141 lines
2.7 KiB
HCL
141 lines
2.7 KiB
HCL
locals {
|
|
common_tags = {
|
|
Project = var.project_name
|
|
Environment = var.environment
|
|
ManagedBy = "terraform"
|
|
Domain = var.site_domain
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket" "site" {
|
|
bucket = var.site_domain
|
|
|
|
tags = local.common_tags
|
|
}
|
|
|
|
resource "aws_s3_bucket_public_access_block" "site" {
|
|
bucket = aws_s3_bucket.site.id
|
|
|
|
block_public_acls = false
|
|
block_public_policy = false
|
|
ignore_public_acls = false
|
|
restrict_public_buckets = false
|
|
}
|
|
|
|
resource "aws_s3_bucket_website_configuration" "site" {
|
|
bucket = aws_s3_bucket.site.id
|
|
|
|
index_document {
|
|
suffix = "index.html"
|
|
}
|
|
|
|
error_document {
|
|
key = "error.html"
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_ownership_controls" "site" {
|
|
bucket = aws_s3_bucket.site.id
|
|
|
|
rule {
|
|
object_ownership = "BucketOwnerPreferred"
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_acl" "site" {
|
|
bucket = aws_s3_bucket.site.id
|
|
|
|
acl = "public-read"
|
|
depends_on = [
|
|
aws_s3_bucket_ownership_controls.site,
|
|
aws_s3_bucket_public_access_block.site
|
|
]
|
|
}
|
|
|
|
resource "aws_s3_bucket_policy" "site" {
|
|
bucket = aws_s3_bucket.site.id
|
|
|
|
policy = jsonencode({
|
|
Version = "2012-10-17"
|
|
Statement = [
|
|
{
|
|
Sid = "PublicReadGetObject"
|
|
Effect = "Allow"
|
|
Principal = "*"
|
|
Action = "s3:GetObject"
|
|
Resource = "${aws_s3_bucket.site.arn}/*"
|
|
},
|
|
]
|
|
})
|
|
|
|
depends_on = [
|
|
aws_s3_bucket_public_access_block.site
|
|
]
|
|
}
|
|
|
|
data "cloudflare_zones" "domain" {
|
|
filter {
|
|
name = var.site_domain
|
|
}
|
|
}
|
|
|
|
resource "cloudflare_record" "site_cname" {
|
|
zone_id = data.cloudflare_zones.domain.zones[0].id
|
|
name = var.site_domain
|
|
value = aws_s3_bucket_website_configuration.site.website_endpoint
|
|
type = "CNAME"
|
|
ttl = 1
|
|
proxied = true
|
|
}
|
|
|
|
resource "cloudflare_record" "www" {
|
|
zone_id = data.cloudflare_zones.domain.zones[0].id
|
|
name = "www"
|
|
value = var.site_domain
|
|
type = "CNAME"
|
|
ttl = 1
|
|
proxied = true
|
|
}
|
|
|
|
resource "aws_s3_bucket_versioning" "site" {
|
|
bucket = aws_s3_bucket.site.id
|
|
versioning_configuration {
|
|
status = "Enabled"
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_lifecycle_configuration" "site" {
|
|
bucket = aws_s3_bucket.site.id
|
|
|
|
rule {
|
|
id = "cleanup_old_versions"
|
|
status = "Enabled"
|
|
|
|
noncurrent_version_expiration {
|
|
noncurrent_days = 90
|
|
}
|
|
filter {
|
|
prefix = ""
|
|
}
|
|
}
|
|
|
|
rule {
|
|
id = "cleanup_incomplete_uploads"
|
|
status = "Enabled"
|
|
|
|
abort_incomplete_multipart_upload {
|
|
days_after_initiation = 7
|
|
}
|
|
filter {
|
|
prefix = ""
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "cloudflare_page_rule" "https" {
|
|
zone_id = data.cloudflare_zones.domain.zones[0].id
|
|
target = "*.${var.site_domain}/*"
|
|
actions {
|
|
always_use_https = true
|
|
}
|
|
} |