diff --git a/README.md b/README.md index 9d772b0..956e10d 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,68 @@ # tf-module-aws-s3-cf-acm Terraform module for static site with SSL +required_version = ">= 0.12" + +## Usage +```hcl +module "s3-cf-acm" { + source = "git@github.com:lean-delivery/tf-module-aws-s3-cf-acm.git" + + namespace = "test" + stage = "test" + name = "cf-bucket" + parent_zone_name = "example.com" + acm_tags = { + Name = "Example" + } + domain = "static.example.com" + use_regional_s3_endpoint = "true" + origin_bucket = "S3-static-files-content" + origin_force_destroy = "yes" + default_root_object = "index.html" +} +``` +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| acm\_certificate\_arn | Existing ACM Certificate ARN | string | `""` | no | +| acm\_tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`) | map | `` | no | +| aliases | List of FQDN's - Used to set the Alternate Domain Names (CNAMEs) setting on Cloudfront | list | `` | no | +| alternative\_names | Domian name alternatives for ACM certificate | list | `` | no | +| bucket\_domain\_format | Format of bucket domain name | string | `"%s.s3.amazonaws.com"` | no | +| default\_root\_object | Object that CloudFront return when requests the root URL | string | `"index.html"` | no | +| default\_ttl | Default amount of time (in seconds) that an object is in a CloudFront cache | string | `"60"` | no | +| domain | A domain name for which certificate will be created | string | n/a | yes | +| enabled | Select Enabled if you want CloudFront to begin processing requests as soon as the distribution is created, or select Disabled if you do not want CloudFront to begin processing requests after the distribution is created. | string | `"true"` | no | +| lambda\_function\_association | A config block that triggers a lambda function with specific actions | list | `` | no | +| log\_expiration\_days | Number of days after which to expunge the objects | string | `"90"` | no | +| log\_glacier\_transition\_days | Number of days after which to move the data to the glacier storage tier | string | `"60"` | no | +| log\_include\_cookies | Include cookies in access logs | string | `"false"` | no | +| log\_prefix | Path of logs in S3 bucket | string | `""` | no | +| log\_standard\_transition\_days | Number of days to persist in the standard storage tier before moving to the glacier tier | string | `"30"` | no | +| max\_ttl | Maximum amount of time (in seconds) that an object is in a CloudFront cache | string | `"31536000"` | no | +| min\_ttl | Minimum amount of time that you want objects to stay in CloudFront caches | string | `"0"` | no | +| name | Name of static content (forming bucket name) | string | n/a | yes | +| namespace | Namespace (forming bucket name) | string | n/a | yes | +| origin\_bucket | Name of S3 bucket | string | `""` | no | +| origin\_force\_destroy | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`) | string | `"false"` | no | +| parent\_zone\_id | ID of the hosted zone to contain this record (or specify `parent_zone_name`) | string | `""` | no | +| parent\_zone\_name | Name of the hosted zone to contain this record (or specify parent_zone_id) | string | n/a | yes | +| price\_class | Price class for this distribution: `PriceClass_All`, `PriceClass_200`, `PriceClass_100` | string | `"PriceClass_100"` | no | +| stage | Stage of environment (e.g. `dev` or `prod`) (forming bucket name) | string | `"dev"` | no | +| tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`) | map | `` | no | +| use\_regional\_s3\_endpoint | When set to 'true' the s3 origin_bucket will use the regional endpoint address instead of the global endpoint address | string | `"false"` | no | +| web\_acl\_id | ID of the AWS WAF web ACL that is associated with the distribution | string | `""` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| cf\_arn | ARN of AWS CloudFront distribution | +| cf\_domain\_name | Domain name corresponding to the distribution | +| cf\_etag | Current version of the distribution's information | +| cf\_hosted\_zone\_id | CloudFront Route 53 zone ID | +| cf\_id | ID of AWS CloudFront distribution | +| cf\_status | Current status of the distribution | +| s3\_bucket | Name of S3 bucket | +| s3\_bucket\_domain\_name | Domain of S3 bucket | diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..d9da1e0 --- /dev/null +++ b/main.tf @@ -0,0 +1,55 @@ +provider "aws" { + region = "us-east-1" + alias = "acm_provider" +} + +data "aws_route53_zone" "selected" { + name = var.parent_zone_name +} + +module "aws-cert" { + source = "terraform-aws-modules/acm/aws" + version = "~> v2.0" + + domain_name = var.domain + zone_id = data.aws_route53_zone.selected.zone_id + + subject_alternative_names = var.alternative_names + + tags = var.acm_tags +} + +data "aws_acm_certificate" "this" { + domain = var.domain + statuses = ["ISSUED", "PENDING_VALIDATION"] + provider = aws.acm_provider + + depends_on = [module.aws-cert] +} + +module "cdn" { + source = "git::https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn.git?ref=0.11.0" + namespace = var.namespace + stage = var.stage + name = var.name + aliases = concat([var.domain], var.alternative_names) + parent_zone_name = var.parent_zone_name + acm_certificate_arn = data.aws_acm_certificate.this.arn + default_root_object = var.default_root_object + default_ttl = var.default_ttl + enabled = var.enabled + lambda_function_association = var.lambda_function_association + log_expiration_days = var.log_expiration_days + log_glacier_transition_days = var.log_glacier_transition_days + log_include_cookies = var.log_include_cookies + log_prefix = var.log_prefix + log_standard_transition_days = var.log_standard_transition_days + max_ttl = var.max_ttl + min_ttl = var.min_ttl + price_class = var.price_class + tags = var.tags + use_regional_s3_endpoint = var.use_regional_s3_endpoint + web_acl_id = var.web_acl_id + origin_force_destroy = "true" +} + diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..dfc60ee --- /dev/null +++ b/outputs.tf @@ -0,0 +1,40 @@ +output "cf_id" { + value = module.cdn.cf_id + description = "ID of AWS CloudFront distribution" +} + +output "cf_arn" { + value = module.cdn.cf_arn + description = "ARN of AWS CloudFront distribution" +} + +output "cf_status" { + value = module.cdn.cf_status + description = "Current status of the distribution" +} + +output "cf_domain_name" { + value = module.cdn.cf_domain_name + description = "Domain name corresponding to the distribution" +} + +output "cf_etag" { + value = module.cdn.cf_etag + description = "Current version of the distribution's information" +} + +output "cf_hosted_zone_id" { + value = module.cdn.cf_hosted_zone_id + description = "CloudFront Route 53 zone ID" +} + +output "s3_bucket" { + value = module.cdn.s3_bucket + description = "Name of S3 bucket" +} + +output "s3_bucket_domain_name" { + value = module.cdn.s3_bucket_domain_name + description = "Domain of S3 bucket" +} + diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..76e3b8b --- /dev/null +++ b/variables.tf @@ -0,0 +1,155 @@ +variable "namespace" { + description = "Namespace (forming bucket name)" + type = string +} + +variable "stage" { + description = "Stage of environment (e.g. `dev` or `prod`) (forming bucket name)" + type = string + default = "dev" +} + +variable "name" { + description = "Name of static content (forming bucket name)" + type = string +} + +variable "parent_zone_name" { + description = "Name of the hosted zone to contain this record (or specify parent_zone_id)" + type = string +} + +variable "aliases" { + type = list(string) + description = "List of FQDN's - Used to set the Alternate Domain Names (CNAMEs) setting on Cloudfront" + default = [] +} + +variable "domain" { + description = "A domain name for which certificate will be created" + type = string +} + +variable "alternative_names" { + description = "Domian name alternatives for ACM certificate" + type = list(string) + default = [] +} + +variable "acm_tags" { + type = map(string) + default = {} + description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)" +} + +variable "tags" { + type = map(string) + default = {} + description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)" +} + +variable "enabled" { + default = true + type = bool + description = "Select Enabled if you want CloudFront to begin processing requests as soon as the distribution is created, or select Disabled if you do not want CloudFront to begin processing requests after the distribution is created." +} + +variable "acm_certificate_arn" { + description = "Existing ACM Certificate ARN" + type = string + default = "" +} + +variable "use_regional_s3_endpoint" { + type = bool + description = "When set to 'true' the s3 origin_bucket will use the regional endpoint address instead of the global endpoint address" + default = false +} + +variable "origin_bucket" { + default = "" + type = string + description = "Name of S3 bucket" +} + +variable "origin_force_destroy" { + default = "false" + description = "Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`)" +} + +variable "bucket_domain_format" { + default = "%s.s3.amazonaws.com" + description = "Format of bucket domain name" +} + +variable "default_root_object" { + default = "index.html" + description = "Object that CloudFront return when requests the root URL" +} + +variable "log_include_cookies" { + default = "false" + description = "Include cookies in access logs" +} + +variable "log_prefix" { + default = "" + description = "Path of logs in S3 bucket" +} + +variable "log_standard_transition_days" { + description = "Number of days to persist in the standard storage tier before moving to the glacier tier" + default = "30" +} + +variable "log_glacier_transition_days" { + description = "Number of days after which to move the data to the glacier storage tier" + default = "60" +} + +variable "log_expiration_days" { + description = "Number of days after which to expunge the objects" + default = "90" +} + +variable "price_class" { + default = "PriceClass_100" + description = "Price class for this distribution: `PriceClass_All`, `PriceClass_200`, `PriceClass_100`" +} + +variable "default_ttl" { + default = "60" + description = "Default amount of time (in seconds) that an object is in a CloudFront cache" +} + +variable "min_ttl" { + default = "0" + description = "Minimum amount of time that you want objects to stay in CloudFront caches" +} + +variable "max_ttl" { + default = "31536000" + description = "Maximum amount of time (in seconds) that an object is in a CloudFront cache" +} + +variable "parent_zone_id" { + default = "" + description = "ID of the hosted zone to contain this record (or specify `parent_zone_name`)" +} + +variable "lambda_function_association" { + type = list(object({ + event_type = string + include_body = bool + lambda_arn = string + })) + default = [] + description = "A config block that triggers a lambda function with specific actions" +} + +variable "web_acl_id" { + type = string + default = "" + description = "ID of the AWS WAF web ACL that is associated with the distribution" +} + diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..ac97c6a --- /dev/null +++ b/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +}