├── .gitignore
├── README.md
├── circle.yml
├── secret.tfvars_template
├── website.tf
└── website.tfvars_template


/.gitignore:
--------------------------------------------------------------------------------
1 | /secret.tfvars
2 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## Terraform template to provision website on AWS S3 with Cloudfront and Route53
 2 | 
 3 | [![CircleCI](https://circleci.com/gh/sjevs/terraform-static-website-s3-cloudfront.svg?style=svg)](https://circleci.com/gh/sjevs/terraform-static-website-s3-cloudfront)
 4 | 
 5 | ### Features
 6 | 
 7 | * No coding needed, just set your domain in the configuration
 8 | * Covered with [integration test](circle.yml) against AWS. So it is stable and functioning
 9 | 
10 | ### Prerequisites
11 | 
12 | * Installed [Terraform](https://www.terraform.io)
13 | * AWS Account. This account needs to have enough permissions to setup the infrastructure
14 |   * AWS Access Key ID
15 |   * AWS Secret Access Key
16 | 
17 | ### Setup
18 | 
19 | * `cp secret.tfvars_template secret.tfvars`. Edit `secret.tfvars`, to put your AWS keys there.
20 | * `cp website.tfvars_template website.tfvars`. Edit `website.tfvars`, put your website domain there
21 | * Provision
22 | ```
23 | terraform apply -var-file website.tfvars  -var-file secret.tfvars
24 | ```
25 | 
26 | It also creates locally state file. Read more about it [here](https://www.terraform.io/docs/state/)
27 | 
28 | ### Other
29 | 
30 | * [Serverless blog costs on AWS S3](http://perfect-blog.jevsejev.io/2016/05/17/aws-serverless-blog-costs/)
31 | 
32 | ### Terms
33 | 
34 | [MIT License](https://tldrlegal.com/license/mit-license)
35 | 


--------------------------------------------------------------------------------
/circle.yml:
--------------------------------------------------------------------------------
 1 | machine:
 2 |   services:
 3 |     - docker
 4 | 
 5 | dependencies:
 6 |   override:
 7 |     - echo 'aws_access_key_id = "'$AWS_ACCESS_KEY_ID'"' > secret.tfvars
 8 |     - echo 'aws_secret_key = "'$AWS_SECRET_ACCESS_KEY'"' >> secret.tfvars
 9 | 
10 |     - echo 'domain = "circle-build-'$CIRCLE_BUILD_NUM'.io"' > website.tfvars
11 |     - echo 'domainAlias = "circle-build-'$CIRCLE_BUILD_NUM'_io"' >> website.tfvars
12 |     - echo 'subdomain = "www.circle-build-'$CIRCLE_BUILD_NUM'.io"' >> website.tfvars
13 |     - echo 'subdomainAlias = "www_circle-build-'$CIRCLE_BUILD_NUM'_io"' >> website.tfvars
14 |     - echo 'cdnSubDomain = "cdn.circle-build-'$CIRCLE_BUILD_NUM'.io"' >> website.tfvars
15 | 
16 | test:
17 |   override:
18 |     - docker run -it -v $PWD:/src sjevs/terraform plan -var-file website.tfvars  -var-file secret.tfvars
19 |     - docker run -it -v $PWD:/src sjevs/terraform apply -var-file website.tfvars  -var-file secret.tfvars
20 |     - docker run -it -v $PWD:/src sjevs/terraform destroy -force -var-file website.tfvars  -var-file secret.tfvars
21 | 


--------------------------------------------------------------------------------
/secret.tfvars_template:
--------------------------------------------------------------------------------
1 | aws_access_key_id = ""
2 | aws_secret_key = ""
3 | 


