diff --git a/infrastructure/Makefile b/infrastructure/Makefile new file mode 100644 index 0000000..129a367 --- /dev/null +++ b/infrastructure/Makefile @@ -0,0 +1,214 @@ +# Copyright 2016 Philip G. Porada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +.ONESHELL: +.SHELL := /usr/bin/bash +.PHONY: apply destroy-backend destroy destroy-target plan-destroy plan plan-target prep + +-include Makefile.env +VARS="variables/$(ENV)-$(REGION).tfvars" +CURRENT_FOLDER=$(shell basename "$$(pwd)") +S3_BUCKET="$(ENV)-$(REGION)-$(PROJECT)-terraform" +DYNAMODB_TABLE="$(ENV)-$(REGION)-$(PROJECT)-terraform" +WORKSPACE="$(ENV)-$(REGION)" +BOLD=$(shell tput bold) +RED=$(shell tput setaf 1) +GREEN=$(shell tput setaf 2) +YELLOW=$(shell tput setaf 3) +RESET=$(shell tput sgr0) + +help: + @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' + +set-env: + @if [ -z $(ENV) ]; then \ + echo "$(BOLD)$(RED)ENV was not set$(RESET)"; \ + ERROR=1; \ + fi + @if [ -z $(REGION) ]; then \ + echo "$(BOLD)$(RED)REGION was not set$(RESET)"; \ + ERROR=1; \ + fi + @if [ -z $(AWS_PROFILE) ]; then \ + echo "$(BOLD)$(RED)AWS_PROFILE was not set.$(RESET)"; \ + ERROR=1; \ + fi + @if [ ! -z $${ERROR} ] && [ $${ERROR} -eq 1 ]; then \ + echo "$(BOLD)Example usage: \`AWS_PROFILE=whatever ENV=demo REGION=us-east-2 make plan\`$(RESET)"; \ + exit 1; \ + fi + @if [ ! -f "$(VARS)" ]; then \ + echo "$(BOLD)$(RED)Could not find variables file: $(VARS)$(RESET)"; \ + exit 1; \ + fi + +prep: set-env ## Prepare a new workspace (environment) if needed, configure the tfstate backend, update any modules, and switch to the workspace + @echo "$(BOLD)Verifying that the S3 bucket $(S3_BUCKET) for remote state exists$(RESET)" + @if ! aws --profile $(AWS_PROFILE) s3api head-bucket --region $(REGION) --bucket $(S3_BUCKET) > /dev/null 2>&1 ; then \ + echo "$(BOLD)S3 bucket $(S3_BUCKET) was not found, creating new bucket with versioning enabled to store tfstate$(RESET)"; \ + aws --profile $(AWS_PROFILE) s3api create-bucket \ + --bucket $(S3_BUCKET) \ + --acl private \ + --region $(REGION) \ + --create-bucket-configuration LocationConstraint=$(REGION) > /dev/null 2>&1 ; \ + aws --profile $(AWS_PROFILE) s3api put-bucket-versioning \ + --bucket $(S3_BUCKET) \ + --versioning-configuration Status=Enabled > /dev/null 2>&1 ; \ + echo "$(BOLD)$(GREEN)S3 bucket $(S3_BUCKET) created$(RESET)"; \ + else + echo "$(BOLD)$(GREEN)S3 bucket $(S3_BUCKET) exists$(RESET)"; \ + fi + @echo "$(BOLD)Verifying that the DynamoDB table exists for remote state locking$(RESET)" + @if ! aws --profile $(AWS_PROFILE) --region $(REGION) dynamodb describe-table --table-name $(DYNAMODB_TABLE) > /dev/null 2>&1 ; then \ + echo "$(BOLD)DynamoDB table $(DYNAMODB_TABLE) was not found, creating new DynamoDB table to maintain locks$(RESET)"; \ + aws --profile $(AWS_PROFILE) dynamodb create-table \ + --region $(REGION) \ + --table-name $(DYNAMODB_TABLE) \ + --attribute-definitions AttributeName=LockID,AttributeType=S \ + --key-schema AttributeName=LockID,KeyType=HASH \ + --provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5 > /dev/null 2>&1 ; \ + echo "$(BOLD)$(GREEN)DynamoDB table $(DYNAMODB_TABLE) created$(RESET)"; \ + echo "Sleeping for 10 seconds to allow DynamoDB state to propagate through AWS"; \ + sleep 10; \ + else + echo "$(BOLD)$(GREEN)DynamoDB Table $(DYNAMODB_TABLE) exists$(RESET)"; \ + fi + @aws ec2 --profile=$(AWS_PROFILE) describe-key-pairs | jq -r '.KeyPairs[].KeyName' | grep "$(ENV)_infra_key" > /dev/null 2>&1; \ + if [ $$? -ne 0 ]; then \ + echo "$(BOLD)$(RED)EC2 Key Pair $(INFRA_KEY)_infra_key was not found$(RESET)"; \ + read -p '$(BOLD)Do you want to generate a new keypair? [y/Y]: $(RESET)' ANSWER && \ + if [ "$${ANSWER}" == "y" ] || [ "$${ANSWER}" == "Y" ]; then \ + mkdir -p ~/.ssh; \ + ssh-keygen -t rsa -b 4096 -N '' -f ~/.ssh/$(ENV)_infra_key; \ + aws ec2 --profile=$(AWS_PROFILE) import-key-pair --key-name "$(ENV)_infra_key" --public-key-material "file://~/.ssh/$(ENV)_infra_key.pub"; \ + fi; \ + else \ + echo "$(BOLD)$(GREEN)EC2 Key Pair $(ENV)_infra_key exists$(RESET)";\ + fi + @echo "$(BOLD)Configuring the terraform backend$(RESET)" + @terraform init \ + -input=false \ + -force-copy \ + -lock=true \ + -upgrade \ + -verify-plugins=true \ + -backend=true \ + -backend-config="profile=$(AWS_PROFILE)" \ + -backend-config="region=$(REGION)" \ + -backend-config="bucket=$(S3_BUCKET)" \ + -backend-config="key=$(ENV)/$(CURRENT_FOLDER)/terraform.tfstate" \ + -backend-config="dynamodb_table=$(DYNAMODB_TABLE)"\ + -backend-config="acl=private" + @echo "$(BOLD)Switching to workspace $(WORKSPACE)$(RESET)" + @terraform workspace select $(WORKSPACE) || terraform workspace new $(WORKSPACE) + +plan: prep ## Show what terraform thinks it will do + @terraform plan \ + -lock=true \ + -input=false \ + -refresh=true \ + -var-file="$(VARS)" + +format: prep ## Rewrites all Terraform configuration files to a canonical format. + @terraform fmt \ + -write=true \ + -recursive + +# https://github.com/terraform-linters/tflint +lint: prep ## Check for possible errors, best practices, etc in current directory! + @tflint + +# https://github.com/liamg/tfsec +check-security: prep ## Static analysis of your terraform templates to spot potential security issues. + @tfsec . + +documentation: prep ## Generate README.md for a module + @terraform-docs \ + markdown table \ + --sort-by-required . > README.md + +plan-target: prep ## Shows what a plan looks like for applying a specific resource + @echo "$(YELLOW)$(BOLD)[INFO] $(RESET)"; echo "Example