From 80753b69efc66e502f02085b94b34961562ba562 Mon Sep 17 00:00:00 2001 From: Alexander Mavrogiannis <62666298+amavrogiannis@users.noreply.github.com> Date: Sun, 26 Nov 2023 14:25:30 +0000 Subject: [PATCH] Revert "adding cfn staging policy" --- infra/envs/prod/backend.tf | 8 +- infra/envs/prod/modules.tf | 14 +- infra/envs/test/backend.tf | 10 +- infra/envs/test/modules.tf | 25 ++-- infra/envs/test/variables.tf | 1 + .../web/{main_cloudfront.tf => cloudfront.tf} | 14 +- infra/modules/web/s3.tf | 15 +- infra/modules/web/s3_staging.tf | 88 ------------ infra/modules/web/staging_cloudfront.tf | 131 ------------------ infra/modules/web/variables.tf | 26 +--- 10 files changed, 40 insertions(+), 292 deletions(-) rename infra/modules/web/{main_cloudfront.tf => cloudfront.tf} (92%) delete mode 100644 infra/modules/web/s3_staging.tf delete mode 100644 infra/modules/web/staging_cloudfront.tf diff --git a/infra/envs/prod/backend.tf b/infra/envs/prod/backend.tf index eb7d037..99c89c8 100644 --- a/infra/envs/prod/backend.tf +++ b/infra/envs/prod/backend.tf @@ -23,17 +23,17 @@ terraform { provider "aws" { # alias = "main" - region = "eu-west-1" + region = "eu-west-1" # profile = var.PROFILE default_tags { tags = { - Terraform = "TRUE" + Terraform = "TRUE" } } } provider "aws" { - alias = "virginia" - region = "us-east-1" + alias = "virginia" + region = "us-east-1" # profile = var.PROFILE_US } \ No newline at end of file diff --git a/infra/envs/prod/modules.tf b/infra/envs/prod/modules.tf index 7653f76..f6b0c60 100644 --- a/infra/envs/prod/modules.tf +++ b/infra/envs/prod/modules.tf @@ -1,20 +1,14 @@ module "cvalexmav_web" { source = "../../modules/web" - primary_domain_certificate = "alexmav.co.uk" - - // Staging website bucket_name = "cv.alexmav.co.uk" - enable_website = true + + enable_website = true + # Tags + service_group = "CV_Website" environment = "Production" - // Staging webstie - enable_staging_cloudfront = true - staging_domain = "test.alexmav.co.uk" - // Tags - environment_test = "Development" - providers = { aws.virginia = aws.virginia } diff --git a/infra/envs/test/backend.tf b/infra/envs/test/backend.tf index 5734dff..99c89c8 100644 --- a/infra/envs/test/backend.tf +++ b/infra/envs/test/backend.tf @@ -22,18 +22,18 @@ terraform { } provider "aws" { - - region = "eu-west-1" + # alias = "main" + region = "eu-west-1" # profile = var.PROFILE default_tags { tags = { - Terraform = "TRUE" + Terraform = "TRUE" } } } provider "aws" { - alias = "virginia" - region = "us-east-1" + alias = "virginia" + region = "us-east-1" # profile = var.PROFILE_US } \ No newline at end of file diff --git a/infra/envs/test/modules.tf b/infra/envs/test/modules.tf index 1dc2e16..5dbbd90 100644 --- a/infra/envs/test/modules.tf +++ b/infra/envs/test/modules.tf @@ -1,18 +1,15 @@ -# module "testalexmav_web" { -# source = "../../modules/web" +module "testalexmav_web" { + source = "../../modules/web" -# bucket_name = "test.alexmav.co.uk" + bucket_name = "test.alexmav.co.uk" -# enable_website = true + enable_website = true -# enable_staging_cloudfront = false -# staging_cloudfront_id = null + # Tags + service_group = "Test_Website" + environment = "Development" -# # Tags -# service_group = "Test_Website" -# environment = "Development" - -# providers = { -# aws.virginia = aws.virginia -# } -# } \ No newline at end of file + providers = { + aws.virginia = aws.virginia + } +} \ No newline at end of file diff --git a/infra/envs/test/variables.tf b/infra/envs/test/variables.tf index 8b722d9..6dd8dd0 100644 --- a/infra/envs/test/variables.tf +++ b/infra/envs/test/variables.tf @@ -3,5 +3,6 @@ ############################################################# ### Sys environments ### +# variable "REGION" {} # variable "PROFILE" {} # variable "PROFILE_US" {} \ No newline at end of file diff --git a/infra/modules/web/main_cloudfront.tf b/infra/modules/web/cloudfront.tf similarity index 92% rename from infra/modules/web/main_cloudfront.tf rename to infra/modules/web/cloudfront.tf index bf0748e..493f5f5 100644 --- a/infra/modules/web/main_cloudfront.tf +++ b/infra/modules/web/cloudfront.tf @@ -5,14 +5,10 @@ data "aws_acm_certificate" "this" { } resource "aws_cloudfront_origin_access_identity" "this" { - comment = var.comments + comment = var.comments } resource "aws_cloudfront_distribution" "this" { - enabled = true - - continuous_deployment_policy_id = aws_cloudfront_continuous_deployment_policy.cdn_policy.id - origin { domain_name = aws_s3_bucket.this.bucket_regional_domain_name origin_id = local.s3_origin_id @@ -21,6 +17,7 @@ resource "aws_cloudfront_distribution" "this" { origin_access_identity = aws_cloudfront_origin_access_identity.this.cloudfront_access_identity_path } } + enabled = true is_ipv6_enabled = true comment = var.comments default_root_object = "index.html" @@ -98,12 +95,7 @@ resource "aws_cloudfront_distribution" "this" { ] } } - tags = merge( - local.tags, - { - Environment = "${var.environment}" - } - ) + tags = local.tags #First, create certificate, before pasting the ARN here. viewer_certificate { diff --git a/infra/modules/web/s3.tf b/infra/modules/web/s3.tf index ec11918..30111fe 100644 --- a/infra/modules/web/s3.tf +++ b/infra/modules/web/s3.tf @@ -2,14 +2,17 @@ ############## S3 Bucket Config ############################# ############################################################# +locals { + tags = { + Environment = "${var.environment}" + Service_Group = "${var.service_group}" + } + s3_origin_id = "Application" +} + resource "aws_s3_bucket" "this" { bucket = var.bucket_name - tags = merge( - local.tags, - { - Environment = "${var.environment}" - } - ) + tags = local.tags } resource "aws_s3_bucket_ownership_controls" "this" { diff --git a/infra/modules/web/s3_staging.tf b/infra/modules/web/s3_staging.tf deleted file mode 100644 index 6d90584..0000000 --- a/infra/modules/web/s3_staging.tf +++ /dev/null @@ -1,88 +0,0 @@ -############################################################# -############## S3 Bucket Config ############################# -############################################################# - -locals { - tags = { - Service_Group = "CV_Website" - } - s3_origin_id = "Application" -} - -resource "aws_s3_bucket" "this_staging" { - bucket = var.staging_domain - tags = merge( - local.tags, - { - Environment = "${var.environment_test}" - } - ) -} - -resource "aws_s3_bucket_ownership_controls" "this_staging" { - bucket = aws_s3_bucket.this_staging.id - rule { - object_ownership = "BucketOwnerPreferred" - } -} - -resource "aws_s3_bucket_server_side_encryption_configuration" "this_staging" { - bucket = aws_s3_bucket.this_staging.bucket - rule { - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" - } - } -} - -resource "aws_s3_bucket_public_access_block" "this_staging" { - bucket = aws_s3_bucket.this_staging.id - - block_public_acls = false - ignore_public_acls = false - block_public_policy = true - restrict_public_buckets = true -} - -# Website config within the bucket config. -resource "aws_s3_bucket_website_configuration" "this_staging" { - count = var.enable_staging_cloudfront ? 1 : 0 - - bucket = aws_s3_bucket.this_staging.id - index_document { - suffix = "index.html" - } - error_document { - key = "error.html" - } -} - -# Get bucket policy -resource "aws_s3_bucket_policy" "this_staging" { - count = var.enable_staging_cloudfront ? 1 : 0 - - bucket = aws_s3_bucket.this_staging.id - policy = data.aws_iam_policy_document.this_staging_policy.json - - depends_on = [data.aws_iam_policy_document.this_staging_policy] -} - -data "aws_iam_policy_document" "this_staging_policy" { - statement { - sid = "PublicReadGetObject" - actions = [ - "s3:GetObject" - ] - resources = [ - "${aws_s3_bucket.this_staging.arn}/*", - ] - principals { - type = "AWS" - identifiers = [aws_cloudfront_origin_access_identity.this_staging.iam_arn] - } - } - - depends_on = [ - aws_cloudfront_origin_access_identity.this_staging - ] -} diff --git a/infra/modules/web/staging_cloudfront.tf b/infra/modules/web/staging_cloudfront.tf deleted file mode 100644 index dcdf255..0000000 --- a/infra/modules/web/staging_cloudfront.tf +++ /dev/null @@ -1,131 +0,0 @@ -// STAGING CLOUDFRONT RESOURCE - -resource "aws_cloudfront_origin_access_identity" "this_staging" { - comment = var.comments -} - -resource "aws_cloudfront_distribution" "this_staging" { - enabled = var.enable_staging_cloudfront - staging = var.enable_staging_cloudfront - - origin { - domain_name = aws_s3_bucket.this_staging.bucket_regional_domain_name - origin_id = local.s3_origin_id - - s3_origin_config { - origin_access_identity = aws_cloudfront_origin_access_identity.this_staging.cloudfront_access_identity_path - } - } - is_ipv6_enabled = true - comment = var.comments - default_root_object = "index.html" - - aliases = [var.staging_domain] - - - default_cache_behavior { - allowed_methods = ["GET", "HEAD", "OPTIONS"] - cached_methods = ["GET", "HEAD"] - target_origin_id = local.s3_origin_id - - forwarded_values { - query_string = false - - cookies { - forward = "none" - } - } - - viewer_protocol_policy = "redirect-to-https" - min_ttl = 0 - default_ttl = 1800 - max_ttl = 3600 - } - # Cache behavior with precedence 0 - ordered_cache_behavior { - path_pattern = "/content/immutable/*" - allowed_methods = ["GET", "HEAD", "OPTIONS"] - cached_methods = ["GET", "HEAD", "OPTIONS"] - target_origin_id = local.s3_origin_id - - forwarded_values { - query_string = false - headers = ["Origin"] - - cookies { - forward = "none" - } - } - - min_ttl = 0 - default_ttl = 600 - max_ttl = 3600 - compress = true - viewer_protocol_policy = "redirect-to-https" - } - # Cache behavior with precedence 1 - ordered_cache_behavior { - path_pattern = "/content/*" - allowed_methods = ["GET", "HEAD", "OPTIONS"] - cached_methods = ["GET", "HEAD"] - target_origin_id = local.s3_origin_id - - forwarded_values { - query_string = false - - cookies { - forward = "none" - } - } - - min_ttl = 0 - default_ttl = 3600 - max_ttl = 86400 - compress = true - viewer_protocol_policy = "redirect-to-https" - } - price_class = "PriceClass_100" - restrictions { - geo_restriction { - restriction_type = "blacklist" - locations = [ - "RU", "KP", "SO", "AF", "BY", "BA", "BI", "CD", "GN", "GW", "HT", "IR", "SD", "SS", "LB", "LY", "YE", "VE", "NI" - ] - } - } - tags = merge( - local.tags, - { - Environment = "${var.environment_test}" - } - ) - - #First, create certificate, before pasting the ARN here. - viewer_certificate { - acm_certificate_arn = data.aws_acm_certificate.this.arn - cloudfront_default_certificate = false - minimum_protocol_version = "TLSv1.2_2021" - ssl_support_method = "sni-only" - } -} - -output "staging_domain_name" { - value = aws_cloudfront_distribution.this_staging.domain_name -} - -// Continuous Deployment Policy -resource "aws_cloudfront_continuous_deployment_policy" "cdn_policy" { - enabled = var.enable_staging_cloudfront - - staging_distribution_dns_names { - items = [aws_cloudfront_distribution.this_staging.domain_name] - quantity = 1 - } - - traffic_config { - type = "SingleWeight" - single_weight_config { - weight = "0.01" - } - } -} \ No newline at end of file diff --git a/infra/modules/web/variables.tf b/infra/modules/web/variables.tf index dae1b01..f1b4b03 100644 --- a/infra/modules/web/variables.tf +++ b/infra/modules/web/variables.tf @@ -8,11 +8,9 @@ variable "environment" { type = string } -variable "environment_test" { - description = "Define test env" - type = string - default = null - +variable "service_group" { + description = "Define the resource_group tag" + type = string } ### General comments for all ### @@ -21,13 +19,6 @@ variable "comments" { default = "Managed Terraform Resource" } -// Fetch certificate data - domain name required -variable "primary_domain_certificate" { - description = "Need to enter the domain name, which the CloudFront will inherit the certificate from." - type = string - default = null -} - ### Bucket ### variable "bucket_name" { @@ -39,14 +30,3 @@ variable "enable_website" { description = "Define the resource_group tag" type = bool } - -// Staging config -variable "staging_domain" { - description = "Give a name on staging bucket" - type = string -} -variable "enable_staging_cloudfront" { - description = "Confirm this is CloudFront staging env. True or False" - type = bool - default = false -}