/terraform-aws-s3-review-apps

Terraform module designed to generate a AWS S3 based review-app setup

Primary LanguageHCLMIT LicenseMIT

Terraform CircleCI Maintainability Test Coverage

Terraform - AWS S3 Review Apps

Terraform module designed to generate a AWS S3 based review-app setup used to preview for example SPA builds on their own subdomains, e.g. {pr-or-branch-name}.example.com. It's consisting of a object storage (S3) to store the various frontend builds with optional lifecycle policies, a CDN (CloudFront), two Lambda functions and some general DNS configuration (Route53). The resources are all serverless, i.e. you will only be billed for usage. This includes code-storage and request handling.

Architecture Diagram

Usage

module "s3-review-apps" {
  source           = "nagelflorian/s3-review-apps/aws"
  version          = "1.4.1"
  domain_name      = "review.example.com"
  name             = "my_review_app"
  route_53_zone_id = "MY_ROUTE_53_ZONE_ID"
}

Requirements

Name Version
terraform >= 1.1
archive ~> 2.2
aws ~> 5.0
local ~> 2.2.2
null ~> 3.1.1

Providers

Name Version
archive 2.4.0
aws 5.26.0
aws.virginia 5.26.0

Modules

Name Source Version
label git::https://github.com/cloudposse/terraform-null-label.git tags/0.25.0

Resources

Name Type
aws_acm_certificate.cert resource
aws_acm_certificate_validation.cert resource
aws_cloudfront_distribution.s3_distribution resource
aws_cloudfront_origin_access_identity.origin_access_identity resource
aws_iam_role.iam_for_lambda resource
aws_iam_role_policy_attachment.edge_execution resource
aws_lambda_function.lambda_origin_request resource
aws_lambda_function.lambda_viewer_request resource
aws_route53_record.a_record resource
aws_route53_record.c_record resource
aws_route53_record.cert_validation resource
aws_s3_bucket.default resource
aws_s3_bucket_acl.default resource
aws_s3_bucket_lifecycle_configuration.default resource
aws_s3_bucket_ownership_controls.default resource
aws_s3_bucket_policy.default resource
aws_s3_bucket_public_access_block.block_public_access resource
aws_s3_bucket_server_side_encryption_configuration.default resource
aws_s3_bucket_versioning.default resource
archive_file.lambda_origin_request_zip_file data source
archive_file.lambda_viewer_request_zip_file data source
aws_iam_policy.edge_execution data source

Inputs

Name Description Type Default Required
attributes Additional attributes (e.g. 1) list(string) [] no
cloudfront_price_class AWS CloudFront Price Class string "PriceClass_100" no
delimiter Delimiter to be used between namespace, environment, stage, name and attributes string "-" no
domain_name The domain used for review app deployments. string n/a yes
enabled Set to false to prevent the module from creating any resources bool true no
environment Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' string "" no
expiration_days Specifies when objects expire number 90 no
force_destroy A boolean string that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable bool false no
kms_master_key_arn The AWS KMS master key ARN used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms string "" no
lifecycle_rule_enabled Enable or disable lifecycle rule string "Disabled" no
name Solution name, e.g. 'app' or 'jenkins' string "review-apps" no
namespace Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' string "" no
noncurrent_version_expiration_days Number of days to persist in the standard storage tier before moving to the infrequent access tier number 30 no
policy A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy string "" no
region If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee string "us-east-1" no
route_53_zone_id AWS Route 53 Zone Id used by string n/a yes
sse_algorithm The server-side encryption algorithm to use. Valid values are AES256 and aws:kms string "AES256" no
stage Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' string "" no
tags Additional tags (e.g. map('BusinessUnit','XYZ') map(string) {} no
versioning_enabled A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket string "Enabled" no

Outputs

Name Description
aws_s3_bucket_arn AWS S3 Bucket ARN
aws_s3_bucket_name AWS S3 Bucket Name

Tests

You can run automated end-to-end tests using the following command, notice this will deploy actual resources in your AWS account which might result in charges for you:

DOMAIN_NAME="foo" ROUTE_53_ROUTE_ID="bar" go test -v -count=1 -mod=vendor -timeout=1800s ./...

License

This code is released under the MIT License. See LICENSE for full details.