Skip to content

Latest commit

 

History

History
107 lines (78 loc) · 4.58 KB

README.md

File metadata and controls

107 lines (78 loc) · 4.58 KB
Raw

Terraform Module: AWS s3 Static Site With cloudfront and ACM

This is a simple OpenTofu/Terraform module for provisioning a static website using AWS s3, cloudfront.

This module uses s3's website feature. This means that public access to the bucket needs to be permitted. In the interests of security, access to the bucket is restricted to clients that send the correct referer header. The CloudFront distribution is configured to include this header when making requests to the s3 website origin.

Unlike many examples, this does not create a bucket and distribution for a www subdomain as well as the main domain. This is because the www. convention isn't as widespread as it once was. The additional complexity and cost aren't justified.

Example

Below is a minimal working main.tf.

terraform {
  backend "s3" {
    bucket = "YOUR_TERRAFORM_BACKEND_BUCKET"
    key    = "YOUR_DOMAIN_NAME"
    region = "THE_REGION_OF_YOUR_TERRAFORM_BACKEND_BUCKET"
  }

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

module "site" {
  source = "git::https://github.com/simoncrowe/terraform-aws-s3-static-site-cloudfront.git"

  domain = "YOUR_DOMAIN_NAME"
  acm_cert_arn = "arn:aws:acm:us-east-1:YOUR_ACCOUNT_ID:certificate/YOUR_CERTIFICATE_UUID"
}


output "site_cdn_domain" {
    value = module.site.cloudfront_distribution_domain
}

Manual steps

This module does not include certificate validation or other DNS config. You will need to do the following manually.

before terraform/tofu apply

  • Add a public certificate for your domain using ACM in the us-west-1 AWS region (Northern Virginia). Use the ARN of this certificate for the acm_cert_arn to this module.
  • Add CNAME DNS records to your domain to validate the ACM certificate.

After terraform/tofu apply

  • Once the CDN exists, add a CNAME DNS record pointing to its domain name (somerandomchars.cloudfront.net) to your domain.

Requirements

Name Version
aws ~> 5.0

Providers

Name Version
aws 5.49.0
random 3.6.1

Modules

No modules.

Resources

Name Type
aws_cloudfront_distribution.this resource
aws_s3_bucket.this resource
aws_s3_bucket_policy.this resource
aws_s3_bucket_public_access_block.this resource
aws_s3_bucket_website_configuration.this resource
random_password.referer_secret resource
aws_iam_policy_document.this data source

Inputs

Name Description Type Default Required
acm_cert_arn ARN of the public ACM certificate for domain (must be in us-west-1) string n/a yes
cloudfront_price_class Price class for CloudFront distribution. One of PriceClass_All, PriceClass_200, PriceClass_100. string "PriceClass_100" no
domain Domain name for site. This is a root domain e.g. example.com string n/a yes
error_key The key of error page in the bucket string "error.html" no
index_key The key of the landing page in the bucket string "index.html" no

Outputs

Name Description
cloudfront_distribution_domain The domain name of your website's CDN. Set up a CNAME DNS record pointing to this domain.