to type for the following question: module.rds.aws_route53_record.rds-master" + @read -p "PLAN target: " DATA && \ + terraform plan \ + -lock=true \ + -input=true \ + -refresh=true \ + -var-file="$(VARS)" \ + -target=$$DATA + +plan-destroy: prep ## Creates a destruction plan. + @terraform plan \ + -input=false \ + -refresh=true \ + -destroy \ + -var-file="$(VARS)" + +apply: prep ## Have terraform do the things. This will cost money. + @terraform apply \ + -lock=true \ + -input=false \ + -refresh=true \ + -var-file="$(VARS)" + +destroy: prep ## Destroy the things + @terraform destroy \ + -lock=true \ + -input=false \ + -refresh=true \ + -var-file="$(VARS)" + +destroy-target: prep ## Destroy a specific resource. Caution though, this destroys chained resources. + @echo "$(YELLOW)$(BOLD)[INFO] Specifically destroy a piece of Terraform data.$(RESET)"; echo "Example to type for the following question: module.rds.aws_route53_record.rds-master" + @read -p "Destroy target: " DATA && \ + terraform destroy \ + -lock=true \ + -input=false \ + -refresh=true \ + -var-file=$(VARS) \ + -target=$$DATA + +destroy-backend: ## Destroy S3 bucket and DynamoDB table + @if ! aws --profile $(AWS_PROFILE) dynamodb delete-table \ + --region $(REGION) \ + --table-name $(DYNAMODB_TABLE) > /dev/null 2>&1 ; then \ + echo "$(BOLD)$(RED)Unable to delete DynamoDB table $(DYNAMODB_TABLE)$(RESET)"; \ + else + echo "$(BOLD)$(RED)DynamoDB table $(DYNAMODB_TABLE) does not exist.$(RESET)"; \ + fi + @if ! aws --profile $(AWS_PROFILE) s3api delete-objects \ + --region $(REGION) \ + --bucket $(S3_BUCKET) \ + --delete "$$(aws --profile $(AWS_PROFILE) s3api list-object-versions \ + --region $(REGION) \ + --bucket $(S3_BUCKET) \ + --output=json \ + --query='{Objects: Versions[].{Key:Key,VersionId:VersionId}}')" > /dev/null 2>&1 ; then \ + echo "$(BOLD)$(RED)Unable to delete objects in S3 bucket $(S3_BUCKET)$(RESET)"; \ + fi + @if ! aws --profile $(AWS_PROFILE) s3api delete-objects \ + --region $(REGION) \ + --bucket $(S3_BUCKET) \ + --delete "$$(aws --profile $(AWS_PROFILE) s3api list-object-versions \ + --region $(REGION) \ + --bucket $(S3_BUCKET) \ + --output=json \ + --query='{Objects: DeleteMarkers[].{Key:Key,VersionId:VersionId}}')" > /dev/null 2>&1 ; then \ + echo "$(BOLD)$(RED)Unable to delete markers in S3 bucket $(S3_BUCKET)$(RESET)"; \ + fi + @if ! aws --profile $(AWS_PROFILE) s3api delete-bucket \ + --region $(REGION) \ + --bucket $(S3_BUCKET) > /dev/null 2>&1 ; then \ + echo "$(BOLD)$(RED)Unable to delete S3 bucket $(S3_BUCKET) itself$(RESET)"; \ + fi diff --git a/infrastructure/Makefile.env b/infrastructure/Makefile.env new file mode 100644 index 0000000..2b458fc --- /dev/null +++ b/infrastructure/Makefile.env @@ -0,0 +1,4 @@ +ENV="prod" +REGION="eu-west-1" +PROJECT="panaetius-blog" +AWS_PROFILE="admin" diff --git a/infrastructure/main.tf b/infrastructure/main.tf new file mode 100644 index 0000000..c22396d --- /dev/null +++ b/infrastructure/main.tf @@ -0,0 +1,52 @@ +provider "aws" { + region = var.region + profile = var.profile + version = "~> 2.66" +} + +locals { + tags = { + "Project" = "panaetius-blog" + "Description" = "terraform resources to host the blog" + } +} + +module "cloudfront_s3_cdn" { + source = "git::https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn.git?ref=tags/0.23.1" + stage = var.stage + name = var.name + parent_zone_id = var.parent_zone_id + acm_certificate_arn = var.acm_certificate_arn + # log_expiration_days = var.log_expiration_days + # log_standard_transition_days = var.log_standard_transition_days + use_regional_s3_endpoint = true + origin_force_destroy = true + cors_allowed_headers = ["*"] + cors_allowed_methods = ["GET", "HEAD", "PUT", "POST"] + cors_allowed_origins = var.allowed_origins + tags = local.tags + aliases = var.aliases + additional_bucket_policy = <<-EOT + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid":"PublicRead", + "Effect":"Allow", + "Principal": "*", + "Action":["s3:GetObject"], + "Resource": "arn:aws:s3:::${var.bucket_name}/*" + } + ] + } + EOT +} + +resource "aws_s3_bucket_object" "index" { + bucket = module.cloudfront_s3_cdn.s3_bucket + key = "index.html" + acl = "public-read" + source = "${path.module}/test/index.html" + content_type = "text/html" + etag = md5(file("${path.module}/test/index.html")) +} diff --git a/infrastructure/outputs.tf b/infrastructure/outputs.tf new file mode 100644 index 0000000..eb09683 --- /dev/null +++ b/infrastructure/outputs.tf @@ -0,0 +1,39 @@ +output "cf_id" { + value = module.cloudfront_s3_cdn.cf_id + description = "ID of AWS CloudFront distribution" +} + +output "cf_arn" { + value = module.cloudfront_s3_cdn.cf_arn + description = "ARN of AWS CloudFront distribution" +} + +output "cf_status" { + value = module.cloudfront_s3_cdn.cf_status + description = "Current status of the distribution" +} + +output "cf_domain_name" { + value = module.cloudfront_s3_cdn.cf_domain_name + description = "Domain name corresponding to the distribution" +} + +output "cf_etag" { + value = module.cloudfront_s3_cdn.cf_etag + description = "Current version of the distribution's information" +} + +output "cf_hosted_zone_id" { + value = module.cloudfront_s3_cdn.cf_hosted_zone_id + description = "CloudFront Route 53 zone ID" +} + +output "s3_bucket" { + value = module.cloudfront_s3_cdn.s3_bucket + description = "Name of S3 bucket" +} + +output "s3_bucket_domain_name" { + value = module.cloudfront_s3_cdn.s3_bucket_domain_name + description = "Domain of S3 bucket" +} diff --git