Skip to content

SPHTech-Platform/terraform-aws-s3-cloudfront-static-site

BranchesTags

Repository files navigation

Terraform Modules Template

Requirements

Name Version
terraform >= 1.9
aws >= 5.0.0

Providers

Name Version
aws >= 5.0.0

Modules

Name Source Version
acm terraform-aws-modules/acm/aws ~> 4.3.0
cdn terraform-aws-modules/cloudfront/aws ~> 3.2.1
s3 terraform-aws-modules/s3-bucket/aws ~> 4.1

Resources

Name Type
aws_cloudfront_function.viewer_request resource
aws_route53_record.acm resource
aws_route53_record.domain resource
aws_s3_bucket_policy.docs resource
aws_cloudfront_cache_policy.this data source
aws_cloudfront_origin_request_policy.this data source
aws_cloudfront_response_headers_policy.this data source
aws_iam_policy_document.s3_policy data source
aws_iam_policy_document.s3_policy_merge data source
aws_region.current data source

Inputs

Name Description Type Default Required
acl Private or Public ACL string null no
acm_key_algorithm ACM certificate algorithm string "EC_prime256v1" no
additional_aliases cloudfront additional aliases list(string) [] no
attach_policy Controls if S3 bucket should have bucket policy attached (set to true to use value of policy as bucket policy) bool true no
block_public_acls Whether Amazon S3 should block public ACLs for this bucket. bool true no
block_public_policy Whether Amazon S3 should block public bucket policies for this bucket. bool true no
bucket_name bucket name string "" no
certificate_settings CloudFront certificate settings any 
{
  "minimum_protocol_version": "TLSv1.2_2021",
  "ssl_support_method": "sni-only"
}
 no
cloudfront_logging_config The logging configuration that controls how logs are written to your distribution map(string) {} no
cors_rule List of maps containing rules for Cross-Origin Resource Sharing for S3 bucket. any 
{
  "cors_rule": {
    "allowed_headers": [
      ""
    ],
    "allowed_methods": [
      "PUT",
      "POST",
      "GET",
      "DELETE"
    ],
    "allowed_origins": [
      ""
    ],
    "expose_headers": [
      "ETag"
    ],
    "max_age_seconds": 3000
  }
}
 no
create_associate_function If the CloudFront function should be associated with the default cache behavior. bool false no
create_bucket Whether to create S3 bucket, default to true bool true no
create_certificate Create ACM certificate bool true no
create_distribution Whether to create distribution bool true no
create_origin_access_control Controls if CloudFront origin access control should be created bool true no
create_origin_access_identity Whether Amazon S3 should restrict public bucket policies for this bucket. bool false no
custom_error_response Custom error response settings, if any list(any) 
[
  {
    "error_code": 404,
    "response_code": 404,
    "response_page_path": "/errors/404.html"
  },
  {
    "error_code": 403,
    "response_code": 403,
    "response_page_path": "/errors/403.html"
  }
]
 no
default_cache_behavior The default cache behavior for this distribution any {} no
default_index_function_name Name of the CloudFront Function to create for index page redirection string "default_viewer_request" no
default_root_object Default root object string "index.html" no
domains Domains or FQDNs to update DNS records and create ACM certificates 
map(object({ # Key is arbitrary and not used
    dns_zone_id         = optional(string)
    domain              = string
    create_alias_record = optional(bool, true)
    include_in_acm      = optional(bool, false)
    create_acm_record   = optional(bool, true)
  }))
 {} no
existing_acm_certificate_arn Existing ACM certificate string "" no
geo_restriction Geo-restriction settings, if any any {} no
http_version The maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3, and http3. The default is http3. string "http3" no
ignore_public_acls Whether Amazon S3 should ignore public ACLs for this bucket. bool true no
lifecycle_rule List of maps containing configuration of object lifecycle management. any [] no
logging Map containing access bucket logging configuration. map(string) {} no
ordered_cache_behavior An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0. any [] no
origin One or more origins for this distribution (multiples allowed). any {} no
origin_access_control Map of CloudFront origin access control 
map(object({
    description      = string
    origin_type      = string
    signing_behavior = string
    signing_protocol = string
  }))
 
{
  "s3": {
    "description": "Cloudfront origin access control",
    "origin_type": "s3",
    "signing_behavior": "always",
    "signing_protocol": "sigv4"
  }
}
 no
origin_access_identities Map of CloudFront origin access identities (value as a comment) map(string) {} no
origin_path Origin path to a specific directory in s3 string "" no
override_default_index_function_code Function code to override default index viewer request function. Useful when you need to add more functianlity in the viewer request function. string "" no
policy A valid bucket policy JSON document (Optional) string "" no
prefix If required to add prefix to the domain in cloudfront alternate domain names string "" no
price_class The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100 string "PriceClass_All" no
restrict_public_buckets Whether Amazon S3 should restrict public bucket policies for this bucket. bool true no
s3_origin_access_control_key Key in origin_access_control to use for S3 origin access control string "s3" no
server_side_encryption_configuration Map containing server-side encryption configuration. any {} no
tags Tags to be associated with the cloudfront distribution map(string) {} no
versioning Map containing versioning configuration. map(string) 
{
  "enabled": true
}
 no
wait_for_deployment Whether Amazon S3 should restrict public bucket policies for this bucket. bool false no
web_acl_id A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. string "" no
website Map containing static web-site hosting or redirect configuration. any 
{
  "error_document": "error.html",
  "index_document": "index.html"
}
 no

Outputs

Name Description
add_to_dns_for_acm_validation DNS records to add for ACM validation
cloudfront_distribution_arn The ARN (Amazon Resource Name) for the distribution.
cloudfront_distribution_domain_name The domain name corresponding to the distribution.
cloudfront_distribution_hosted_zone_id Route53 Zone ID for the Cloudfront Distribution
cloudfront_distribution_id The Arn of the cloudfront distribution
cloudfront_origin_access_identity_iam_arns The IAM arns of the origin access identities created
s3_bucket_arn The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
s3_bucket_bucket_domain_name The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
s3_bucket_bucket_regional_domain_name The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.
s3_bucket_id The name of the bucket.

About

Terraform module to setup static website using aws resources

registry.terraform.io/modules/SPHTech-Platform/s3-cloudfront-static-site/aws/latest

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases 26

v0.3.3 Latest
May 8, 2024
+ 25 releases

Packages

No packages published

Contributors 7

Languages