Verified Commit bce75897 authored by doshitan's avatar doshitan

Terraform format

parent 427826cf
......@@ -62,7 +62,7 @@ POLICY
allowed_headers = ["*"]
allowed_methods = ["GET"]
allowed_origins = ["https://doshitan.com"]
expose_headers = ["ETag"]
expose_headers = ["ETag"]
max_age_seconds = 3600
}
......@@ -75,7 +75,7 @@ resource "aws_s3_bucket" "www" {
provider = aws.main
bucket = "www.${var.domain}"
acl = "public-read"
acl = "public-read"
website {
redirect_all_requests_to = "https://${var.domain}"
......@@ -107,8 +107,8 @@ resource "aws_s3_bucket" "www" {
data "aws_acm_certificate" "domain" {
provider = aws.us-east-1
domain = var.domain
types = ["AMAZON_ISSUED"]
domain = var.domain
types = ["AMAZON_ISSUED"]
most_recent = true
}
......@@ -119,32 +119,32 @@ resource "aws_cloudfront_distribution" "site_distribution" {
origin {
domain_name = aws_s3_bucket.site.website_endpoint
origin_id = aws_s3_bucket.site.id
origin_id = aws_s3_bucket.site.id
custom_origin_config {
http_port = 80
https_port = 443
http_port = 80
https_port = 443
origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
}
}
enabled = true
is_ipv6_enabled = true
http_version = "http2"
enabled = true
is_ipv6_enabled = true
http_version = "http2"
default_root_object = "index.html"
aliases = [var.domain]
price_class = "PriceClass_100"
retain_on_delete = true
aliases = [var.domain]
price_class = "PriceClass_100"
retain_on_delete = true
default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = aws_s3_bucket.site.id
forwarded_values {
query_string = false
headers = ["Origin"]
headers = ["Origin"]
cookies {
forward = "none"
......@@ -152,10 +152,10 @@ resource "aws_cloudfront_distribution" "site_distribution" {
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = 0
default_ttl = 31536000
max_ttl = 31536000
compress = true
min_ttl = 0
default_ttl = 31536000
max_ttl = 31536000
compress = true
lambda_function_association {
event_type = "viewer-response"
......@@ -169,7 +169,7 @@ resource "aws_cloudfront_distribution" "site_distribution" {
# acm_certificate_arn = "${aws_acm_certificate_validation.cert.certificate_arn}"
acm_certificate_arn = data.aws_acm_certificate.domain.arn
ssl_support_method = "sni-only"
ssl_support_method = "sni-only"
minimum_protocol_version = "TLSv1.2_2018"
}
......@@ -200,11 +200,11 @@ resource "aws_route53_record" "root_v4" {
provider = aws.main
zone_id = aws_route53_zone.tld.zone_id
name = var.domain
type = "A"
name = var.domain
type = "A"
alias {
name = aws_cloudfront_distribution.site_distribution.domain_name
name = aws_cloudfront_distribution.site_distribution.domain_name
zone_id = aws_cloudfront_distribution.site_distribution.hosted_zone_id
evaluate_target_health = false
......@@ -215,11 +215,11 @@ resource "aws_route53_record" "root_v6" {
provider = aws.main
zone_id = aws_route53_zone.tld.zone_id
name = var.domain
type = "AAAA"
name = var.domain
type = "AAAA"
alias {
name = aws_cloudfront_distribution.site_distribution.domain_name
name = aws_cloudfront_distribution.site_distribution.domain_name
zone_id = aws_cloudfront_distribution.site_distribution.hosted_zone_id
evaluate_target_health = false
......@@ -230,11 +230,11 @@ resource "aws_route53_record" "www_v4" {
provider = aws.main
zone_id = aws_route53_zone.tld.zone_id
name = "www.${var.domain}"
type = "A"
name = "www.${var.domain}"
type = "A"
alias {
name = aws_s3_bucket.www.website_domain
name = aws_s3_bucket.www.website_domain
zone_id = aws_s3_bucket.www.hosted_zone_id
evaluate_target_health = false
......@@ -245,11 +245,11 @@ resource "aws_route53_record" "www_v6" {
provider = aws.main
zone_id = aws_route53_zone.tld.zone_id
name = "www.${var.domain}"
type = "AAAA"
name = "www.${var.domain}"
type = "AAAA"
alias {
name = aws_s3_bucket.www.website_domain
name = aws_s3_bucket.www.website_domain
zone_id = aws_s3_bucket.www.hosted_zone_id
evaluate_target_health = false
......@@ -260,9 +260,9 @@ resource "aws_route53_record" "caa" {
provider = aws.main
zone_id = aws_route53_zone.tld.zone_id
name = var.domain
type = "CAA"
ttl = "300"
name = var.domain
type = "CAA"
ttl = "300"
# https://sslmate.com/caa/ is helpful
records = [
......@@ -273,27 +273,27 @@ resource "aws_route53_record" "caa" {
# Lambda
data "archive_file" "cloudfront" {
type = "zip"
type = "zip"
output_path = "${path.module}/.zip/cloudfront.zip"
source {
filename = "lambda.js"
content = file("${path.module}/lambda.js")
content = file("${path.module}/lambda.js")
}
}
resource "aws_lambda_function" "cloudfront" {
provider = aws.us-east-1
function_name = "${var.app_name}-cloudfront"
filename = data.archive_file.cloudfront.output_path
function_name = "${var.app_name}-cloudfront"
filename = data.archive_file.cloudfront.output_path
source_code_hash = data.archive_file.cloudfront.output_base64sha256
role = aws_iam_role.cloudfront_lambda.arn
runtime = "nodejs10.x"
handler = "lambda.handler"
memory_size = 128
timeout = 3
publish = true
role = aws_iam_role.cloudfront_lambda.arn
runtime = "nodejs10.x"
handler = "lambda.handler"
memory_size = 128
timeout = 3
publish = true
}
data "aws_iam_policy_document" "edge_lambda" {
......@@ -316,13 +316,13 @@ data "aws_iam_policy_document" "edge_lambda" {
resource "aws_iam_role" "cloudfront_lambda" {
provider = aws.main
name_prefix = var.app_name
name_prefix = var.app_name
assume_role_policy = data.aws_iam_policy_document.edge_lambda.json
}
resource "aws_iam_role_policy_attachment" "basic" {
provider = aws.main
role = aws_iam_role.cloudfront_lambda.name
role = aws_iam_role.cloudfront_lambda.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment