This module will create S3 bucket as storage for site and connect it with CloudFront for exposing it to public. It also creates TLS certificates for it.
provider "aws" {
alias = "us_east_1"
region = "us-east-1"
}
module "static-site" {
source = "cookielab/static-site/aws"
version = "~> 2.1"
providers = {
aws.us_east_1 = aws.us_east_1
}
domains = ["www.example.com"]
domain_zone_id = aws_route53_zone.example_com.zone_id
s3_bucket_name = "example_com_web"
}
Name | Version |
---|---|
terraform | >= 1.1, < 2.0 |
aws | ~> 4.32 |
Name | Version |
---|---|
aws | ~> 4.32 |
Name | Source | Version |
---|---|---|
certificate | terraform-aws-modules/acm/aws | 4.3.1 |
gitlab | ./modules/gitlab | n/a |
s3_bucket | terraform-aws-modules/s3-bucket/aws | 3.6.0 |
Name | Type |
---|---|
aws_cloudfront_distribution.this | resource |
aws_cloudfront_origin_access_identity.this | resource |
aws_iam_access_key.deploy | resource |
aws_iam_user.deploy | resource |
aws_iam_user_policy.deploy | resource |
aws_route53_record.this | resource |
aws_iam_policy_document.bucket_policy | data source |
aws_iam_policy_document.deploy | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
cloudfront_price_class | n/a | string |
"PriceClass_100" |
no |
domain_zone_id | The ID of the hosted zone for domain | string |
n/a | yes |
domains | List of domain aliases. You can also specify wildcard eg.: *.example.com |
list(string) |
n/a | yes |
gitlab_environment | n/a | string |
"*" |
no |
gitlab_project_id | n/a | string |
null |
no |
logs_bucket | n/a | string |
null |
no |
s3_bucket_name | n/a | string |
n/a | yes |
tags | n/a | map(string) |
{} |
no |
Name | Description |
---|---|
aws_access_key_id | n/a |
aws_cloudfront_distribution_id | n/a |
aws_s3_bucket_name | n/a |
aws_secret_access_key | n/a |
Name | Version |
---|---|
terraform | >= 1.5, < 2.0 |
aws | ~> 5.27 |
Name | Version |
---|---|
aws | 5.61.0 |
Name | Source | Version |
---|---|---|
certificate | terraform-aws-modules/acm/aws | 5.1.1 |
gitlab | ./modules/gitlab | n/a |
s3_bucket | terraform-aws-modules/s3-bucket/aws | 4.2.2 |
Name | Type |
---|---|
aws_cloudfront_distribution.this | resource |
aws_cloudfront_origin_access_control.this | resource |
aws_cloudfront_origin_access_identity.this | resource |
aws_cloudfront_response_headers_policy.this | resource |
aws_iam_access_key.deploy | resource |
aws_iam_user.deploy | resource |
aws_iam_user_policy.deploy | resource |
aws_kms_alias.this | resource |
aws_kms_key.this | resource |
aws_kms_key_policy.this | resource |
aws_route53_record.extra | resource |
aws_route53_record.this | resource |
aws_caller_identity.current | data source |
aws_cloudfront_cache_policy.managed_caching_disabled | data source |
aws_cloudfront_origin_request_policy.managed_all_viewer_and_cloudfront_headers | data source |
aws_iam_policy_document.deploy | data source |
aws_iam_policy_document.kms_key_policy | data source |
aws_iam_policy_document.s3_bucket_policy | data source |
aws_region.current | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
aws_env_vars_suffix | Append suffix for Gitlab CI/CD environment variables if needed | string |
"" |
no |
cloudfront_price_class | CloudFront price class | string |
"PriceClass_100" |
no |
default_ttl | Default amount of time that you want objects to stay in a CloudFront cache | number |
3600 |
no |
domain_zone_id | The ID of the hosted zone for domain | string |
n/a | yes |
domains | List of domain aliases. You can also specify wildcard eg.: *.example.com |
list(string) |
n/a | yes |
enable_deploy_user | Toggle s3 deploy user creation | bool |
true |
no |
encrypt_with_kms | Enable server side s3 bucket encryption with KMS key | bool |
false |
no |
extra_domains | Map of extra_domains with domain name and zone_id | map(string) |
{} |
no |
functions | n/a | object({ |
{} |
no |
gitlab_environment | GitLab environment name | string |
"*" |
no |
gitlab_project_id | Deprecated: Use gitlab_project_ids instead | string |
"" |
no |
gitlab_project_ids | Integrates with GitLab CI/CD to deploy site and invalidate CloudFront cache | list(string) |
[] |
no |
kms_deletion_window_in_days | The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key | number |
30 |
no |
kms_key_policy | Additional KSM key policy | string |
"{}" |
no |
logs_bucket | Bucket to store CloudFront logs | string |
null |
no |
logs_bucket_domain_name | n/a | string |
null |
no |
max_ttl | Maximum amount of time that you want objects to stay in a CloudFront cache | number |
86400 |
no |
min_ttl | Minimum amount of time that you want objects to stay in a CloudFront cache | number |
0 |
no |
origin_path | Cloudfront origin path | string |
"" |
no |
override_status_code_403 | Override status code for 403 error | number |
403 |
no |
override_status_code_404 | Override status code for 404 error | number |
200 |
no |
proxy_paths | n/a | list(object({ |
[] |
no |
response_header_access_control_allow_credentials | n/a | bool |
false |
no |
response_header_origin_override | n/a | bool |
false |
no |
s3_bucket_name | n/a | string |
n/a | yes |
s3_bucket_policy | Additional S3 bucket policy | string |
"{}" |
no |
s3_cors_rule | List of maps containing rules for Cross-Origin Resource Sharing. | list(object({ |
[] |
no |
tags | n/a | map(string) |
{} |
no |
Name | Description |
---|---|
aws_access_key_id | n/a |
aws_cloudfront_distribution_id | n/a |
aws_s3_bucket_arn | n/a |
aws_s3_bucket_name | n/a |
aws_s3_bucket_regional_domain_name | n/a |
aws_secret_access_key | n/a |
s3_kms_key_arn | n/a |