hugo/blog
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Adding terraform

Browse Source 
For S3 Cloudfront configuration
This commit is contained in:
Daniel Tomlinson
2020-07-16 00:07:04 +01:00
parent 5e3e95a1b5
commit c984b5a06c
8 changed files with 1849 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

214
infrastructure/Makefile Normal file
View File

@@ -0,0 +1,214 @@
# Copyright 2016 Philip G. Porada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
.ONESHELL:
.SHELL := /usr/bin/bash
.PHONY: apply destroy-backend destroy destroy-target plan-destroy plan plan-target prep
-include Makefile.env
VARS="variables/$(ENV)-$(REGION).tfvars"
CURRENT_FOLDER=$(shell basename "$$(pwd)")
S3_BUCKET="$(ENV)-$(REGION)-$(PROJECT)-terraform"
DYNAMODB_TABLE="$(ENV)-$(REGION)-$(PROJECT)-terraform"
WORKSPACE="$(ENV)-$(REGION)"
BOLD=$(shell tput bold)
RED=$(shell tput setaf 1)
GREEN=$(shell tput setaf 2)
YELLOW=$(shell tput setaf 3)
RESET=$(shell tput sgr0)
help:
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
set-env:
@if [ -z $(ENV) ]; then \
echo "$(BOLD)$(RED)ENV was not set$(RESET)"; \
ERROR=1; \
fi
@if [ -z $(REGION) ]; then \
echo "$(BOLD)$(RED)REGION was not set$(RESET)"; \
ERROR=1; \
fi
@if [ -z $(AWS_PROFILE) ]; then \
echo "$(BOLD)$(RED)AWS_PROFILE was not set.$(RESET)"; \
ERROR=1; \
fi
@if [ ! -z $${ERROR} ] && [ $${ERROR} -eq 1 ]; then \
echo "$(BOLD)Example usage: \`AWS_PROFILE=whatever ENV=demo REGION=us-east-2 make plan\`$(RESET)"; \
exit 1; \
fi
@if [ ! -f "$(VARS)" ]; then \
echo "$(BOLD)$(RED)Could not find variables file: $(VARS)$(RESET)"; \
exit 1; \
fi
prep: set-env ## Prepare a new workspace (environment) if needed, configure the tfstate backend, update any modules, and switch to the workspace
@echo "$(BOLD)Verifying that the S3 bucket $(S3_BUCKET) for remote state exists$(RESET)"
@if ! aws --profile $(AWS_PROFILE) s3api head-bucket --region $(REGION) --bucket $(S3_BUCKET) > /dev/null 2>&1 ; then \
echo "$(BOLD)S3 bucket $(S3_BUCKET) was not found, creating new bucket with versioning enabled to store tfstate$(RESET)"; \
aws --profile $(AWS_PROFILE) s3api create-bucket \
--bucket $(S3_BUCKET) \
--acl private \
--region $(REGION) \
--create-bucket-configuration LocationConstraint=$(REGION) > /dev/null 2>&1 ; \
aws --profile $(AWS_PROFILE) s3api put-bucket-versioning \
--bucket $(S3_BUCKET) \
--versioning-configuration Status=Enabled > /dev/null 2>&1 ; \
echo "$(BOLD)$(GREEN)S3 bucket $(S3_BUCKET) created$(RESET)"; \
else
echo "$(BOLD)$(GREEN)S3 bucket $(S3_BUCKET) exists$(RESET)"; \
fi
@echo "$(BOLD)Verifying that the DynamoDB table exists for remote state locking$(RESET)"
@if ! aws --profile $(AWS_PROFILE) --region $(REGION) dynamodb describe-table --table-name $(DYNAMODB_TABLE) > /dev/null 2>&1 ; then \
echo "$(BOLD)DynamoDB table $(DYNAMODB_TABLE) was not found, creating new DynamoDB table to maintain locks$(RESET)"; \
aws --profile $(AWS_PROFILE) dynamodb create-table \
--region $(REGION) \
--table-name $(DYNAMODB_TABLE) \
--attribute-definitions AttributeName=LockID,AttributeType=S \
--key-schema AttributeName=LockID,KeyType=HASH \
--provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5 > /dev/null 2>&1 ; \
echo "$(BOLD)$(GREEN)DynamoDB table $(DYNAMODB_TABLE) created$(RESET)"; \
echo "Sleeping for 10 seconds to allow DynamoDB state to propagate through AWS"; \
sleep 10; \
else
echo "$(BOLD)$(GREEN)DynamoDB Table $(DYNAMODB_TABLE) exists$(RESET)"; \
fi
@aws ec2 --profile=$(AWS_PROFILE) describe-key-pairs | jq -r '.KeyPairs[].KeyName' | grep "$(ENV)_infra_key" > /dev/null 2>&1; \
if [ $$? -ne 0 ]; then \
echo "$(BOLD)$(RED)EC2 Key Pair $(INFRA_KEY)_infra_key was not found$(RESET)"; \
read -p '$(BOLD)Do you want to generate a new keypair? [y/Y]: $(RESET)' ANSWER && \
if [ "$${ANSWER}" == "y" ] || [ "$${ANSWER}" == "Y" ]; then \
mkdir -p ~/.ssh; \
ssh-keygen -t rsa -b 4096 -N '' -f ~/.ssh/$(ENV)_infra_key; \