--------------------------------------------------------------------------------
/website.tf:
--------------------------------------------------------------------------------
  1 | variable "aws_access_key_id" {}
  2 | variable "aws_secret_key" {}
  3 | variable "region" { default = "eu-west-1" }
  4 | 
  5 | variable "domain" { default = "jevsejev.io" }
  6 | variable "domainAlias" { default = "jevsejev_io" }
  7 | variable "subdomain" { default = "www.jevsejev.io" }
  8 | variable "subdomainAlias" { default = "www_jevsejev_io" }
  9 | variable "cdnSubDomain" { default = "cdn.jevsejev.io" }
 10 | 
 11 | variable "cf_alias_zone_id" {
 12 |   description = "Fixed hardcoded constant zone_id that is used for all CloudFront distributions"
 13 |   default = "Z2FDTNDATAQYW2"
 14 | }
 15 | 
 16 | provider "aws" {
 17 |   alias = "prod"
 18 | 
 19 |   region = "${var.region}"
 20 |   access_key = "${var.aws_access_key_id}"
 21 |   secret_key = "${var.aws_secret_key}"
 22 | }
 23 | 
 24 | resource "aws_s3_bucket" "website_bucket" {
 25 |   provider = "aws.prod"
 26 | 
 27 |   bucket = "${var.subdomain}"
 28 |   acl = "public-read"
 29 |   policy = <<POLICY
 30 | {
 31 |   "Version":"2012-10-17",
 32 |   "Statement":[{
 33 |     "Sid":"PublicReadForGetBucketObjects",
 34 |         "Effect":"Allow",
 35 |       "Principal": "*",
 36 |       "Action":"s3:GetObject",
 37 |       "Resource":["arn:aws:s3:::${var.subdomain}/*"
 38 |       ]
 39 |     }
 40 |   ]
 41 | }
 42 | POLICY
 43 | 
 44 |   website {
 45 |     index_document = "index.html"
 46 |     error_document = "404.html"
 47 |   }
 48 | }
 49 | 
 50 | resource "aws_route53_zone" "route53_zone" {
 51 |   provider = "aws.prod"
 52 |   name = "${var.domain}"
 53 | }
 54 | 
 55 | resource "aws_route53_record" "website_route53_record" {
 56 |   provider = "aws.prod"
 57 |   zone_id = "${aws_route53_zone.route53_zone.zone_id}"
 58 |   name = "${var.subdomain}"
 59 |   type = "A"
 60 | 
 61 |   alias {
 62 |     name = "${aws_s3_bucket.website_bucket.website_domain}"
 63 |     zone_id = "${aws_s3_bucket.website_bucket.hosted_zone_id}"
 64 |     evaluate_target_health = false
 65 |   }
 66 | }
 67 | 
 68 | resource "aws_cloudfront_distribution" "cdn" {
 69 |   provider = "aws.prod"
 70 |   depends_on = ["aws_s3_bucket.website_bucket"]
 71 |   origin {
 72 |     domain_name = "${var.subdomain}.s3.amazonaws.com"
 73 |     origin_id = "website_bucket_origin"
 74 |     s3_origin_config {
 75 |     }
 76 |   }
 77 |   enabled = true
 78 |   default_root_object = "index.html"
 79 |   aliases = ["${var.subdomain}"]
 80 |   price_class = "PriceClass_200"
 81 |   retain_on_delete = true
 82 |   default_cache_behavior {
 83 |     allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ]
 84 |     cached_methods = [ "GET", "HEAD" ]
 85 |     target_origin_id = "website_bucket_origin"
 86 |     forwarded_values {
 87 |       query_string = true
 88 |       cookies {
 89 |         forward = "none"
 90 |       }
 91 |     }
 92 |     viewer_protocol_policy = "allow-all"
 93 |     min_ttl = 0
 94 |     default_ttl = 3600
 95 |     max_ttl = 86400
 96 |   }
 97 |   viewer_certificate {
 98 |     cloudfront_default_certificate = true
 99 |   }
100 |   restrictions {
101 |     geo_restriction {
102 |       restriction_type = "none"
103 |     }
104 |   }
105 | }
106 | 
107 | resource "aws_route53_record" "route53_to_cdn" {
108 |   provider = "aws.prod"
109 |   zone_id = "${aws_route53_zone.route53_zone.zone_id}"
110 |   name = "${var.cdnSubDomain}"
111 |   type = "A"
112 | 
113 |   alias {
114 |     name = "${aws_cloudfront_distribution.cdn.domain_name}"
115 |     zone_id = "${var.cf_alias_zone_id}"
116 |     evaluate_target_health = false
117 |   }
118 | }
119 | 


--------------------------------------------------------------------------------
/website.tfvars_template:
--------------------------------------------------------------------------------
1 | # Alias must not contain dots. It is used for references inside the template.
2 | domain = ""         # jevsejev.io
3 | domainAlias = ""    # jevsejev_io
4 | subdomain = ""      # www.jevsejev.io
5 | subdomainAlias = "" # www_jevsejev_io
6 | cdnSubDomain = ""   # cdn.jevsejev.io
7 | 


--------------------------------------------------------------------------------