This module will create S3 bucket as storage for site and connect it with CloudFront for exposing it to public. It also creates TLS certificates for it.
provider "aws" {
alias = "us_east_1"
region = "us-east-1"
}
module "static-site" {
source = "cookielab/static-site/aws"
version = "~> 2.1"
providers = {
aws.us_east_1 = aws.us_east_1
}
domains = ["www.example.com"]
domain_zone_id = aws_route53_zone.example_com.zone_id
s3_bucket_name = "example_com_web"
}| Name | Version |
|---|---|
| terraform | >= 1.1, < 2.0 |
| aws | ~> 4.32 |
| Name | Version |
|---|---|
| aws | ~> 4.32 |
| Name | Source | Version |
|---|---|---|
| certificate | terraform-aws-modules/acm/aws | 4.3.1 |
| gitlab | ./modules/gitlab | n/a |
| s3_bucket | terraform-aws-modules/s3-bucket/aws | 3.6.0 |
| Name | Type |
|---|---|
| aws_cloudfront_distribution.this | resource |
| aws_cloudfront_origin_access_identity.this | resource |
| aws_iam_access_key.deploy | resource |
| aws_iam_user.deploy | resource |
| aws_iam_user_policy.deploy | resource |
| aws_route53_record.this | resource |
| aws_iam_policy_document.bucket_policy | data source |
| aws_iam_policy_document.deploy | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cloudfront_price_class | n/a | string |
"PriceClass_100" |
no |
| domain_zone_id | The ID of the hosted zone for domain | string |
n/a | yes |
| domains | List of domain aliases. You can also specify wildcard eg.: *.example.com |
list(string) |
n/a | yes |
| gitlab_environment | n/a | string |
"*" |
no |
| gitlab_project_id | n/a | string |
null |
no |
| logs_bucket | n/a | string |
null |
no |
| s3_bucket_name | n/a | string |
n/a | yes |
| tags | n/a | map(string) |
{} |
no |
| Name | Description |
|---|---|
| aws_access_key_id | n/a |
| aws_cloudfront_distribution_id | n/a |
| aws_s3_bucket_name | n/a |
| aws_secret_access_key | n/a |
| Name | Version |
|---|---|
| terraform | >= 1.5, < 2.0 |
| aws | ~> 5.27 |
| Name | Version |
|---|---|
| aws | ~> 5.27 |
| Name | Source | Version |
|---|---|---|
| certificate | terraform-aws-modules/acm/aws | 5.1.1 |
| gitlab | ./modules/gitlab | n/a |
| s3_bucket | terraform-aws-modules/s3-bucket/aws | 4.1.2 |
| Name | Type |
|---|---|
| aws_cloudfront_distribution.this | resource |
| aws_cloudfront_origin_access_control.this | resource |
| aws_cloudfront_origin_access_identity.this | resource |
| aws_cloudfront_response_headers_policy.this | resource |
| aws_iam_access_key.deploy | resource |
| aws_iam_user.deploy | resource |
| aws_iam_user_policy.deploy | resource |
| aws_kms_alias.this | resource |
| aws_kms_key.this | resource |
| aws_kms_key_policy.this | resource |
| aws_route53_record.extra | resource |
| aws_route53_record.this | resource |
| aws_caller_identity.current | data source |
| aws_cloudfront_cache_policy.managed_caching_disabled | data source |
| aws_cloudfront_origin_request_policy.managed_all_viewer_and_cloudfront_headers | data source |
| aws_iam_policy_document.deploy | data source |
| aws_iam_policy_document.kms_key_policy | data source |
| aws_iam_policy_document.s3_bucket_policy | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aws_env_vars_suffix | Append suffix for Gitlab CI/CD environment variables if needed | string |
"" |
no |
| cloudfront_price_class | CloudFront price class | string |
"PriceClass_100" |
no |
| default_ttl | Default amount of time that you want objects to stay in a CloudFront cache | number |
3600 |
no |
| domain_zone_id | The ID of the hosted zone for domain | string |
n/a | yes |
| domains | List of domain aliases. You can also specify wildcard eg.: *.example.com |
list(string) |
n/a | yes |
| enable_deploy_user | Toggle s3 deploy user creation | bool |
true |
no |
| encrypt_with_kms | Enable server side s3 bucket encryption with KMS key | bool |
false |
no |
| extra_domains | Map of extra_domains with domain name and zone_id | map(string) |
{} |
no |
| functions | n/a | object({ |
{} |
no |
| gitlab_environment | GitLab environment name | string |
"*" |
no |
| gitlab_project_id | Integrates with GitLab CI/CD to deploy site and invalidate CloudFront cache | string |
null |
no |
| kms_deletion_window_in_days | The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key | number |
30 |
no |
| kms_key_policy | Additional KSM key policy | string |
"{}" |
no |
| logs_bucket | Bucket to store CloudFront logs | string |
null |
no |
| logs_bucket_domain_name | n/a | string |
null |
no |
| max_ttl | Maximum amount of time that you want objects to stay in a CloudFront cache | number |
86400 |
no |
| min_ttl | Minimum amount of time that you want objects to stay in a CloudFront cache | number |
0 |
no |
| origin_path | Cloudfront origin path | string |
"" |
no |
| override_status_code_403 | Override status code for 403 error | number |
403 |
no |
| override_status_code_404 | Override status code for 404 error | number |
200 |
no |
| proxy_paths | n/a | list(object({ |
[] |
no |
| response_header_access_control_allow_credentials | n/a | bool |
false |
no |
| response_header_origin_override | n/a | bool |
false |
no |
| s3_bucket_name | n/a | string |
n/a | yes |
| s3_bucket_policy | Additional S3 bucket policy | string |
"{}" |
no |
| s3_cors_rule | List of maps containing rules for Cross-Origin Resource Sharing. | list(object({ |
[] |
no |
| tags | n/a | map(string) |
{} |
no |
| Name | Description |
|---|---|
| aws_access_key_id | n/a |
| aws_cloudfront_distribution_id | n/a |
| aws_s3_bucket_arn | n/a |
| aws_s3_bucket_name | n/a |
| aws_s3_bucket_regional_domain_name | n/a |
| aws_secret_access_key | n/a |
| s3_kms_key_arn | n/a |