· 7 years ago · Mar 16, 2018, 07:46 PM
1variable "name" { default = "us-west-2-cloudfront-resource-demo" }
2variable "region" { default = "us-west-2" }
3variable "access_key" { }
4variable "secret_key" { }
5
6variable "acl" { default = "public-read" }
7variable "policy_file" { default = "policy.json.tpl" }
8variable "index" { default = "index.html" }
9
10provider "aws" {
11 region = "${var.region}"
12 access_key = "${var.access_key}"
13 secret_key = "${var.secret_key}"
14}
15
16resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
17 comment = "${var.name}"
18}
19
20resource "template_file" "s3_policy" {
21 template = "${file(concat(path.module, "/", var.policy_file))}"
22
23 vars {
24 bucket_name = "${var.name}"
25 origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.id}"
26 }
27}
28
29resource "aws_s3_bucket" "s3" {
30 bucket = "${var.name}"
31 acl = "${var.acl}"
32 force_destroy = true
33 policy = "${template_file.s3_policy.rendered}"
34
35 website {
36 index_document = "${var.index}"
37 }
38}
39
40resource "aws_s3_bucket_object" "s3" {
41 bucket = "${aws_s3_bucket.s3.bucket}"
42 key = "${var.index}"
43 source = "${concat(path.module, "/", var.index)}"
44 content_type = "text/html"
45}
46
47resource "aws_cloudfront_distribution" "cf" {
48 enabled = true
49 comment = "${var.name}"
50 default_root_object = "${var.index}"
51 price_class = "PriceClass_200"
52 retain_on_delete = true
53
54 origin {
55 domain_name = "${concat(aws_s3_bucket.s3.id, ".s3.amazonaws.com")}"
56 origin_id = "${var.name}"
57
58 s3_origin_config {
59 origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
60 }
61 }
62
63 default_cache_behavior {
64 allowed_methods = ["GET", "HEAD"]
65 cached_methods = ["GET", "HEAD"]
66 target_origin_id = "${aws_s3_bucket.s3.id}"
67
68 forwarded_values {
69 query_string = false
70
71 cookies {
72 forward = "none"
73 }
74 }
75
76 viewer_protocol_policy = "allow-all"
77 min_ttl = 0
78 default_ttl = 3600
79 max_ttl = 86400
80 }
81
82 restrictions {
83 geo_restriction {
84 restriction_type = "whitelist"
85 locations = ["US", "CA", "GB", "DE", "JP"]
86 }
87 }
88
89 viewer_certificate {
90 cloudfront_default_certificate = true
91 }
92}
93
94output "s3_website_endpoint" { value = "${aws_s3_bucket.s3.website_endpoint}" }
95output "cloudfront_domain_name" { value = "${aws_cloudfront_distribution.cf.domain_name}" }