Verified Commit bce75897 authored by doshitan's avatar doshitan

Terraform format

parent 427826cf
...@@ -62,7 +62,7 @@ POLICY ...@@ -62,7 +62,7 @@ POLICY
allowed_headers = ["*"] allowed_headers = ["*"]
allowed_methods = ["GET"] allowed_methods = ["GET"]
allowed_origins = ["https://doshitan.com"] allowed_origins = ["https://doshitan.com"]
expose_headers = ["ETag"] expose_headers = ["ETag"]
max_age_seconds = 3600 max_age_seconds = 3600
} }
...@@ -75,7 +75,7 @@ resource "aws_s3_bucket" "www" { ...@@ -75,7 +75,7 @@ resource "aws_s3_bucket" "www" {
provider = aws.main provider = aws.main
bucket = "www.${var.domain}" bucket = "www.${var.domain}"
acl = "public-read" acl = "public-read"
website { website {
redirect_all_requests_to = "https://${var.domain}" redirect_all_requests_to = "https://${var.domain}"
...@@ -107,8 +107,8 @@ resource "aws_s3_bucket" "www" { ...@@ -107,8 +107,8 @@ resource "aws_s3_bucket" "www" {
data "aws_acm_certificate" "domain" { data "aws_acm_certificate" "domain" {
provider = aws.us-east-1 provider = aws.us-east-1
domain = var.domain domain = var.domain
types = ["AMAZON_ISSUED"] types = ["AMAZON_ISSUED"]
most_recent = true most_recent = true
} }
...@@ -119,32 +119,32 @@ resource "aws_cloudfront_distribution" "site_distribution" { ...@@ -119,32 +119,32 @@ resource "aws_cloudfront_distribution" "site_distribution" {
origin { origin {
domain_name = aws_s3_bucket.site.website_endpoint domain_name = aws_s3_bucket.site.website_endpoint
origin_id = aws_s3_bucket.site.id origin_id = aws_s3_bucket.site.id
custom_origin_config { custom_origin_config {
http_port = 80 http_port = 80
https_port = 443 https_port = 443
origin_protocol_policy = "http-only" origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"] origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
} }
} }
enabled = true enabled = true
is_ipv6_enabled = true is_ipv6_enabled = true
http_version = "http2" http_version = "http2"
default_root_object = "index.html" default_root_object = "index.html"
aliases = [var.domain] aliases = [var.domain]
price_class = "PriceClass_100" price_class = "PriceClass_100"
retain_on_delete = true retain_on_delete = true
default_cache_behavior { default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"] allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD", "OPTIONS"] cached_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = aws_s3_bucket.site.id target_origin_id = aws_s3_bucket.site.id
forwarded_values { forwarded_values {
query_string = false query_string = false
headers = ["Origin"] headers = ["Origin"]
cookies { cookies {
forward = "none" forward = "none"
...@@ -152,10 +152,10 @@ resource "aws_cloudfront_distribution" "site_distribution" { ...@@ -152,10 +152,10 @@ resource "aws_cloudfront_distribution" "site_distribution" {
} }
viewer_protocol_policy = "redirect-to-https" viewer_protocol_policy = "redirect-to-https"
min_ttl = 0 min_ttl = 0
default_ttl = 31536000 default_ttl = 31536000
max_ttl = 31536000 max_ttl = 31536000
compress = true compress = true
lambda_function_association { lambda_function_association {
event_type = "viewer-response" event_type = "viewer-response"
...@@ -169,7 +169,7 @@ resource "aws_cloudfront_distribution" "site_distribution" { ...@@ -169,7 +169,7 @@ resource "aws_cloudfront_distribution" "site_distribution" {
# acm_certificate_arn = "${aws_acm_certificate_validation.cert.certificate_arn}" # acm_certificate_arn = "${aws_acm_certificate_validation.cert.certificate_arn}"
acm_certificate_arn = data.aws_acm_certificate.domain.arn acm_certificate_arn = data.aws_acm_certificate.domain.arn
ssl_support_method = "sni-only" ssl_support_method = "sni-only"
minimum_protocol_version = "TLSv1.2_2018" minimum_protocol_version = "TLSv1.2_2018"
} }
...@@ -200,11 +200,11 @@ resource "aws_route53_record" "root_v4" { ...@@ -200,11 +200,11 @@ resource "aws_route53_record" "root_v4" {
provider = aws.main provider = aws.main
zone_id = aws_route53_zone.tld.zone_id zone_id = aws_route53_zone.tld.zone_id
name = var.domain name = var.domain
type = "A" type = "A"
alias { alias {
name = aws_cloudfront_distribution.site_distribution.domain_name name = aws_cloudfront_distribution.site_distribution.domain_name
zone_id = aws_cloudfront_distribution.site_distribution.hosted_zone_id zone_id = aws_cloudfront_distribution.site_distribution.hosted_zone_id
evaluate_target_health = false evaluate_target_health = false
...@@ -215,11 +215,11 @@ resource "aws_route53_record" "root_v6" { ...@@ -215,11 +215,11 @@ resource "aws_route53_record" "root_v6" {
provider = aws.main provider = aws.main
zone_id = aws_route53_zone.tld.zone_id zone_id = aws_route53_zone.tld.zone_id
name = var.domain name = var.domain
type = "AAAA" type = "AAAA"
alias { alias {
name = aws_cloudfront_distribution.site_distribution.domain_name name = aws_cloudfront_distribution.site_distribution.domain_name
zone_id = aws_cloudfront_distribution.site_distribution.hosted_zone_id zone_id = aws_cloudfront_distribution.site_distribution.hosted_zone_id
evaluate_target_health = false evaluate_target_health = false
...@@ -230,11 +230,11 @@ resource "aws_route53_record" "www_v4" { ...@@ -230,11 +230,11 @@ resource "aws_route53_record" "www_v4" {
provider = aws.main provider = aws.main
zone_id = aws_route53_zone.tld.zone_id zone_id = aws_route53_zone.tld.zone_id
name = "www.${var.domain}" name = "www.${var.domain}"
type = "A" type = "A"
alias { alias {
name = aws_s3_bucket.www.website_domain name = aws_s3_bucket.www.website_domain
zone_id = aws_s3_bucket.www.hosted_zone_id zone_id = aws_s3_bucket.www.hosted_zone_id
evaluate_target_health = false evaluate_target_health = false
...@@ -245,11 +245,11 @@ resource "aws_route53_record" "www_v6" { ...@@ -245,11 +245,11 @@ resource "aws_route53_record" "www_v6" {
provider = aws.main provider = aws.main
zone_id = aws_route53_zone.tld.zone_id zone_id = aws_route53_zone.tld.zone_id
name = "www.${var.domain}" name = "www.${var.domain}"
type = "AAAA" type = "AAAA"
alias { alias {
name = aws_s3_bucket.www.website_domain name = aws_s3_bucket.www.website_domain
zone_id = aws_s3_bucket.www.hosted_zone_id zone_id = aws_s3_bucket.www.hosted_zone_id
evaluate_target_health = false evaluate_target_health = false
...@@ -260,9 +260,9 @@ resource "aws_route53_record" "caa" { ...@@ -260,9 +260,9 @@ resource "aws_route53_record" "caa" {
provider = aws.main provider = aws.main
zone_id = aws_route53_zone.tld.zone_id zone_id = aws_route53_zone.tld.zone_id
name = var.domain name = var.domain
type = "CAA" type = "CAA"
ttl = "300" ttl = "300"
# https://sslmate.com/caa/ is helpful # https://sslmate.com/caa/ is helpful
records = [ records = [
...@@ -273,27 +273,27 @@ resource "aws_route53_record" "caa" { ...@@ -273,27 +273,27 @@ resource "aws_route53_record" "caa" {
# Lambda # Lambda
data "archive_file" "cloudfront" { data "archive_file" "cloudfront" {
type = "zip" type = "zip"
output_path = "${path.module}/.zip/cloudfront.zip" output_path = "${path.module}/.zip/cloudfront.zip"
source { source {
filename = "lambda.js" filename = "lambda.js"
content = file("${path.module}/lambda.js") content = file("${path.module}/lambda.js")
} }
} }
resource "aws_lambda_function" "cloudfront" { resource "aws_lambda_function" "cloudfront" {
provider = aws.us-east-1 provider = aws.us-east-1
function_name = "${var.app_name}-cloudfront" function_name = "${var.app_name}-cloudfront"
filename = data.archive_file.cloudfront.output_path filename = data.archive_file.cloudfront.output_path
source_code_hash = data.archive_file.cloudfront.output_base64sha256 source_code_hash = data.archive_file.cloudfront.output_base64sha256
role = aws_iam_role.cloudfront_lambda.arn role = aws_iam_role.cloudfront_lambda.arn
runtime = "nodejs10.x" runtime = "nodejs10.x"
handler = "lambda.handler" handler = "lambda.handler"
memory_size = 128 memory_size = 128
timeout = 3 timeout = 3
publish = true publish = true
} }
data "aws_iam_policy_document" "edge_lambda" { data "aws_iam_policy_document" "edge_lambda" {
...@@ -316,13 +316,13 @@ data "aws_iam_policy_document" "edge_lambda" { ...@@ -316,13 +316,13 @@ data "aws_iam_policy_document" "edge_lambda" {
resource "aws_iam_role" "cloudfront_lambda" { resource "aws_iam_role" "cloudfront_lambda" {
provider = aws.main provider = aws.main
name_prefix = var.app_name name_prefix = var.app_name
assume_role_policy = data.aws_iam_policy_document.edge_lambda.json assume_role_policy = data.aws_iam_policy_document.edge_lambda.json
} }
resource "aws_iam_role_policy_attachment" "basic" { resource "aws_iam_role_policy_attachment" "basic" {
provider = aws.main provider = aws.main
role = aws_iam_role.cloudfront_lambda.name role = aws_iam_role.cloudfront_lambda.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment