initial commit

Author: nodesocket

.gitignore

@@ -0,0 +1,4 @@
+.terraform/
+terraform.tfstate
+*.tfstate.backup
+aws-auth.ini

LICENSE

@@ -0,0 +1,11 @@
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

README.md

@@ -0,0 +1,2 @@
+# Terraform Gatsby AWS
+

cloudfront.tf

@@ -0,0 +1,61 @@
+resource "aws_cloudfront_distribution" "cloudfront" {
+  origin {
+    domain_name = aws_s3_bucket.bucket.website_endpoint
+    origin_id   = "s3_website"
+
+    custom_origin_config {
+      http_port                = 80
+      https_port               = 443
+      origin_keepalive_timeout = 15
+      origin_protocol_policy   = "http-only"
+      origin_read_timeout      = 30
+      origin_ssl_protocols     = ["TLSv1.1", "TLSv1.2"]
+    }
+  }
+
+  enabled             = true
+  is_ipv6_enabled     = true
+  http_version        = "http2"
+  default_root_object = "index.html"
+
+  aliases = [
+    var.domain_name
+  ]
+
+  default_cache_behavior {
+    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = "s3_website"
+
+    forwarded_values {
+      query_string = false
+
+      headers = [
+        "Origin"
+      ]
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "redirect-to-https"
+    compress               = true
+    smooth_streaming       = false
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+
+  price_class = "PriceClass_All"
+
+  viewer_certificate {
+    acm_certificate_arn      = var.https_certificate_arn
+    minimum_protocol_version = "TLSv1.1_2016"
+    ssl_support_method       = "sni-only"
+  }
+}
+

route53.tf

@@ -0,0 +1,16 @@
+resource "aws_route53_record" "dns" {
+  zone_id = var.route53_zone_id
+  name    = var.domain_name
+  type    = "A"
+
+  alias {
+    evaluate_target_health = false
+    name                   = aws_cloudfront_distribution.cloudfront.domain_name
+    zone_id                = aws_cloudfront_distribution.cloudfront.hosted_zone_id
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+

s3.tf

@@ -0,0 +1,39 @@
+resource "aws_s3_bucket" "bucket" {
+  bucket = var.domain_name
+  acl    = "public-read"
+  policy = <<EOF
+{
+  "Id": "bucket_policy_site",
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "bucket_policy_site_main",
+      "Action": [
+        "s3:GetObject"
+      ],
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::${var.domain_name}/*",
+      "Principal": "*"
+    }
+  ]
+}
+EOF
+
+  website {
+    index_document = "index.html"
+    error_document = "404.html"
+  }
+
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_public_access_block" "bucket_public_access" {
+  bucket = aws_s3_bucket.bucket.id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
+

variables.tf

@@ -0,0 +1,11 @@
+variable "route53_zone_id" {
+  description = "Route53 Zone id to create the DNS record for the Gatsby app"
+}
+
+variable "domain_name" {
+  description = "The domain to run the Gatsby app on"
+}
+
+variable "https_certificate_arn" {
+  description = "A full ARN path to the ACM SSL certificate in us-east-1"
+}

versions.tf

@@ -0,0 +1,3 @@
+terraform {
+  required_version = "~> 0.12.20"
+}