ID. This can be referenced by zone records.
hosted_zone_name_servers A list of name servers in the associated (or default) delegation set. Find more about delegation sets in AWS docs.
hosted_zone_tags_all A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
route_53_record_website_fqdn FQDN built using the zone domain and name.
route_53_record_website_name The name of the record.
route_53_record_www_website_fqdn FQDN built using the zone domain and name.
route_53_record_www_website_name The name of the record.
website_bucket_arn The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
website_bucket_domain_name The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
website_bucket_hosted_zone_id The Route 53 Hosted Zone ID for this bucket's region.
website_bucket_id The name of the bucket.
website_bucket_region The AWS region this bucket resides in.
website_bucket_regional_domain_name The bucket region-specific domain name. The bucket domain name including the region name, please refer to https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoints when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
website_bucket_tags_all A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
website_logs_bucket_id The name of the bucket which holds the access logs