aws ec2 --profile=$(AWS_PROFILE) import-key-pair --key-name "$(ENV)_infra_key" --public-key-material "file://~/.ssh/$(ENV)_infra_key.pub"; \
fi; \
else \
echo "$(BOLD)$(GREEN)EC2 Key Pair $(ENV)_infra_key exists$(RESET)";\
fi
@echo "$(BOLD)Configuring the terraform backend$(RESET)"
@terraform init \
-input=false \
-force-copy \
-lock=true \
-upgrade \
-verify-plugins=true \
-backend=true \
-backend-config="profile=$(AWS_PROFILE)" \
-backend-config="region=$(REGION)" \
-backend-config="bucket=$(S3_BUCKET)" \
-backend-config="key=$(ENV)/$(CURRENT_FOLDER)/terraform.tfstate" \
-backend-config="dynamodb_table=$(DYNAMODB_TABLE)"\
-backend-config="acl=private"
@echo "$(BOLD)Switching to workspace $(WORKSPACE)$(RESET)"
@terraform workspace select $(WORKSPACE) || terraform workspace new $(WORKSPACE)
plan: prep ## Show what terraform thinks it will do
@terraform plan \
-lock=true \
-input=false \
-refresh=true \
-var-file="$(VARS)"
format: prep ## Rewrites all Terraform configuration files to a canonical format.
@terraform fmt \
-write=true \
-recursive
# https://github.com/terraform-linters/tflint
lint: prep ## Check for possible errors, best practices, etc in current directory!
@tflint
# https://github.com/liamg/tfsec
check-security: prep ## Static analysis of your terraform templates to spot potential security issues.
@tfsec .
documentation: prep ## Generate README.md for a module
@terraform-docs \
markdown table \
--sort-by-required . > README.md
plan-target: prep ## Shows what a plan looks like for applying a specific resource
@echo "$(YELLOW)$(BOLD)[INFO] $(RESET)"; echo "Example to type for the following question: module.rds.aws_route53_record.rds-master"
@read -p "PLAN target: " DATA && \
terraform plan \
-lock=true \
-input=true \
-refresh=true \
-var-file="$(VARS)" \
-target=$$DATA
plan-destroy: prep ## Creates a destruction plan.
@terraform plan \
-input=false \
-refresh=true \
-destroy \
-var-file="$(VARS)"
apply: prep ## Have terraform do the things. This will cost money.
@terraform apply \
-lock=true \
-input=false \
-refresh=true \
-var-file="$(VARS)"
destroy: prep ## Destroy the things
@terraform destroy \
-lock=true \
-input=false \
-refresh=true \
-var-file="$(VARS)"
destroy-target: prep ## Destroy a specific resource. Caution though, this destroys chained resources.
@echo "$(YELLOW)$(BOLD)[INFO] Specifically destroy a piece of Terraform data.$(RESET)"; echo "Example to type for the following question: module.rds.aws_route53_record.rds-master"
@read -p "Destroy target: " DATA && \
terraform destroy \
-lock=true \
-input=false \
-refresh=true \
-var-file=$(VARS) \
-target=$$DATA
destroy-backend: ## Destroy S3 bucket and DynamoDB table
@if ! aws --profile $(AWS_PROFILE) dynamodb delete-table \
--region $(REGION) \
--table-name $(DYNAMODB_TABLE) > /dev/null 2>&1 ; then \
echo "$(BOLD)$(RED)Unable to delete DynamoDB table $(DYNAMODB_TABLE)$(RESET)"; \
else
echo "$(BOLD)$(RED)DynamoDB table $(DYNAMODB_TABLE) does not exist.$(RESET)"; \
fi
@if ! aws --profile $(AWS_PROFILE) s3api delete-objects \
--region $(REGION) \
--bucket $(S3_BUCKET) \
--delete "$$(aws --profile $(AWS_PROFILE) s3api list-object-versions \
--region $(REGION) \
--bucket $(S3_BUCKET) \
--output=json \
--query='{Objects: Versions[].{Key:Key,VersionId:VersionId}}')" > /dev/null 2>&1 ; then \
echo "$(BOLD)$(RED)Unable to delete objects in S3 bucket $(S3_BUCKET)$(RESET)"; \
fi
@if ! aws --profile $(AWS_PROFILE) s3api delete-objects \
--region $(REGION) \
--bucket $(S3_BUCKET) \
--delete "$$(aws --profile $(AWS_PROFILE) s3api list-object-versions \
--region $(REGION) \
--bucket $(S3_BUCKET) \
--output=json \
--query='{Objects: DeleteMarkers[].{Key:Key,VersionId:VersionId}}')" > /dev/null 2>&1 ; then \
echo "$(BOLD)$(RED)Unable to delete markers in S3 bucket $(S3_BUCKET)$(RESET)"; \
fi
@if ! aws --profile $(AWS_PROFILE) s3api delete-bucket \
--region $(REGION) \
--bucket $(S3_BUCKET) > /dev/null 2>&1 ; then \
echo "$(BOLD)$(RED)Unable to delete S3 bucket $(S3_BUCKET) itself$(RESET)"; \
fi

