cloudmaniac / terraform-aws-static-website Goto Github PK

View Code? Open in Web Editor NEW

48.0 8.0 38.0 91 KB

Terraform Module to provision an AWS static website using Route53, S3, and CloudFront.

Home Page: https://registry.terraform.io/modules/cloudmaniac/static-website/aws/

License: MIT License

HCL 100.00%

terraform aws terraform-aws aws-s3 aws-cloudfront aws-route53 aws-acm cloudfront

terraform-aws-static-website's Introduction

AWS Static Website Terraform Module

Terraform module which provision required AWS resources to host a performant and secured static website.

Features

This Terraform module creates the following AWS resources:

AWS Certificate Manager: wildcard certificate for your domain.
S3
- Bucket #1: to store logs.
- Bucket #2: to store the content (example.com).
- Bucket #3: to redirect a different subdomain to the main domain (e.g., www.example.com redirected to example.com).
CloudFront
- Distribution #1: to frontend the website.
- Distribution #2: to frontend the subdomain that will be redirected to the main domain.
Route53 record sets pointing to the two CloudFront distributions.

Requirements

This module is meant for use with Terraform 0.12+. It has not been tested with previous versions of Terraform.
An AWS account and your credentials (aws_access_key_id and aws_secret_access_key) configured. There are several ways to do this (environment variables, shared credentials file, etc.); more information in the AWS Provider documentation.
Your domain already configured as a hosted zone on Route53.

Usage

provider "aws" {
  region                  = "eu-west-3"
  shared_credentials_file = "~/.aws/credentials"
}

module "aws_static_website" {
  source = "cloudmaniac/static-website/aws"

  # This is the domain as defined in Route53
  domains-zone-root       = "cloudmaniac.net"

  # Domains used for CloudFront
  website-domain-main     = "cloudmaniac.net"
  website-domain-redirect = "www.cloudmaniac.net"
  website-additional-domains = ["noredir1.cloudmaniac.net","noredir2.cloudmaniac.net"]
}

Although AWS services are available in many locations, some of them require the us-east-1 (N. Virginia) region to be configured:

To use an ACM certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region. ACM certificates in this region associated with a CloudFront distribution are distributed to all the geographic locations configured for that distribution.

For that reason, the module includes an aliased provider definition to create supplemental resources in the us-east-1 region when required. Remaining resources from the module will inherit default (un-aliased) provider configurations from the parent.

Inputs

Name	Description	Type	Default	Required
domains-zone-root	Root zone under which the domain should be registered in Route 53	string	-	yes
website-domain-main	Domain for the website (e.g., `example.com`)	string	-	yes
website-domain-redirect	Alternate subdomain to redirect to the main website (e.g., `www.example.com`)	string	-	yes
support-spa	Determine if website is SPA (Single-Page Application) to direct 404 response to index.html	bool	`false`	no
website-additional-domains	Main website additional domains (e.g., `noredir.example.com`) that don't need redirection	list(string)	[]	no
cloudfront_lambda_function_arn	ARN of optional AWS Lambda Function that can be associated with the CloudFront distribution to provide custom behaviour	string	-	no
cloudfront_lambda_function_event_type	The type of event that triggers the above Lambda Function (documentation)	string	`origin-request`	no

Outputs

Name	Description
website_cdn_root_id	CloudFront Distribution ID

Author

Module written by @cloudmaniac.

Module Support: terraform-aws-static-website. Contributions and comments are welcomed.

Additional Resources

Blog post describing the thought process behind this: My Wordpress to Hugo Migration #2 - Hosting

Todo

Use versioning on S3 buckets instead of invalidation
Secure S3 buckets
Optional enhanced version with Lambda@Edge configuration and S3 endpoint (REST endpoint) used as the origin
Variable names cleaning
Add more outputs

terraform-aws-static-website's People

Contributors

Stargazers

Watchers

terraform-aws-static-website's Issues

Getting AccessDenied for redirect domain

Thanks for this! It creates all the resources without problem, including setup of certificates and CF distributions.

I found that after deploying some files to the root domain, resources from that domain are served without issue (in my case javadelight.org). However, when accessing the alternate domain name (in my case www.javadelight.org) I get an access denied error.

Tried a few things:

Added a bucket policy to www.javadelight.org-redirect
Added an index.html tp www.javadelight.org-redirect
Double checked the -redirect bucket is set up for website redirection

This lead to the index.html being available - but all requests to not existing pages didn't go to the configured 404 page.

Would you have any pointers here? Have I missed something with the setup? Thank you!

Versioning needs to be enabled on root bucket

Cloudfront needs to have s3 bucket versioning enabled so objects do not need to be invalided

versioning { enabled = true }

From the Cloudfront service:
Invalidating objects removes them from CloudFront edge caches. A faster and less expensive method is to use versioned object or directory names. For more information, see Invalidating Objects in the Amazon CloudFront Developer Guide.

Perhaps add an option to the module to enable versioning and set the cache TTL to give people options.

Error: no matching Route53Zone found

on .terraform/modules/aws_static_website/main.tf line 13, in data "aws_route53_zone" "main":
13: data "aws_route53_zone" "main" {

terraform 2.70.0 do nothing, follow the example usage, get this error

Feature request - discussion

Highly appreciative of this module!

This is not a bug, more like a question for those new to terraform.
I want to be able to have multiple subdomains provisioned just as the main domain.
Each will host its own SPA application.

The domain: fx.domain

The apps

main
app1
app2

Will this create the following buckets ?

app1.fx.domain
app2.fx.domain

With their log buckets, together with the main fx.domain bucket ?

provider "aws" {
  region                  = "us-east-1"
  shared_credentials_file = "~/.aws/credentials_fxdomain"
}

module "aws_static_website_main" {
  source = "cloudmaniac/static-website/aws"
  # This is the domain as defined in Route53
  domains-zone-root = "fx.domain"
  # Pretty URL support using 404 redirect to index.html
  support-spa = true
  # Domains used for CloudFront
  website-domain-main        = "fx.domain"
  website-domain-redirect    = "www.fx.domain"
  website-additional-domains = []
}

module "aws_static_website_app1" {
  source = "cloudmaniac/static-website/aws"
  domains-zone-root = "fx.domain"
  support-spa = true
  website-domain-main = "app1.fx.domain"
}

module "aws_static_website_app2" {
  source = "cloudmaniac/static-website/aws"
  domains-zone-root = "fx.domain"
  support-spa = true
  website-domain-main = "app2.fx.domain"
}

Also, do you have a recommended way to have domains and buckets for environments, such as production, staging, development ?

Sub domain + Sub sub domain pairs

This is so great, but for testing, I attempted to use example.mydomain.com and www.example.mydomain.com but it isn't able to look up the route 53 zone. Here's the line where it looks up the domain, and in my above case, I assume it tries to find a Route 53 zone of example.mydomain.com but one does not exist. It would only find it if it looked for mydomain.com https://github.com/cloudmaniac/terraform-aws-static-website/blob/master/main.tf#L14 When I hard code the value, it seems to fix the issue. Not sure how much coding is possible in terraform.