Infrastructure as code (#3)

* Moves website to website/ * Adds terraform gitignores * Terraform with AWS provider * Initialises Terraform * Locals and variables for provider * Fetches SSL certificate from ACM * S3 static website bucket * CloudFront distribution * Route53 records * Deployment workflow uses secret S3 bucket suffix * Adds README --------- Co-authored-by: Joe Carstairs <65492573+Sycamost@users.noreply.github.com>
2024-05-05 21:00:40 +01:00
parent 579e12cfeb
commit 86450b3dd8
40 changed files with 293 additions and 3 deletions
--- a/infrastructure/cloudfront.tf
+++ b/infrastructure/cloudfront.tf
@@ -0,0 +1,59 @@
+resource "aws_cloudfront_distribution" "joeac" {
+  enabled             = true
+  is_ipv6_enabled     = true
+  default_root_object = "index.html"
+  price_class         = "PriceClass_100"
+
+  aliases = ["joeac.net"]
+
+  origin {
+    domain_name = aws_s3_bucket_website_configuration.website.website_endpoint
+    origin_id   = local.website_origin_id
+
+    custom_origin_config {
+      http_port              = 80
+      https_port             = 443
+      origin_protocol_policy = "http-only"
+      origin_ssl_protocols   = ["TLSv1", "TLSv1.1", "TLSv1.2"]
+    }
+  }
+
+  default_cache_behavior {
+    allowed_methods        = ["GET", "HEAD", "OPTIONS"]
+    cached_methods         = ["GET", "HEAD", "OPTIONS"]
+    target_origin_id       = local.website_origin_id
+    cache_policy_id        = data.aws_cloudfront_cache_policy.caching_optimized.id
+    viewer_protocol_policy = "redirect-to-https"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+      locations        = []
+    }
+  }
+
+  viewer_certificate {
+    acm_certificate_arn      = data.aws_acm_certificate.joeac_ssl_certificate.arn
+    ssl_support_method       = "sni-only"
+    minimum_protocol_version = "TLSv1.2_2021"
+  }
+
+  depends_on = [aws_cloudfront_origin_access_control.website]
+}
+
+resource "aws_cloudfront_origin_access_control" "website" {
+  name                              = "website"
+  origin_access_control_origin_type = "s3"
+  signing_behavior                  = "always"
+  signing_protocol                  = "sigv4"
+}
+
+data "aws_cloudfront_cache_policy" "caching_optimized" {
+  name = "Managed-CachingOptimized"
+}
+
+locals {
+  website_origin_id = "website"
+}
+