Terraform module to provision a S3 Bucket and CloudFront distribution to serve a static website.
This module creates:
- a S3 bucket
- a CloudFront distribution
- an ACM certificate
- a route53 record for the website
This module is available on terraform registry.
The Route53 zone must already exists.
This module needs 3 providers:
- aws - default provider for resources
- aws.route53 - Where the route53 zone already exists
- aws.us-east-1 same account as
aws, for acm certificate
This handle the use case where multiple aws accounts are used but it can be the same provider.
provider "aws" {
region = "eu-west-1"
}
provider "aws" {
alias = "us-east-1"
region = "us-east-1"
}
resource "aws_route53_zone" "my_website_com" {
name = "my-website.com"
}
module "static-website" {
source = "neovops/static-website/aws"
website_host = "example.my-website.com"
dns_zone = aws_route53_zone.my_website_com.name
providers = {
aws = aws
aws.route53 = aws
aws.us-east-1 = aws.us-east-1
}
}module "static-website" {
source = "neovops/static-website/aws"
website_host = "example.my-website.com"
dns_zone = "my-website.com"
redirect_404 = true
providers = {
aws = aws
aws.route53 = aws
aws.us-east-1 = aws.us-east-1
}
}module "static-website" {
source = "neovops/static-website/aws"
website_host = "example.my-website.com"
dns_zone = "my-website.com"
redirect_404 = true
enable_basic_auth = true
providers = {
aws = aws
aws.route53 = aws
aws.us-east-1 = aws.us-east-1
}
}It creates a lambda function that add basic authentication. The
username / password is stored in AWS Secret Manager in the us-east-1
region. The name of this secret is "basic-auth/${var.website_host}". The
initial password is generated randomly but can be changed directly in AWS
Secret Manager.
| Name | Version |
|---|---|
| terraform | >= 1.1.0 |
| aws | ~> 5.15 |
| Name | Version |
|---|---|
| archive | n/a |
| aws | ~> 5.15 |
| aws.route53 | ~> 5.15 |
| aws.us-east-1 | ~> 5.15 |
| random | n/a |
No modules.
| Name | Type |
|---|---|
| aws_acm_certificate.cert | resource |
| aws_acm_certificate_validation.cert | resource |
| aws_cloudfront_distribution.distribution | resource |
| aws_cloudfront_origin_access_identity.oai | resource |
| aws_iam_role.basic_auth | resource |
| aws_iam_role_policy.basic_auth | resource |
| aws_lambda_function.basic_auth | resource |
| aws_route53_record.cert_validation | resource |
| aws_route53_record.main | resource |
| aws_s3_bucket.website | resource |
| aws_s3_bucket_acl.example | resource |
| aws_s3_bucket_ownership_controls.website | resource |
| aws_s3_bucket_policy.website | resource |
| aws_s3_bucket_public_access_block.website | resource |
| aws_secretsmanager_secret.basic_auth | resource |
| aws_secretsmanager_secret_version.basic_auth | resource |
| random_password.initial_password | resource |
| random_password.sign_secret | resource |
| archive_file.basic_auth | data source |
| aws_iam_policy_document.basic_auth | data source |
| aws_iam_policy_document.s3_policy | data source |
| aws_route53_zone.zone | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| basic_auth_initial_username | Initial username for basic authentication | string |
"admin" |
no |
| default_root_object | Default object for root URL | string |
"index.html" |
no |
| dns_zone | DNS Zone | string |
n/a | yes |
| enable_basic_auth | Enable basic authentication | bool |
false |
no |
| redirect_404 | Redirect all 404 requests to redirect_404_object. Usefull for SPA applications |
bool |
false |
no |
| redirect_404_object | Object for 404 redirect. Not used if redirect_404 is false |
string |
"/index.html" |
no |
| website_host | Website Host | string |
n/a | yes |
| Name | Description |
|---|---|
| basic_auth_secret_arn | n/a |
| basic_auth_secret_name | n/a |
| cloudfront_distribution_arn | n/a |
| cloudfront_distribution_id | n/a |
| s3_bucket_arn | n/a |
| s3_bucket_name | n/a |