Skip to content

Latest commit

 

History

History
185 lines (155 loc) · 19.3 KB

README.md

File metadata and controls

185 lines (155 loc) · 19.3 KB

Terraform module for static site hosting

This module will create S3 bucket as storage for site and connect it with CloudFront for exposing it to public. It also creates TLS certificates for it.

Usage

provider "aws" {
  alias  = "us_east_1"
  region = "us-east-1"
}

module "static-site" {
  source  = "cookielab/static-site/aws"
  version = "~> 2.1"

  providers = {
    aws.us_east_1 = aws.us_east_1
  }

  domains        = ["www.example.com"]
  domain_zone_id = aws_route53_zone.example_com.zone_id
  s3_bucket_name = "example_com_web"
}

Requirements

Name Version
terraform >= 1.1, < 2.0
aws ~> 4.32

Providers

Name Version
aws ~> 4.32

Modules

Name Source Version
certificate terraform-aws-modules/acm/aws 4.3.1
gitlab ./modules/gitlab n/a
s3_bucket terraform-aws-modules/s3-bucket/aws 3.6.0

Resources

Name Type
aws_cloudfront_distribution.this resource
aws_cloudfront_origin_access_identity.this resource
aws_iam_access_key.deploy resource
aws_iam_user.deploy resource
aws_iam_user_policy.deploy resource
aws_route53_record.this resource
aws_iam_policy_document.bucket_policy data source
aws_iam_policy_document.deploy data source

Inputs

Name Description Type Default Required
cloudfront_price_class n/a string "PriceClass_100" no
domain_zone_id The ID of the hosted zone for domain string n/a yes
domains List of domain aliases. You can also specify wildcard eg.: *.example.com list(string) n/a yes
gitlab_environment n/a string "*" no
gitlab_project_id n/a string null no
logs_bucket n/a string null no
s3_bucket_name n/a string n/a yes
tags n/a map(string) {} no

Outputs

Name Description
aws_access_key_id n/a
aws_cloudfront_distribution_id n/a
aws_s3_bucket_name n/a
aws_secret_access_key n/a

Requirements

Name Version
terraform >= 1.5, < 2.0
aws ~> 5.27
gitlab >= 15.7, < 18.0

Providers

Name Version
aws 5.61.0
gitlab 17.2.0

Modules

Name Source Version
certificate terraform-aws-modules/acm/aws 5.1.1
gitlab ./modules/gitlab n/a
s3_bucket terraform-aws-modules/s3-bucket/aws 4.7.0

Resources

Name Type
aws_cloudfront_distribution.this resource
aws_cloudfront_origin_access_control.this resource
aws_cloudfront_origin_access_identity.this resource
aws_cloudfront_response_headers_policy.this resource
aws_iam_access_key.deploy resource
aws_iam_role.deploy resource
aws_iam_role_policy.deploy resource
aws_iam_user.deploy resource
aws_iam_user_policy.deploy resource
aws_kms_alias.this resource
aws_kms_key.this resource
aws_kms_key_policy.this resource
aws_route53_record.extra resource
aws_route53_record.this resource
aws_caller_identity.current data source
aws_cloudfront_cache_policy.managed_caching_disabled data source
aws_cloudfront_origin_request_policy.managed_all_viewer_and_cloudfront_headers data source
aws_iam_openid_connect_provider.gitlab data source
aws_iam_policy_document.assume_role data source
aws_iam_policy_document.deploy data source
aws_iam_policy_document.kms_key_policy data source
aws_iam_policy_document.s3_bucket_policy data source
aws_region.current data source
gitlab_project.this data source