a/infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate b/infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate new file mode 100644 index 0000000..312ecd7 --- /dev/null +++ b/infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate @@ -0,0 +1,742 @@ +{ + "version": 4, + "terraform_version": "0.12.26", + "serial": 90, + "lineage": "cda52006-90fc-4aec-a630-42e69057b365", + "outputs": { + "cf_arn": { + "value": "arn:aws:cloudfront::745437999005:distribution/E2IHXIMPI3MZ2X", + "type": "string" + }, + "cf_domain_name": { + "value": "d244ranky0ff54.cloudfront.net", + "type": "string" + }, + "cf_etag": { + "value": "E2SEL7AYXF1CKS", + "type": "string" + }, + "cf_hosted_zone_id": { + "value": "Z2FDTNDATAQYW2", + "type": "string" + }, + "cf_id": { + "value": "E2IHXIMPI3MZ2X", + "type": "string" + }, + "cf_status": { + "value": "Deployed", + "type": "string" + }, + "s3_bucket": { + "value": "prod-panaetius-blog-origin", + "type": "string" + }, + "s3_bucket_domain_name": { + "value": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com", + "type": "string" + } + }, + "resources": [ + { + "module": "module.cloudfront_s3_cdn", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "origin", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "3493490045", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"PublicRead\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": \"*\"\n }\n ]\n}", + "override_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\":\"PublicRead\",\n \"Effect\":\"Allow\",\n \"Principal\": \"*\",\n \"Action\":[\"s3:GetObject\"],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\"\n }\n ]\n}\n", + "policy_id": null, + "source_json": null, + "statement": [ + { + "actions": [ + "s3:GetObject" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "${cloudfront_origin_access_identity_iam_arn}" + ], + "type": "AWS" + } + ], + "resources": [ + "arn:aws:s3:::${bucket_name}${origin_path}*" + ], + "sid": "S3GetObjectForCloudFront" + }, + { + "actions": [ + "s3:ListBucket" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "${cloudfront_origin_access_identity_iam_arn}" + ], + "type": "AWS" + } + ], + "resources": [ + "arn:aws:s3:::${bucket_name}" + ], + "sid": "S3ListBucketForCloudFront" + } + ], + "version": "2012-10-17" + } + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "origin_website", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "736817168", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"*\"\n }\n },\n {\n \"Sid\": \"PublicRead\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": \"*\"\n }\n ]\n}", + "override_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\":\"PublicRead\",\n \"Effect\":\"Allow\",\n \"Principal\": \"*\",\n \"Action\":[\"s3:GetObject\"],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\"\n }\n ]\n}\n", + "policy_id": null, + "source_json": null, + "statement": [ + { + "actions": [ + "s3:GetObject" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "*" + ], + "type": "AWS" + } + ], + "resources": [ + "arn:aws:s3:::${bucket_name}${origin_path}*" + ], + "sid": "S3GetObjectForCloudFront" + } + ], + "version": "2012-10-17" + } + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "data", + "type": "aws_region", + "name": "current", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "current": null, + "description": "Europe (Ireland)", + "endpoint": "ec2.eu-west-1.amazonaws.com", + "id": "eu-west-1", + "name": "eu-west-1" + } + } + ] + }, + { + "module": "module.cloudfront_s3_cdn.module.dns", + "mode": "data", + "type": "aws_route53_zone", + "name": "default", + "each": "list", + "provider": "provider.aws", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "caller_reference": "321439A9-2EB4-9C82-858E-22E353E3CC06", + "comment": "blog", + "id": "Z05316671VABVSMAAF1RC", + "linked_service_description": null, + "linked_service_principal": null, + "name": "panaetius.io.", + "name_servers": [ + "ns-1774.awsdns-29.co.uk", + "ns-667.awsdns-19.net", + "ns-1261.awsdns-29.org", + "ns-401.awsdns-50.com" + ], + "private_zone": false, + "resource_record_set_count": 5, + "tags": {}, + "vpc_id": null, + "zone_id": "Z05316671VABVSMAAF1RC" + } + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "data", + "type": "aws_s3_bucket", + "name": "selected", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:s3:::prod-panaetius-blog-origin", + "bucket": "prod-panaetius-blog-origin", + "bucket_domain_name": "prod-panaetius-blog-origin.s3.amazonaws.com", + "bucket_regional_domain_name": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com", + "hosted_zone_id": "Z1BKCTXD74EZPE", + "id": "prod-panaetius-blog-origin", + "region": "eu-west-1", + "website_domain": null, + "website_endpoint": null + } + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "data", + "type": "template_file", + "name": "default", + "provider": "provider.template", + "instances": [ + { + "schema_version": 0, + "attributes": { + "filename": null, + "id": "ef8d6cdd8c782d412e41e1e574ea39e8674f2d80726946a8f8dbe8ea50c1ac8b", + "rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"\n }\n },\n {\n \"Sid\": \"PublicRead\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": \"*\"\n }\n ]\n}", + "template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"PublicRead\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": \"*\"\n }\n ]\n}", + "vars": { + "bucket_name": "prod-panaetius-blog-origin", + "cloudfront_origin_access_identity_iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5", + "origin_path": "/" + } + } + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "managed", + "type": "aws_cloudfront_distribution", + "name": "default", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 1, + "attributes": { + "active_trusted_signers": { + "enabled": "false", + "items.