This repo contains a Module for deploying a Content Delivery Network (CDN) on Amazon Web Services (AWS) using Terraform.
A content delivery network (CDN) is a system of distributed servers (network) that deliver pages and other Web content to a user, based on the geographic locations of the user, the origin of the webpage and the content delivery server.
This module can create your CDN in a manner compliant with best practices for frameworks such as GatsbyJS where HTML files are not cached, as per their recommendation. This is done with a pair of Lambda@Edge functions connected to the CloudFront distribution. Please note that at this time this functionality is only available in the AWS us-east-1 region.
This module can be used as follows
module "content-delivery-network" {
source = "ReidWeb/content-delivery-network/aws"
env = "dev"
domain_name = "mysite.dev.aws.example.com"
additional_domains = ["www.mysite.dev.aws.example.com", "blog.dev.aws.example.com"]
route53_zone_name = "dev.aws.example.com"
region = "eu-west-1"
shared_credentials_file = "/Users/yourUser/.aws/credentials"
profile = "dev-profile"
env = "Dev"
}Note that Lambda@Edge is currently only supported in us-east-1
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
env |
Deployment environment of application, will be included in resource names, and tags | string | - | yes |
profile |
Profile to use - required because we have to do some fiddling with the provider object to create certs in the right region. | string | - | yes |
shared_credentials_file |
Shared credentials file to use - required because we have to do some fiddling with the provider object to create certs in the right region. | string | - | yes |
region |
Shared credentials file to use - required because we have to do some fiddling with the provider object to create certs in the right region. | string | us-east-1 |
no |
domain_name |
Primary domain for this distribution. | string | "" |
no |
additional_domains |
Additional domains for this distribution. | list | [] |
no |
route53_zone_name |
The name of your Route 53 zone in which to create the records | string | "" |
no |
provision_lambdas |
Whether to provision the custom event Lambdas, or use a basic CloudFront distribution | string | "true" |
no |
Be sure to read the inputs documentation before use - as omission of certain parameters will lead to behaviour changing.
| Name | Description |
|---|---|
headers_lambda_qualified_arn |
Qualified ARN of headers Lambda |
paths_lambda_qualified_arn |
|
lambda_role_arn |
ARN of role assigned to Lambdas |
bucket_id |
ID for Origin S3 Bucket |
bucket_domain_name |
Domain name for Origin S3 Bucket |
certificate_id |
ID of certfificate provisioned in ACM |
certificate_arn |
ARN of certificate provisioned in ACM |
cloudfront_dist_id |
ID of CloudFront Distribution |
cloudfront_dist_zone_id |
Zone ID of CloudFront Distribution |
cloudfront_domain |
.cloudfront.net domain of Distribution |
cloudfront_origin_iam_arn |
CloudFront Origin Acess Identity |
A Module is a canonical, reusable, best-practices definition for how to run a single piece of infrastructure, such as a database or server cluster. Each Module is created using Terraform, and includes automated tests, examples, and documentation. It is maintained both by the open source community and companies that provide commercial support.
Instead of figuring out the details of how to run a piece of infrastructure from scratch, you can reuse existing code that has been proven in production. And instead of maintaining all that infrastructure code yourself, you can leverage the work of the Module community to pick up infrastructure improvements through a version number bump.
- lambda-iam-role: This module creates the necessary IAM roles and policies for the Lambda functions to log to CloudWatch and to be invoked as part of the CloudFront distribution's event sequence using Lambda@Edge.
- lambdas: This module provisions the Lambda functions for handling events from CloudFront via Lambda@Edge.
- certificate: This module provisions a certificate for the domains specified by the user using Amazon Certificate Manager (ACM).
- bucket: This module provisions the Amazon S3 Bucket that will be used as the 'origin' for the CDN, along with the necessary policy that permits the CloudFront distribution to serve objects from it.
- cloudfront-distribution: This module creates the Amazon CloudFront 'distribution' from which your resources will be accessed, using the user specified domains when provided.
- bucket-iam-policy: This module creates the IAM policy that allows the CloudFront Origin to access the S3 bucket.
- route53-records: This module creates the Amazon Route 53 alias records for the domains specified targeting the CloudFront distribution.
Contributions are very welcome! Check out the Contribution Guidelines for instructions.
This Module follows the principles of Semantic Versioning. You can find each new release, along with the changelog, in the Releases Page.
During initial development, the major version will be 0 (e.g., 0.x.y), which indicates the code does not yet have a
stable API. Once we hit 1.0.0, we will make every effort to maintain a backwards compatible API and use the MAJOR,
MINOR, and PATCH versions on each release to indicate any incompatibilities.
All other trademarks referenced herein are the property of their respective owners.
This code is released under the MIT License. Please see LICENSE for more.
Copyright © 2018 Peter Reid