4
infrastructure/Makefile.env Normal file
View File

@@ -0,0 +1,4 @@
ENV="prod"
REGION="eu-west-1"
PROJECT="panaetius-blog"
AWS_PROFILE="admin"

52
infrastructure/main.tf Normal file
View File

@@ -0,0 +1,52 @@
provider "aws" {
region = var.region
profile = var.profile
version = "~> 2.66"
}
locals {
tags = {
"Project" = "panaetius-blog"
"Description" = "terraform resources to host the blog"
}
}
module "cloudfront_s3_cdn" {
source = "git::https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn.git?ref=tags/0.23.1"
stage = var.stage
name = var.name
parent_zone_id = var.parent_zone_id
acm_certificate_arn = var.acm_certificate_arn
# log_expiration_days = var.log_expiration_days
# log_standard_transition_days = var.log_standard_transition_days
use_regional_s3_endpoint = true
origin_force_destroy = true
cors_allowed_headers = ["*"]
cors_allowed_methods = ["GET", "HEAD", "PUT", "POST"]
cors_allowed_origins = var.allowed_origins
tags = local.tags
aliases = var.aliases
additional_bucket_policy = <<-EOT
{
"Version": "2012-10-17",
"Statement": [
{
"Sid":"PublicRead",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource": "arn:aws:s3:::${var.bucket_name}/*"
}
]
}
EOT
}
resource "aws_s3_bucket_object" "index" {
bucket = module.cloudfront_s3_cdn.s3_bucket
key = "index.html"
acl = "public-read"
source = "${path.module}/test/index.html"
content_type = "text/html"
etag = md5(file("${path.module}/test/index.html"))
}