#": "0" + }, + "aliases": [ + "panaetius.io" + ], + "arn": "arn:aws:cloudfront::745437999005:distribution/E2IHXIMPI3MZ2X", + "cache_behavior": [], + "caller_reference": "terraform-20200713232651089800000002", + "comment": "Managed by Terraform", + "custom_error_response": [], + "default_cache_behavior": [ + { + "allowed_methods": [ + "DELETE", + "GET", + "HEAD", + "OPTIONS", + "PATCH", + "POST", + "PUT" + ], + "cached_methods": [ + "GET", + "HEAD" + ], + "compress": false, + "default_ttl": 60, + "field_level_encryption_id": "", + "forwarded_values": [ + { + "cookies": [ + { + "forward": "none", + "whitelisted_names": [] + } + ], + "headers": [ + "Access-Control-Request-Headers", + "Access-Control-Request-Method", + "Origin" + ], + "query_string": false, + "query_string_cache_keys": [] + } + ], + "lambda_function_association": [], + "max_ttl": 31536000, + "min_ttl": 0, + "smooth_streaming": false, + "target_origin_id": "prod-panaetius-blog", + "trusted_signers": [], + "viewer_protocol_policy": "redirect-to-https" + } + ], + "default_root_object": "index.html", + "domain_name": "d244ranky0ff54.cloudfront.net", + "enabled": true, + "etag": "E2SEL7AYXF1CKS", + "hosted_zone_id": "Z2FDTNDATAQYW2", + "http_version": "http2", + "id": "E2IHXIMPI3MZ2X", + "in_progress_validation_batches": 0, + "is_ipv6_enabled": true, + "last_modified_time": "2020-07-15 00:18:34.684 +0000 UTC", + "logging_config": [ + { + "bucket": "prod-panaetius-blog-logs.s3.amazonaws.com", + "include_cookies": false, + "prefix": "" + } + ], + "ordered_cache_behavior": [], + "origin": [ + { + "custom_header": [], + "custom_origin_config": [], + "domain_name": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com", + "origin_id": "prod-panaetius-blog", + "origin_path": "", + "s3_origin_config": [ + { + "origin_access_identity": "origin-access-identity/cloudfront/E21A7YWJ1RT3K5" + } + ] + } + ], + "origin_group": [], + "price_class": "PriceClass_100", + "restrictions": [ + { + "geo_restriction": [ + { + "locations": [], + "restriction_type": "none" + } + ] + } + ], + "retain_on_delete": false, + "status": "Deployed", + "tags": { + "Description": "terraform resources to host the blog", + "Name": "prod-panaetius-blog", + "Project": "panaetius-blog", + "Stage": "prod" + }, + "viewer_certificate": [ + { + "acm_certificate_arn": "arn:aws:acm:us-east-1:745437999005:certificate/60af49f0-07bb-4680-8f5b-3c9a33f756e5", + "cloudfront_default_certificate": false, + "iam_certificate_id": "", + "minimum_protocol_version": "TLSv1", + "ssl_support_method": "sni-only" + } + ], + "wait_for_deployment": true, + "web_acl_id": "" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default", + "module.cloudfront_s3_cdn.aws_s3_bucket.origin", + "module.cloudfront_s3_cdn.module.logs.aws_s3_bucket.default" + ] + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "managed", + "type": "aws_cloudfront_origin_access_identity", + "name": "default", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "caller_reference": "terraform-20200713232645930800000001", + "cloudfront_access_identity_path": "origin-access-identity/cloudfront/E21A7YWJ1RT3K5", + "comment": "prod-panaetius-blog", + "etag": "EESE0U5KF261", + "iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5", + "id": "E21A7YWJ1RT3K5", + "s3_canonical_user_id": "2d7779400635ec843efe9b677769fc4f82b0d384408cf22382bf3a90540502e09e75d1346e7105b4da159515b229f39b" + }, + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.cloudfront_s3_cdn.module.dns", + "mode": "managed", + "type": "aws_route53_record", + "name": "default", + "each": "list", + "provider": "provider.aws", + "instances": [ + { + "index_key": 0, + "schema_version": 2, + "attributes": { + "alias": [ + { + "evaluate_target_health": false, + "name": "d244ranky0ff54.cloudfront.net", + "zone_id": "Z2FDTNDATAQYW2" + } + ], + "allow_overwrite": null, + "failover_routing_policy": [], + "fqdn": "panaetius.io", + "geolocation_routing_policy": [], + "health_check_id": "", + "id": "Z05316671VABVSMAAF1RC_panaetius.io_A", + "latency_routing_policy": [], + "multivalue_answer_routing_policy": null, + "name": "panaetius.io", + "records": [], + "set_identifier": "", + "ttl": 0, + "type": "A", + "weighted_routing_policy": [], + "zone_id": "Z05316671VABVSMAAF1RC" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", + "dependencies": [ + "module.cloudfront_s3_cdn.aws_cloudfront_distribution.default", + "module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default", + "module.cloudfront_s3_cdn.aws_s3_bucket.origin", + "module.cloudfront_s3_cdn.module.logs.aws_s3_bucket.default" + ] + } + ] + }, + { + "module": "module.cloudfront_s3_cdn.module.dns", + "mode": "managed", + "type": "aws_route53_record", + "name": "ipv6", + "each": "list", + "provider": "provider.aws", + "instances": [ + { + "index_key": 0, + "schema_version": 2, + "attributes": { + "alias": [ + { + "evaluate_target_health": false, + "name": "d244ranky0ff54.cloudfront.net", + "zone_id": "Z2FDTNDATAQYW2" + } + ], + "allow_overwrite": null, + "failover_routing_policy": [], + "fqdn": "panaetius.io", + "geolocation_routing_policy": [], + "health_check_id": "", + "id": "Z05316671VABVSMAAF1RC_panaetius.io_AAAA", + "latency_routing_policy": [], + "multivalue_answer_routing_policy": null, + "name": "panaetius.io", + "records": [], + "set_identifier": "", + "ttl": 