This is a template for quickly setting up and deploying a static web site to Amazon S3 + Cloudfront CDN. (See S3 pricing; Cloudfront pricing)
Assumptions:
- An active AWS account
- An IAM user with access to S3, Cloudfront, and CertificateManager
- AWS CLI is installed
- Terraform is installed
Basic steps:
- Request a free SSL cert from AWS Certificate Manager, or upload one.
- Review the terraform configuration, static.tf, and make changes as needed.
- Populate your local AWS credentials file with an IAM user having access to S3, Cloudfront, and CertificateManager
- Configure variables as needed
- Run terraform commands to provision or update AWS infrastructure
- Deploy content using aws-s3-sync
You'll need to provision an SSL cert and make it available to the AWS Certificate Manager. To request a free cert, visit https://console.aws.amazon.com/acm/home.
This process will take some time as you'll need to prove domain ownership. Docs: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request.html
Once your certificate status is Issued, add its ARN as a terraform variables.
Add your AWS credentials to $HOME/.aws/credentials. If using a named profile, set the profile name in the terraform configuration as aws_cli_profile.
See static.tf for AWS configuration.
$ terraform plan # dry run
$ terraform apply # create resources
$ terraform show # show state
When running apply or show, you'll be prompted to define any needed variables.
To persist variables, populate and rename terraform.tfvars.example to terraform.tfvars. Terraform will automatically read vars from this file, and git will ignore it.
You could also specify additional vars files for Terraform:
$ terraform plan -var-file=production.tfvars
$ aws s3 sync static s3://www.example.com [--profile default] --exclude *.DS_Store --delete
InvalidClientTokenId: check the values in~/.aws/credentials, and make sure the correct profile is used (if not default)
/usr/local/opt/mozjpeg/bin/cjpeg rocks.jpg -quality 80 > rocks-moz.jpg