39
infrastructure/outputs.tf Normal file
View File

@@ -0,0 +1,39 @@
output "cf_id" {
value = module.cloudfront_s3_cdn.cf_id
description = "ID of AWS CloudFront distribution"
}
output "cf_arn" {
value = module.cloudfront_s3_cdn.cf_arn
description = "ARN of AWS CloudFront distribution"
}
output "cf_status" {
value = module.cloudfront_s3_cdn.cf_status
description = "Current status of the distribution"
}
output "cf_domain_name" {
value = module.cloudfront_s3_cdn.cf_domain_name
description = "Domain name corresponding to the distribution"
}
output "cf_etag" {
value = module.cloudfront_s3_cdn.cf_etag
description = "Current version of the distribution's information"
}
output "cf_hosted_zone_id" {
value = module.cloudfront_s3_cdn.cf_hosted_zone_id
description = "CloudFront Route 53 zone ID"
}
output "s3_bucket" {
value = module.cloudfront_s3_cdn.s3_bucket
description = "Name of S3 bucket"
}
output "s3_bucket_domain_name" {
value = module.cloudfront_s3_cdn.s3_bucket_domain_name
description = "Domain of S3 bucket"
}

742
infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate Normal file
View File

@@ -0,0 +1,742 @@
{
"version": 4,
"terraform_version": "0.12.26",
"serial": 90,
"lineage": "cda52006-90fc-4aec-a630-42e69057b365",
"outputs": {
"cf_arn": {
"value": "arn:aws:cloudfront::745437999005:distribution/E2IHXIMPI3MZ2X",
"type": "string"
},
"cf_domain_name": {
"value": "d244ranky0ff54.cloudfront.net",
"type": "string"
},
"cf_etag": {
"value": "E2SEL7AYXF1CKS",
"type": "string"
},
"cf_hosted_zone_id": {
"value": "Z2FDTNDATAQYW2",
"type": "string"
},
"cf_id": {
"value": "E2IHXIMPI3MZ2X",
"type": "string"
},
"cf_status": {
"value": "Deployed",
"type": "string"
},
"s3_bucket": {
"value": "prod-panaetius-blog-origin",
"type": "string"
},
"s3_bucket_domain_name": {
"value": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com",
"type": "string"
}
},
"resources": [
{
"module": "module.cloudfront_s3_cdn",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "origin",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "3493490045",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"PublicRead\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": \"*\"\n }\n ]\n}",
"override_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\":\"PublicRead\",\n \"Effect\":\"Allow\",\n \"Principal\": \"*\",\n \"Action\":[\"s3:GetObject\"],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\"\n }\n ]\n}\n",
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"s3:GetObject"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"${cloudfront_origin_access_identity_iam_arn}"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::${bucket_name}${origin_path}*"
],
"sid": "S3GetObjectForCloudFront"
},
{
"actions": [
"s3:ListBucket"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"${cloudfront_origin_access_identity_iam_arn}"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::${bucket_name}"
],
"sid": "S3ListBucketForCloudFront"
}
],
"version": "2012-10-17"
}
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "origin_website",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "736817168",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"*\"\n }\n },\n {\n \"Sid\": \"PublicRead\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": \"*\"\n }\n ]\n}",
"override_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\":\"PublicRead\",\n \"Effect\":\"Allow\",\n \"Principal\": \"*\",\n \"Action\":[\"s3:GetObject\"],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\"\n }\n ]\n}\n",
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"s3:GetObject"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"*"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::${bucket_name}${origin_path}*"
],
"sid": "S3GetObjectForCloudFront"
}
],
"version": "2012-10-17"
}
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "data",
"type": "aws_region",
"name": "current",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"current": null,
"description": "Europe (Ireland)",
"endpoint": "ec2.eu-west-1.amazonaws.com",
"id": "eu-west-1",
"name": "eu-west-1"
}
}
]
},
{
"module": "module.cloudfront_s3_cdn.module.dns",
"mode": "data",
"type": "aws_route53_zone",
"name": "default",
"each": "list",
"provider": "provider.aws",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"caller_reference": "321439A9-2EB4-9C82-858E-22E353E3CC06",
"comment": "blog",
"id": "Z05316671VABVSMAAF1RC",
"linked_service_description": null,
"linked_service_principal": null,
"name": "panaetius.io.",
"name_servers": [
"ns-1774.awsdns-29.co.uk",
"ns-667.awsdns-19.net",
"ns-1261.awsdns-29.org",
"ns-401.awsdns-50.com"
],
"private_zone": false,
"resource_record_set_count": 5,
"tags": {},
"vpc_id": null,
"zone_id": "Z05316671VABVSMAAF1RC"
}
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "data",
"type": "aws_s3_bucket",
"name": "selected",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:s3:::prod-panaetius-blog-origin",
"bucket": "prod-panaetius-blog-origin",
"bucket_domain_name": "prod-panaetius-blog-origin.s3.amazonaws.com",
"bucket_regional_domain_name": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com",
"hosted_zone_id": "Z1BKCTXD74EZPE",
"id": "prod-panaetius-blog-origin",
"region": "eu-west-1",
"website_domain": null,
"website_endpoint": null
}
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "data",
"type": "template_file",
"name": "default",
"provider": "provider.template",
"instances": [
{
"schema_version": 0,
"attributes": {
"filename": null,
"id": "ef8d6cdd8c782d412e41e1e574ea39e8674f2d80726946a8f8dbe8ea50c1ac8b",
"rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"\n }\n },\n {\n \"Sid\": \"PublicRead\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": \"*\"\n }\n ]\n}",
"template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"PublicRead\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": \"*\"\n }\n ]\n}",
"vars": {
"bucket_name": "prod-panaetius-blog-origin",
"cloudfront_origin_access_identity_iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5",
"origin_path": "/"
}
}
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "managed",
"type": "aws_cloudfront_distribution",
"name": "default",
"provider": "provider.aws",
"instances": [
{
"schema_version": 1,
"attributes": {
"active_trusted_signers": {
"enabled": "false",
"items.#": "0"
},
"aliases": [
"panaetius.io"
],
"arn": "arn:aws:cloudfront::745437999005:distribution/E2IHXIMPI3MZ2X",
"cache_behavior": [],
"caller_reference": "terraform-20200713232651089800000002",
"comment": "Managed by Terraform",
"custom_error_response": [],
"default_cache_behavior": [
{
"allowed_methods": [
"DELETE",
"GET",
"HEAD",
"OPTIONS",
"PATCH",
"POST",
"PUT"
],
"cached_methods": [
"GET",
"HEAD"
],
"compress": false,
"default_ttl": 60,
"field_level_encryption_id": "",
"forwarded_values": [
{
"cookies": [
{
"forward": "none",
"whitelisted_names": []
}
],
"headers": [
"Access-Control-Request-Headers",
"Access-Control-Request-Method",
"Origin"
],
"query_string": false,
"query_string_cache_keys": []
}
],
"lambda_function_association": [],