0, + "type": "AAAA", + "weighted_routing_policy": [], + "zone_id": "Z05316671VABVSMAAF1RC" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", + "dependencies": [ + "module.cloudfront_s3_cdn.aws_cloudfront_distribution.default", + "module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default", + "module.cloudfront_s3_cdn.aws_s3_bucket.origin", + "module.cloudfront_s3_cdn.module.logs.aws_s3_bucket.default" + ] + } + ] + }, + { + "module": "module.cloudfront_s3_cdn.module.logs", + "mode": "managed", + "type": "aws_s3_bucket", + "name": "default", + "each": "list", + "provider": "provider.aws", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "acceleration_status": "", + "acl": "log-delivery-write", + "arn": "arn:aws:s3:::prod-panaetius-blog-logs", + "bucket": "prod-panaetius-blog-logs", + "bucket_domain_name": "prod-panaetius-blog-logs.s3.amazonaws.com", + "bucket_prefix": null, + "bucket_regional_domain_name": "prod-panaetius-blog-logs.s3.eu-west-1.amazonaws.com", + "cors_rule": [], + "force_destroy": true, + "grant": [], + "hosted_zone_id": "Z1BKCTXD74EZPE", + "id": "prod-panaetius-blog-logs", + "lifecycle_rule": [ + { + "abort_incomplete_multipart_upload_days": 0, + "enabled": true, + "expiration": [ + { + "date": "", + "days": 90, + "expired_object_delete_marker": false + } + ], + "id": "prod-panaetius-blog-logs", + "noncurrent_version_expiration": [ + { + "days": 90 + } + ], + "noncurrent_version_transition": [ + { + "days": 30, + "storage_class": "GLACIER" + } + ], + "prefix": "", + "tags": {}, + "transition": [ + { + "date": "", + "days": 30, + "storage_class": "STANDARD_IA" + }, + { + "date": "", + "days": 60, + "storage_class": "GLACIER" + } + ] + } + ], + "logging": [], + "object_lock_configuration": [], + "policy": "", + "region": "eu-west-1", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [ + { + "rule": [ + { + "apply_server_side_encryption_by_default": [ + { + "kms_master_key_id": "", + "sse_algorithm": "AES256" + } + ] + } + ] + } + ], + "tags": { + "Attributes": "logs", + "Description": "terraform resources to host the blog", + "Name": "prod-panaetius-blog-logs", + "Project": "panaetius-blog", + "Stage": "prod" + }, + "versioning": [ + { + "enabled": false, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "managed", + "type": "aws_s3_bucket", + "name": "origin", + "each": "list", + "provider": "provider.aws", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "acceleration_status": "", + "acl": "private", + "arn": "arn:aws:s3:::prod-panaetius-blog-origin", + "bucket": "prod-panaetius-blog-origin", + "bucket_domain_name": "prod-panaetius-blog-origin.s3.amazonaws.com", + "bucket_prefix": null, + "bucket_regional_domain_name": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com", + "cors_rule": [ + { + "allowed_headers": [ + "*" + ], + "allowed_methods": [ + "GET", + "HEAD", + "PUT", + "POST" + ], + "allowed_origins": [ + "*.panaetius.io", + "panaetius.io" + ], + "expose_headers": [ + "ETag" + ], + "max_age_seconds": 3600 + } + ], + "force_destroy": true, + "grant": [], + "hosted_zone_id": "Z1BKCTXD74EZPE", + "id": "prod-panaetius-blog-origin", + "lifecycle_rule": [], + "logging": [], + "object_lock_configuration": [], + "policy": null, + "region": "eu-west-1", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [], + "tags": { + "Attributes": "origin", + "Description": "terraform resources to host the blog", + "Name": "prod-panaetius-blog-origin", + "Project": "panaetius-blog", + "Stage": "prod" + }, + "versioning": [ + { + "enabled": false, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_object", + "name": "index", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "acl": "public-read", + "bucket": "prod-panaetius-blog-origin", + "cache_control": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "text/html", + "etag": "83350948ee374f30e5513497c69c0fe5", + "force_destroy": false, + "id": "index.html", + "key": "index.html", + "kms_key_id": null, + "metadata": {}, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "server_side_encryption": "", + "source": "./test/index.html", + "storage_class": "STANDARD", + "tags": {}, + "version_id": "", + "website_redirect": "" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.cloudfront_s3_cdn.aws_s3_bucket.origin" + ] + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "managed", + "type": "aws_s3_bucket_policy", + "name": "default", + "each": "list", + "provider": "provider.aws", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "bucket": "prod-panaetius-blog-origin", + "id": "prod-panaetius-blog-origin", + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"\n }\n },\n {\n \"Sid\": \"PublicRead\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": \"*\"\n }\n ]\n}" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.cloudfront_s3_cdn.aws_s3_bucket.origin" + ] + } + ] + } + ] +} diff --git a/infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate.backup b/infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate.backup new file mode 100644 index 0000000..f4171dd --- /dev/null +++ b/infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate.backup @@ -0,0 +1,743 @@ +{ + "version": 4, + "terraform_version": "0.12.26", + "serial": 