add terraform S3&Cloudfront distribution

terraform/cloudfront/main.tf

@@ -0,0 +1,63 @@
+variable "website_endpoint" {
+ type = string
+}
+variable "bucket" {
+ type = string
+}
+
+resource "aws_cloudfront_distribution" "d" {
+ origin {
+ domain_name = var.website_endpoint
+ origin_id = "S3-${var.bucket}"
+ wait_for_deployment = false
+
+ custom_origin_config {
+ http_port = 80
+ https_port = 443
+ origin_protocol_policy = "match-viewer"
+ origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
+ }
+ }
+ default_root_object = "index.html"
+ enabled = true
+ is_ipv6_enabled = true
+
+ custom_error_response {
+ error_caching_min_ttl = 3000
+ error_code = 404
+ response_code = 200
+ response_page_path = "/404.html"
+ }
+
+ default_cache_behavior {
+ allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+ cached_methods = ["GET", "HEAD"]
+ target_origin_id = "S3-${var.bucket}"
+
+ forwarded_values {
+ query_string = true
+ cookies {
+ forward = "none"
+ }
+ }
+
+ viewer_protocol_policy = "allow-all"
+ min_ttl = 0
+ default_ttl = 3600
+ max_ttl = 86400
+
+
+ }
+
+ price_class = "PriceClass_100"
+
+ restrictions {
+ geo_restriction {
+ restriction_type = "none"
+ }
+ }
+
+ viewer_certificate {
+ cloudfront_default_certificate = true
+ }
+}

terraform/s3/main.tf

@@ -0,0 +1,49 @@
+variable "s3bucket" {
+ type = string
+}
+
+resource "aws_s3_bucket" "b" {
+ bucket = var.s3bucket
+ acl = "public-read"
+
+ cors_rule {
+ allowed_headers = ["*"]
+ allowed_methods = ["PUT", "POST"]
+ allowed_origins = ["*"]
+ expose_headers = ["ETag"]
+ max_age_seconds = 3000
+ }
+
+ website {
+ index_document = "index.html"
+ error_document = "404.html"
+ }
+
+ policy = <<EOF
+{
+ "Version": "2008-10-17",
+ "Statement": [
+ {
+ "Sid": "PublicReadForGetBucketObjects",
+ "Effect": "Allow",
+ "Principal": {
+ "AWS": "*"
+ },
+ "Action": "s3:GetObject",
+ "Resource": "arn:aws:s3:::${var.s3bucket}/*"
+ }]
+}
+EOF
+}
+
+output "bucket" {
+ value = aws_s3_bucket.b.bucket
+}
+
+output "website_endpoint" {
+ value = aws_s3_bucket.b.website_endpoint
+}
+
+output "bucket_id" {
+ value = aws_s3_bucket.b.id
+}

terraform/s3/policy.json

@@ -0,0 +1,22 @@
+{
+ "Version": "2008-10-17",
+ "Id": "PolicyForCloudFrontPrivateContent",
+ "Statement": [
+ {
+ "Sid": "1",
+ "Effect": "Allow",
+ "Principal": {
+ "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EFNACULIZQCT0"
+ },
+ "Action": "s3:GetObject",
+ "Resource": "${aws_s3_bucket.b.arn}/*"
+ },
+ {
+ "Sid": "PublicReadGetObject",
+ "Effect": "Allow",
+ "Principal": "*",
+ "Action": "s3:GetObject",
+ "Resource": "${aws_s3_bucket.b.arn}/*"
+ }
+ ]
+}

terraform/terraform.tf

@@ -0,0 +1,17 @@
+provider "aws" {
+ region = "eu-west-1"
+}
+variable s3bucket {
+ description = "Blog S3 Bucket"
+ default = "blog.test.gonzague.pagin"
+}
+module "s3" {
+ source = "./s3"
+ s3bucket = var.s3bucket
+}
+module "cloudfront" {
+ source = "./cloudfront"
+
+ website_endpoint = "${module.s3.website_endpoint}"
+ bucket = "${module.s3.bucket}"
+}