Inputs

Name Description Type Default Required
aws_env_vars_suffix Append suffix for Gitlab CI/CD environment variables if needed string "" no
cloudfront_price_class CloudFront price class string "PriceClass_100" no
custom_headers n/a 
object({
    headers = optional(map(object({
      override = optional(bool, true)
      value    = string
    })))
    cors_rules = optional(object({
      use             = optional(bool, false)
      allowed_headers = optional(list(string))
      allowed_methods = optional(list(string))
      allowed_origins = optional(list(string))
      expose_headers  = optional(list(string))
      max_age_seconds = optional(number)
      override        = optional(bool, true)
    }), null)
    frame_options = optional(object({
      use          = optional(bool, false)
      frame_option = string
      override     = optional(bool, true)
    }), null)
    referrer_policy = optional(object({
      use             = optional(bool, false)
      referrer_policy = string
      override        = optional(bool, true)
    }), null)
    xss_protection = optional(object({
      use        = optional(bool, false)
      mode_block = bool
      protection = bool
      override   = optional(bool, true)
    }), null)
    content_security_policy = optional(object({
      use                     = optional(bool, false)
      content_security_policy = string
      override                = optional(bool, true)
    }), null)
    strict_transport_security = optional(object({
      use                        = optional(bool, false)
      access_control_max_age_sec = string
      include_subdomains         = bool
      preload                    = bool
      override                   = optional(bool, true)
    }), null)
    content_type_options = optional(object({
      override = optional(bool, true)
    }), null)
  })
 null no
default_ttl Default amount of time that you want objects to stay in a CloudFront cache number 3600 no
domain_zone_id The ID of the hosted zone for domain string n/a yes
domains List of domain aliases. You can also specify wildcard eg.: *.example.com list(string) n/a yes
enable_deploy_role Toggle IAM role creation for S3 deploy & CloudFront invalidation; This requires existing aws_iam_openid_connect_provider matching domain of your gitlab provider bool false no
enable_deploy_user Toggle s3 deploy user creation bool true no
encrypt_with_kms Enable server side s3 bucket encryption with KMS key bool false no
extra_domains Map of extra_domains with domain name and zone_id map(string) {} no
functions n/a 
object({
    viewer_request  = optional(string)
    viewer_response = optional(string)
  })
 {} no
gitlab_environment GitLab environment name string "*" no
gitlab_project_id Deprecated: Use gitlab_project_ids instead string "" no
gitlab_project_ids Integrates with GitLab CI/CD to deploy site and invalidate CloudFront cache list(string) [] no
kms_deletion_window_in_days The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key number 30 no
kms_key_policy Additional KSM key policy string "{}" no
logs_bucket Bucket to store CloudFront logs string null no
logs_bucket_domain_name n/a string null no
max_ttl Maximum amount of time that you want objects to stay in a CloudFront cache number 86400 no
min_ttl Minimum amount of time that you want objects to stay in a CloudFront cache number 0 no
origin_path Cloudfront origin path string "" no
override_status_code_403 Override status code for 403 error number 403 no
override_status_code_404 Override status code for 404 error number 200 no
proxy_paths n/a 
list(object({
    origin_domain = string
    path_prefix   = string
  }))
 [] no
response_header_access_control_allow_credentials n/a bool false no
response_header_origin_override n/a bool false no
restriction_type Apply for geo restrictions, values: none, whitelist, blacklist string "none" no
restrictions_locations List of country codes list(string) null no
s3_bucket_name n/a string n/a yes
s3_bucket_policy Additional S3 bucket policy string "{}" no
s3_cors_rule List of maps containing rules for Cross-Origin Resource Sharing. 
list(object({
    allowed_headers = optional(list(string))
    allowed_methods = optional(list(string))
    allowed_origins = optional(list(string))
    expose_headers  = optional(list(string))
    max_age_seconds = optional(number)
  }))
 [] no
tags n/a map(string) {} no
waf_acl_arn WAF ACL ARN string null no

Outputs

Name Description
aws_access_key_id n/a
aws_cloudfront_distribution_id n/a
aws_s3_bucket_arn n/a
aws_s3_bucket_name n/a
aws_s3_bucket_regional_domain_name n/a
aws_secret_access_key n/a
s3_kms_key_arn n/a