-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2 from Flaconi/plt-699
PLT-699 - Init module
- Loading branch information
Showing
9 changed files
with
305 additions
and
17 deletions.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
* @Flaconi/devops | ||
* @Flaconi/devops @Flaconi/platform |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,165 @@ | ||
resource "aws_cloudfront_function" "rewrite_sub_folder_index" { | ||
name = "${var.app_name}-rewrite-sub-folder-index" | ||
runtime = "cloudfront-js-1.0" | ||
comment = "Rewrites each request to the subfolder index.html" | ||
publish = true | ||
code = templatefile("rewrite_subfolder.js.tftpl", | ||
{ | ||
applications = jsonencode(keys(var.applications)) | ||
} | ||
) | ||
} | ||
|
||
module "ssm" { | ||
source = "github.com/Flaconi/terraform-aws-ssm-store?ref=v1.1.0" | ||
|
||
for_each = var.applications | ||
|
||
tags = merge(each.value.tags, { Project = each.key }) | ||
|
||
kms_alias = "alias/aws/ssm" | ||
|
||
name_prefix = "${var.ssm_name_prefix}/${each.key}/" | ||
parameters = concat([ | ||
{ | ||
name = "cloudfront_domain_name" | ||
value = module.cdn.cloudfront_distribution_domain_name | ||
}, | ||
{ | ||
name = "bucket_name" | ||
value = module.s3.s3_bucket_id | ||
}, | ||
{ | ||
name = "application_id" | ||
value = each.value.application_id | ||
}, | ||
], each.value.additional_ssm_parameters) | ||
|
||
} | ||
|
||
module "cdn" { | ||
|
||
create_distribution = length(var.applications) > 0 | ||
source = "github.com/terraform-aws-modules/terraform-aws-cloudfront?ref=v3.2.1" | ||
enabled = true | ||
is_ipv6_enabled = true | ||
default_root_object = "index.html" | ||
price_class = "PriceClass_100" | ||
|
||
tags = var.tags | ||
|
||
create_origin_access_control = true | ||
origin_access_control = { | ||
"${var.app_name}-origin-access-control" = { | ||
description = "Origin access control for s3 bucket ${module.s3.s3_bucket_id}" | ||
origin_type = "s3" | ||
signing_behavior = "always" | ||
signing_protocol = "sigv4" | ||
} | ||
} | ||
|
||
origin = { | ||
ctCustomerAppBucket = { | ||
domain_name = module.s3.s3_bucket_bucket_regional_domain_name | ||
origin_access_control = "${var.app_name}-origin-access-control" | ||
} | ||
} | ||
|
||
logging_config = { | ||
bucket = var.cdn_logging_bucket_name | ||
prefix = var.app_name | ||
} | ||
|
||
geo_restriction = { | ||
restriction_type = "none" | ||
locations = [] | ||
} | ||
ordered_cache_behavior = [] | ||
|
||
default_cache_behavior = { | ||
allowed_methods = ["GET", "HEAD", "OPTIONS"] | ||
cached_methods = ["GET", "HEAD"] | ||
compress = true | ||
query_string = true | ||
target_origin_id = "ctCustomerAppBucket" | ||
query_string_cache_keys = [] | ||
cookies_forward = "none" | ||
headers = [ | ||
"Access-Control-Request-Headers", | ||
"Access-Control-Request-Method", | ||
"Origin" | ||
] | ||
viewer_protocol_policy = "redirect-to-https" | ||
min_ttl = 0 | ||
default_ttl = 3600 | ||
max_ttl = 86400 | ||
|
||
function_association = { | ||
viewer-request = { | ||
function_arn = aws_cloudfront_function.rewrite_sub_folder_index.arn | ||
} | ||
} | ||
} | ||
|
||
custom_error_response = [ | ||
{ | ||
error_caching_min_ttl = 300 | ||
error_code = 404 | ||
response_code = 200 | ||
response_page_path = "/index.html" | ||
}, | ||
{ | ||
error_caching_min_ttl = 300 | ||
error_code = 403 | ||
response_code = 200 | ||
response_page_path = "/index.html" | ||
}] | ||
|
||
viewer_certificate = { | ||
cloudfront_default_certificate = true | ||
minimum_protocol_version = "TLSv1" | ||
} | ||
} | ||
|
||
module "s3" { | ||
source = "github.com/terraform-aws-modules/terraform-aws-s3-bucket?ref=v3.15.1" | ||
|
||
create_bucket = length(var.applications) > 0 | ||
bucket = var.bucket_name | ||
tags = var.tags | ||
|
||
acl = "private" | ||
attach_public_policy = false | ||
|
||
control_object_ownership = true | ||
object_ownership = "ObjectWriter" | ||
} | ||
|
||
resource "aws_s3_bucket_policy" "cloudfront" { | ||
bucket = module.s3.s3_bucket_id | ||
policy = data.aws_iam_policy_document.cloudfront.json | ||
} | ||
|
||
data "aws_iam_policy_document" "cloudfront" { | ||
statement { | ||
sid = "AllowCloudFrontServicePrincipalReadOnly" | ||
principals { | ||
type = "Service" | ||
identifiers = ["cloudfront.amazonaws.com"] | ||
} | ||
|
||
actions = [ | ||
"s3:GetObject", | ||
] | ||
|
||
resources = [ | ||
"${module.s3.s3_bucket_arn}/*", | ||
] | ||
|
||
condition { | ||
test = "StringEquals" | ||
values = ["arn:aws:cloudfront::${var.aws_account_id}:distribution/${module.cdn.cloudfront_distribution_id}"] | ||
variable = "AWS:SourceArn" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
output "s3_bucket_arn" { | ||
description = "The ARN of the bucket. Will be of format arn:aws:s3:::bucketname." | ||
value = module.s3.s3_bucket_arn | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
function handler(event) { | ||
var request = event.request; | ||
var uri = request.uri; | ||
var app = ${applications}.find(app => uri.includes(`/$${app}/flaconi-`)); | ||
|
||
if (app !== undefined) { | ||
request.uri = `/$${app}/index.html`; | ||
} | ||
|
||
return request; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
variable "app_name" { | ||
description = "application name" | ||
type = string | ||
} | ||
|
||
variable "bucket_name" { | ||
description = "name of the bucket to used to upload the custom application" | ||
type = string | ||
} | ||
|
||
variable "cdn_logging_bucket_name" { | ||
description = "bucket where the cloudfront logs will be send to" | ||
type = string | ||
} | ||
|
||
variable "ssm_name_prefix" { | ||
description = "prefix for the ssm path for each custom application" | ||
type = string | ||
} | ||
|
||
variable "tags" { | ||
description = "Map of custom tags for the provisioned resources" | ||
type = map(string) | ||
default = {} | ||
} | ||
|
||
variable "aws_account_id" { | ||
description = "aws account id used to build access policy for the cdn to s3" | ||
type = string | ||
} | ||
|
||
variable "applications" { | ||
description = "map of custom applications to be setup" | ||
type = map(object({ | ||
tags = optional(map(string), {}) | ||
application_id = string | ||
additional_ssm_parameters = optional(list(object({ | ||
name = string | ||
type = optional(string, "SecureString") # String, StringList or SecureString | ||
value = string | ||
})), []) | ||
})) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,9 @@ | ||
terraform { | ||
required_version = "~> 1.3" | ||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
version = ">= 5" | ||
} | ||
} | ||
} |