terraform-aws-cloudfront-s3
This Terraform module is to provision a private S3 bucket, and use it as a static website, and sit that behind a Cloudfront distribution.
Usage
Creates a static site with cloudfront distribution in front, add a file module.cloudfront.tf to your template:
module "cloudfront" {
source = "JamesWoolfenden/cloudfront-s3/aws"
version = "0.3.1"
common_tags = var.common_tags
bucket_name = var.bucket_name
}The default ttl values have been set very low, you will override these (but os so helpful for development), for a more effective cache.
Providers
| Name | Version |
|---|---|
| aws | n/a |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_log_bucket | Name of your access logging bucket | string |
"logging" |
no |
| acm_certificate_arn | The ARN of the certificate to be used | string |
"" |
no |
| bucket_acl | n/a | string |
"Private" |
no |
| bucket_name | name of the bucket | string |
n/a | yes |
| cloudfront_default_certificate | use default SSL certificate | bool |
true |
no |
| common_tags | Implements the common tags scheme | map |
n/a | yes |
| default_ttl | default ttl values | number |
90 |
no |
| force_destroy | n/a | bool |
true |
no |
| locations | Locations for the Distribution | list |
[ |
no |
| max_ttl | max ttl values | number |
300 |
no |
| min_ttl | min ttl values | number |
30 |
no |
| price_class | n/a | string |
"PriceClass_100" |
no |
| ttl | n/a | string |
"300" |
no |
| versioning | Switch to control versioning | bool |
true |
no |
| web_acl_id | If a WAF is being used - the Id of the AWS WAF web ACL that is associated with the distribution | string |
"" |
no |
Outputs
| Name | Description |
|---|---|
| bucket | n/a |
| distribution | n/a |
| identity | n/a |
| logging | n/a |
Checkov Exclusion
I have added:
#checkov:skip=CKV_AWS_52: "Ensure S3 bucket has MFA delete enabled"
#checkov:skip=CKV_AWS_19: "Ensure all data stored in the S3 bucket is securely encrypted at rest"
As we will want to deploy to this bucket and it needs to be readable to the world if it's a website. There are also some exceptions on the logging bucket, e.g. logging of the logging bucket.
Related Projects
Check out these related projects.
- terraform-aws-s3 - S3 buckets
Help
Got a question?
File a GitHub issue.
Contributing
Bug Reports & Feature Requests
Please use the issue tracker to report any bugs or file feature requests.
Copyrights
Copyright © 2019-2020 Slalom, LLC
License
See LICENSE for full details.
Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