88, + "lineage": "cda52006-90fc-4aec-a630-42e69057b365", + "outputs": { + "cf_arn": { + "value": "arn:aws:cloudfront::745437999005:distribution/E2IHXIMPI3MZ2X", + "type": "string" + }, + "cf_domain_name": { + "value": "d244ranky0ff54.cloudfront.net", + "type": "string" + }, + "cf_etag": { + "value": "E2SEL7AYXF1CKS", + "type": "string" + }, + "cf_hosted_zone_id": { + "value": "Z2FDTNDATAQYW2", + "type": "string" + }, + "cf_id": { + "value": "E2IHXIMPI3MZ2X", + "type": "string" + }, + "cf_status": { + "value": "Deployed", + "type": "string" + }, + "s3_bucket": { + "value": "prod-panaetius-blog-origin", + "type": "string" + }, + "s3_bucket_domain_name": { + "value": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com", + "type": "string" + } + }, + "resources": [ + { + "module": "module.cloudfront_s3_cdn", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "origin", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "1149999058", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n }\n ]\n}", + "override_json": "{\n \"Sid\":\"PublicRead\",\n \"Effect\":\"Allow\",\n \"Principal\": \"*\",\n \"Action\":[\"s3:GetObject\"],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\"\n}\n", + "policy_id": null, + "source_json": null, + "statement": [ + { + "actions": [ + "s3:GetObject" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "${cloudfront_origin_access_identity_iam_arn}" + ], + "type": "AWS" + } + ], + "resources": [ + "arn:aws:s3:::${bucket_name}${origin_path}*" + ], + "sid": "S3GetObjectForCloudFront" + }, + { + "actions": [ + "s3:ListBucket" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "${cloudfront_origin_access_identity_iam_arn}" + ], + "type": "AWS" + } + ], + "resources": [ + "arn:aws:s3:::${bucket_name}" + ], + "sid": "S3ListBucketForCloudFront" + } + ], + "version": "2012-10-17" + } + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "origin_website", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "239689126", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"*\"\n }\n }\n ]\n}", + "override_json": "{\n \"Sid\":\"PublicRead\",\n \"Effect\":\"Allow\",\n \"Principal\": \"*\",\n \"Action\":[\"s3:GetObject\"],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\"\n}\n", + "policy_id": null, + "source_json": null, + "statement": [ + { + "actions": [ + "s3:GetObject" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "*" + ], + "type": "AWS" + } + ], + "resources": [ + "arn:aws:s3:::${bucket_name}${origin_path}*" + ], + "sid": "S3GetObjectForCloudFront" + } + ], + "version": "2012-10-17" + } + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "data", + "type": "aws_region", + "name": "current", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "current": null, + "description": "Europe (Ireland)", + "endpoint": "ec2.eu-west-1.amazonaws.com", + "id": "eu-west-1", + "name": "eu-west-1" + } + } + ] + }, + { + "module": "module.cloudfront_s3_cdn.module.dns", + "mode": "data", + "type": "aws_route53_zone", + "name": "default", + "each": "list", + "provider": "provider.aws", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "caller_reference": "321439A9-2EB4-9C82-858E-22E353E3CC06", + "comment": "blog", + "id": "Z05316671VABVSMAAF1RC", + "linked_service_description": null, + "linked_service_principal": null, + "name": "panaetius.io.", + "name_servers": [ + "ns-1774.awsdns-29.co.uk", + "ns-667.awsdns-19.net", + "ns-1261.awsdns-29.org", + "ns-401.awsdns-50.com" + ], + "private_zone": false, + "resource_record_set_count": 5, + "tags": {}, + "vpc_id": null, + "zone_id": "Z05316671VABVSMAAF1RC" + } + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "data", + "type": "aws_s3_bucket", + "name": "selected", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:s3:::prod-panaetius-blog-origin", + "bucket": "prod-panaetius-blog-origin", + "bucket_domain_name": "prod-panaetius-blog-origin.s3.amazonaws.com", + "bucket_regional_domain_name": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com", + "hosted_zone_id": "Z1BKCTXD74EZPE", + "id": "prod-panaetius-blog-origin", + "region": "eu-west-1", + "website_domain": null, + "website_endpoint": null + } + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "data", + "type": "template_file", + "name": "default", + "provider": "provider.template", + "instances": [ + { + "schema_version": 0, + "attributes": { + "filename": null, + "id": "bf2245baaea68e5cc89448356e64936cbd79d0706457d884cdd7badc903719e8", + "rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"\n }\n }\n ]\n}", + "template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n }\n ]\n}", + "vars": { + "bucket_name": "prod-panaetius-blog-origin", + "cloudfront_origin_access_identity_iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5", + "origin_path": "/" + } + } + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "managed", + "type": "aws_cloudfront_distribution", + "name": "default", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 1, + "attributes": { + "active_trusted_signers": { + "enabled": "false", + "items.