luciano/diff2html
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #183 from rtfpessoa/update-terraform

Browse source 
Update terraform
This commit is contained in:
Rodrigo Fernandes 2018-11-25 11:18:06 +00:00 committed by GitHub
commit 39f8d9b972
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 92 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
terraform/main.tf
View file

@ -46,12 +46,12 @@ resource "aws_route53_record" "root_domain" {
resource "aws_route53_record" "www_domain" { resource "aws_route53_record" "www_domain" {
zone_id = "${var.hosted_zone_id}" zone_id = "${var.hosted_zone_id}"
name = "www.${var.domain}" name = "${local.www_domain}"
type = "A" type = "A"
alias { alias {
name = "${aws_cloudfront_distribution.cdn.domain_name}" name = "${aws_cloudfront_distribution.www_cdn.domain_name}"
zone_id = "${aws_cloudfront_distribution.cdn.hosted_zone_id}" zone_id = "${aws_cloudfront_distribution.www_cdn.hosted_zone_id}"
evaluate_target_health = false evaluate_target_health = false
} }
} }
@ -75,6 +75,12 @@ resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
comment = "${var.domain} origin access identity" comment = "${var.domain} origin access identity"
} }
locals {
s3_origin_id = "S3-${var.domain}"
s3_www_origin_id = "S3-www-${var.domain}"
www_domain = "www.${var.domain}"
}
resource "aws_s3_bucket" "site" { resource "aws_s3_bucket" "site" {
bucket = "${var.domain}" bucket = "${var.domain}"
acl = "private" acl = "private"
@ -90,11 +96,7 @@ resource "aws_s3_bucket" "site" {
"Resource": "arn:aws:s3:::${var.domain}/*" "Resource": "arn:aws:s3:::${var.domain}/*"
}] }]
} }
EOF EOF
}
locals {
s3_origin_id = "S3-${var.domain}"
} }
resource "aws_cloudfront_distribution" "cdn" { resource "aws_cloudfront_distribution" "cdn" {
@ -108,7 +110,7 @@ resource "aws_cloudfront_distribution" "cdn" {
} }
# If using route53 aliases for DNS we need to declare it here too, otherwise we'll get 403s. # If using route53 aliases for DNS we need to declare it here too, otherwise we'll get 403s.
aliases = ["${var.domain}", "www.${var.domain}"] aliases = ["${var.domain}"]
enabled = true enabled = true
is_ipv6_enabled = true is_ipv6_enabled = true
@ -121,6 +123,71 @@ resource "aws_cloudfront_distribution" "cdn" {
forwarded_values { forwarded_values {
query_string = true query_string = true
cookies {
forward = "none"
}
}
min_ttl = 0
default_ttl = 86400
max_ttl = 31536000
compress = true
viewer_protocol_policy = "redirect-to-https"
}
price_class = "PriceClass_All"
restrictions {
geo_restriction {
restriction_type = "none"
locations = []
}
}
viewer_certificate {
acm_certificate_arn = "${aws_acm_certificate_validation.cert.certificate_arn}"
minimum_protocol_version = "TLSv1.1_2016"
ssl_support_method = "sni-only"
}
}
resource "aws_s3_bucket" "www_site" {
bucket = "${local.www_domain}"
acl = "public-read"
website {
redirect_all_requests_to = "https://${var.domain}"
}
}
resource "aws_cloudfront_distribution" "www_cdn" {
origin {
origin_id = "${local.s3_www_origin_id}"
domain_name = "${aws_s3_bucket.www_site.website_endpoint}"
custom_origin_config {
http_port = 80
https_port = 443
origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1.1", "TLSv1.2"]
}
}
# If using route53 aliases for DNS we need to declare it here too, otherwise we'll get 403s.
aliases = ["${local.www_domain}"]
enabled = true
is_ipv6_enabled = true
default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "${local.s3_www_origin_id}"
forwarded_values {
query_string = true
cookies { cookies {
forward = "none" forward = "none"
} }