#": "0" + }, + "aliases": [ + "panaetius.io" + ], + "arn": "arn:aws:cloudfront::745437999005:distribution/E2IHXIMPI3MZ2X", + "cache_behavior": [], + "caller_reference": "terraform-20200713232651089800000002", + "comment": "Managed by Terraform", + "custom_error_response": [], + "default_cache_behavior": [ + { + "allowed_methods": [ + "DELETE", + "GET", + "HEAD", + "OPTIONS", + "PATCH", + "POST", + "PUT" + ], + "cached_methods": [ + "GET", + "HEAD" + ], + "compress": false, + "default_ttl": 60, + "field_level_encryption_id": "", + "forwarded_values": [ + { + "cookies": [ + { + "forward": "none", + "whitelisted_names": [] + } + ], + "headers": [ + "Access-Control-Request-Headers", + "Access-Control-Request-Method", + "Origin" + ], + "query_string": false, + "query_string_cache_keys": [] + } + ], + "lambda_function_association": [], + "max_ttl": 31536000, + "min_ttl": 0, + "smooth_streaming": false, + "target_origin_id": "prod-panaetius-blog", + "trusted_signers": [], + "viewer_protocol_policy": "redirect-to-https" + } + ], + "default_root_object": "index.html", + "domain_name": "d244ranky0ff54.cloudfront.net", + "enabled": true, + "etag": "E2SEL7AYXF1CKS", + "hosted_zone_id": "Z2FDTNDATAQYW2", + "http_version": "http2", + "id": "E2IHXIMPI3MZ2X", + "in_progress_validation_batches": 0, + "is_ipv6_enabled": true, + "last_modified_time": "2020-07-15 00:18:34.684 +0000 UTC", + "logging_config": [ + { + "bucket": "prod-panaetius-blog-logs.s3.amazonaws.com", + "include_cookies": false, + "prefix": "" + } + ], + "ordered_cache_behavior": [], + "origin": [ + { + "custom_header": [], + "custom_origin_config": [], + "domain_name": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com", + "origin_id": "prod-panaetius-blog", + "origin_path": "", + "s3_origin_config": [ + { + "origin_access_identity": "origin-access-identity/cloudfront/E21A7YWJ1RT3K5" + } + ] + } + ], + "origin_group": [], + "price_class": "PriceClass_100", + "restrictions": [ + { + "geo_restriction": [ + { + "locations": [], + "restriction_type": "none" + } + ] + } + ], + "retain_on_delete": false, + "status": "Deployed", + "tags": { + "Description": "terraform resources to host the blog", + "Name": "prod-panaetius-blog", + "Project": "panaetius-blog", + "Stage": "prod" + }, + "viewer_certificate": [ + { + "acm_certificate_arn": "arn:aws:acm:us-east-1:745437999005:certificate/60af49f0-07bb-4680-8f5b-3c9a33f756e5", + "cloudfront_default_certificate": false, + "iam_certificate_id": "", + "minimum_protocol_version": "TLSv1", + "ssl_support_method": "sni-only" + } + ], + "wait_for_deployment": true, + "web_acl_id": "" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default", + "module.cloudfront_s3_cdn.aws_s3_bucket.origin", + "module.cloudfront_s3_cdn.module.logs.aws_s3_bucket.default" + ] + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "managed", + "type": "aws_cloudfront_origin_access_identity", + "name": "default", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "caller_reference": "terraform-20200713232645930800000001", + "cloudfront_access_identity_path": "origin-access-identity/cloudfront/E21A7YWJ1RT3K5", + "comment": "prod-panaetius-blog", + "etag": "EESE0U5KF261", + "iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5", + "id": "E21A7YWJ1RT3K5", + "s3_canonical_user_id": "2d7779400635ec843efe9b677769fc4f82b0d384408cf22382bf3a90540502e09e75d1346e7105b4da159515b229f39b" + }, + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.cloudfront_s3_cdn.module.dns", + "mode": "managed", + "type": "aws_route53_record", + "name": "default", + "each": "list", + "provider": "provider.aws", + "instances": [ + { + "index_key": 0, + "schema_version": 2, + "attributes": { + "alias": [ + { + "evaluate_target_health": false, + "name": "d244ranky0ff54.cloudfront.net", + "zone_id": "Z2FDTNDATAQYW2" + } + ], + "allow_overwrite": null, + "failover_routing_policy": [], + "fqdn": "panaetius.io", + "geolocation_routing_policy": [], + "health_check_id": "", + "id": "Z05316671VABVSMAAF1RC_panaetius.io_A", + "latency_routing_policy": [], + "multivalue_answer_routing_policy": null, + "name": "panaetius.io", + "records": [], + "set_identifier": "", + "ttl": 0, + "type": "A", + "weighted_routing_policy": [], + "zone_id": "Z05316671VABVSMAAF1RC" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", + "dependencies": [ + "module.cloudfront_s3_cdn.aws_cloudfront_distribution.default", + "module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default", + "module.cloudfront_s3_cdn.aws_s3_bucket.origin", + "module.cloudfront_s3_cdn.module.logs.aws_s3_bucket.default" + ] + } + ] + }, + { + "module": "module.cloudfront_s3_cdn.module.dns", + "mode": "managed", + "type": "aws_route53_record", + "name": "ipv6", + "each": "list", + "provider": "provider.aws", + "instances": [ + { + "index_key": 0, + "schema_version": 2, + "attributes": { + "alias": [ + { + "evaluate_target_health": false, + "name": "d244ranky0ff54.cloudfront.net", + "zone_id": "Z2FDTNDATAQYW2" + } + ], + "allow_overwrite": null, + "failover_routing_policy": [], + "fqdn": "panaetius.io", + "geolocation_routing_policy": [], + "health_check_id": "", + "id": "Z05316671VABVSMAAF1RC_panaetius.io_AAAA", + "latency_routing_policy": [], + "multivalue_answer_routing_policy": null, + "name": "panaetius.io", + "records": [], + "set_identifier": "", + "ttl": 0, + "type": "AAAA", + "weighted_routing_policy": [], + "zone_id": "Z05316671VABVSMAAF1RC" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", + "dependencies": [ + "module.cloudfront_s3_cdn.aws_cloudfront_distribution.default", + "module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default", + "module.cloudfront_s3_cdn.aws_s3_bucket.origin", + "module.cloudfront_s3_cdn.module.logs.aws_s3_bucket.default" + ] + } + ] + }, + { + "module": "module.cloudfront_s3_cdn.module.logs", + "mode": "managed", + "type": "aws_s3_bucket", + "name": "default", + "each": "list", + "provider": "provider.aws", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "acceleration_status": "", + "acl": "log-delivery-write", + "arn": "arn:aws:s3:::prod-panaetius-blog-logs", + "bucket": "prod-panaetius-blog-logs", + "bucket_domain_name": "prod-panaetius-blog-logs.s3.amazonaws.com", + "bucket_prefix": null, + "bucket_regional_domain_name": "prod-panaetius-blog-logs.s3.eu-west-1.amazonaws.com", + "cors_rule": [], + "force_destroy": true, + "grant": [], + "hosted_zone_id": "Z1BKCTXD74EZPE", + "id": "prod-panaetius-blog-logs", + "lifecycle_rule": [ + { + "abort_incomplete_multipart_upload_days": 0, + "enabled": true, + "expiration": [ + { + "date": "", + "days": 90, + "expired_object_delete_marker": false + } + ], + "id": "prod-panaetius-blog-logs", + "noncurrent_version_expiration": [ + { + "days": 90 + } + ], + "noncurrent_version_transition": [ + { + "days": 30, + "storage_class": "GLACIER" + } + ], + "prefix": "", + "tags": {}, + "transition": [ + { + "date": "", + "days": 30, + "storage_class": "STANDARD_IA" + }, + { + "date": "", + "days": 60, + "storage_class": "GLACIER" + } + ] + } + ], + "logging": [], + "object_lock_configuration": [], + "policy": "", + "region": "eu-west-1", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [ + { + "rule": [ + { + "apply_server_side_encryption_by_default": [ + { + "kms_master_key_id": "", + "sse_algorithm": "AES256" + } + ] + } + ] + } + ], + "tags": { + "Attributes": "logs", + "Description": "terraform resources to host the blog", + "Name": "prod-panaetius-blog-logs", + "Project": "panaetius-blog", + "Stage": "prod" + }, + "versioning": [ + { + "enabled": false, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "managed", + "type": "aws_s3_bucket", + "name": "origin", + "each": "list", + "provider": "provider.aws", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "acceleration_status": "", + "acl": "private", + "arn": "arn:aws:s3:::prod-panaetius-blog-origin", + "bucket": "prod-panaetius-blog-origin", + "bucket_domain_name": "prod-panaetius-blog-origin.s3.amazonaws.com", + "bucket_prefix": null, + "bucket_regional_domain_name": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com", + "cors_rule": [ + { + "allowed_headers": [ + "*" + ], + "allowed_methods": [ + "GET", + "HEAD", + "PUT", + "POST" + ], + "allowed_origins": [ + "*.panaetius.io", + "panaetius.io" + ], + "expose_headers": [ + "ETag" + ], + "max_age_seconds": 3600 + } + ], + "force_destroy": true, + "grant": [], + "hosted_zone_id": "Z1BKCTXD74EZPE", + "id": "prod-panaetius-blog-origin", + "lifecycle_rule": [], + "logging": [], + "object_lock_configuration": [], + "policy": null, + "region": "eu-west-1", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [], + "tags": { + "Attributes": "origin", + "Description": "terraform resources to host the blog", + "Name": "prod-panaetius-blog-origin", + "Project": "panaetius-blog", + "Stage": "prod" + }, + "versioning": [ + { + "enabled": false, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_object", + "name": "index", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "acl": "public-read", + "bucket": "prod-panaetius-blog-origin", + "cache_control": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "text/html", + "etag": "83350948ee374f30e5513497c69c0fe5", + "force_destroy": false, + "id": "index.html", + "key": "index.html", + "kms_key_id": null, + "metadata": {}, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "server_side_encryption": "", + "source": "./test/index.html", + "storage_class": "STANDARD", + "tags": {}, + "version_id": "", + "website_redirect": "" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.cloudfront_s3_cdn.aws_s3_bucket.origin" + ] + } + ] + }, + { + "module": "module.cloudfront_s3_cdn", + "mode": "managed", + "type": "aws_s3_bucket_policy", + "name": "default", + "each": "list", + "provider": "provider.aws", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "bucket": "prod-panaetius-blog-origin", + "id": "prod-panaetius-blog-origin", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"S3GetObjectForCloudFront\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"},\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::prod-panaetius-blog-origin/*\"},{\"Sid\":\"S3ListBucketForCloudFront\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"},\"Action\":\"s3:ListBucket\",\"Resource\":\"arn:aws:s3:::prod-panaetius-blog-origin\"}]}" + }, + "private": "bnVsbA==", + "dependencies": [ + "module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default", + "module.cloudfront_s3_cdn.aws_s3_bucket.origin" + ] + } + ] + } + ] +} diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf new file mode 100644 index 0000000..837bbd3 --- /dev/null +++ b/infrastructure/variables.tf @@ -0,0 +1,44 @@ +variable "name" { + +} + +variable "region" { + +} + +variable "stage" { + +} + +variable "profile" { + +} + +variable "bucket_name" { + +} + +variable "acm_certificate_arn" { + +} + +variable "parent_zone_id" { + +} + +variable "aliases" { + +} + +variable "allowed_origins" { + +} + + +# variable "log_expiration_days" { + +# } + +# variable "log_standard_transition_days" { + +# } diff --git a/infrastructure/variables/prod-eu-west-1.tfvars b/infrastructure/variables/prod-eu-west-1.tfvars new file mode 100644 index 0000000..f74486a --- /dev/null +++ b/infrastructure/variables/prod-eu-west-1.tfvars @@ -0,0 +1,11 @@ +name = "panaetius-blog" +region = "eu-west-1" +stage = "prod" +profile = "admin" +bucket_name = "prod-panaetius-blog-origin" +acm_certificate_arn = "arn:aws:acm:us-east-1:745437999005:certificate/60af49f0-07bb-4680-8f5b-3c9a33f756e5" +parent_zone_id = "Z05316671VABVSMAAF1RC" +aliases = ["panaetius.io"] +allowed_origins = ["*.panaetius.io"] +# log_expiration_days = 60 +# log_standard_transition_days = 60