"max_ttl": 31536000,
"min_ttl": 0,
"smooth_streaming": false,
"target_origin_id": "prod-panaetius-blog",
"trusted_signers": [],
"viewer_protocol_policy": "redirect-to-https"
}
],
"default_root_object": "index.html",
"domain_name": "d244ranky0ff54.cloudfront.net",
"enabled": true,
"etag": "E2SEL7AYXF1CKS",
"hosted_zone_id": "Z2FDTNDATAQYW2",
"http_version": "http2",
"id": "E2IHXIMPI3MZ2X",
"in_progress_validation_batches": 0,
"is_ipv6_enabled": true,
"last_modified_time": "2020-07-15 00:18:34.684 +0000 UTC",
"logging_config": [
{
"bucket": "prod-panaetius-blog-logs.s3.amazonaws.com",
"include_cookies": false,
"prefix": ""
}
],
"ordered_cache_behavior": [],
"origin": [
{
"custom_header": [],
"custom_origin_config": [],
"domain_name": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com",
"origin_id": "prod-panaetius-blog",
"origin_path": "",
"s3_origin_config": [
{
"origin_access_identity": "origin-access-identity/cloudfront/E21A7YWJ1RT3K5"
}
]
}
],
"origin_group": [],
"price_class": "PriceClass_100",
"restrictions": [
{
"geo_restriction": [
{
"locations": [],
"restriction_type": "none"
}
]
}
],
"retain_on_delete": false,
"status": "Deployed",
"tags": {
"Description": "terraform resources to host the blog",
"Name": "prod-panaetius-blog",
"Project": "panaetius-blog",
"Stage": "prod"
},
"viewer_certificate": [
{
"acm_certificate_arn": "arn:aws:acm:us-east-1:745437999005:certificate/60af49f0-07bb-4680-8f5b-3c9a33f756e5",
"cloudfront_default_certificate": false,
"iam_certificate_id": "",
"minimum_protocol_version": "TLSv1",
"ssl_support_method": "sni-only"
}
],
"wait_for_deployment": true,
"web_acl_id": ""
},
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
"dependencies": [
"module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default",
"module.cloudfront_s3_cdn.aws_s3_bucket.origin",
"module.cloudfront_s3_cdn.module.logs.aws_s3_bucket.default"
]
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "managed",
"type": "aws_cloudfront_origin_access_identity",
"name": "default",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"caller_reference": "terraform-20200713232645930800000001",
"cloudfront_access_identity_path": "origin-access-identity/cloudfront/E21A7YWJ1RT3K5",
"comment": "prod-panaetius-blog",
"etag": "EESE0U5KF261",
"iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5",
"id": "E21A7YWJ1RT3K5",
"s3_canonical_user_id": "2d7779400635ec843efe9b677769fc4f82b0d384408cf22382bf3a90540502e09e75d1346e7105b4da159515b229f39b"
},
"private": "bnVsbA=="
}
]
},
{
"module": "module.cloudfront_s3_cdn.module.dns",
"mode": "managed",
"type": "aws_route53_record",
"name": "default",
"each": "list",
"provider": "provider.aws",
"instances": [
{
"index_key": 0,
"schema_version": 2,
"attributes": {
"alias": [
{
"evaluate_target_health": false,
"name": "d244ranky0ff54.cloudfront.net",
"zone_id": "Z2FDTNDATAQYW2"
}
],
"allow_overwrite": null,
"failover_routing_policy": [],
"fqdn": "panaetius.io",
"geolocation_routing_policy": [],
"health_check_id": "",
"id": "Z05316671VABVSMAAF1RC_panaetius.io_A",
"latency_routing_policy": [],
"multivalue_answer_routing_policy": null,
"name": "panaetius.io",
"records": [],
"set_identifier": "",
"ttl": 0,
"type": "A",
"weighted_routing_policy": [],
"zone_id": "Z05316671VABVSMAAF1RC"
},
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==",
"dependencies": [
"module.cloudfront_s3_cdn.aws_cloudfront_distribution.default",
"module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default",
"module.cloudfront_s3_cdn.aws_s3_bucket.origin",
"module.cloudfront_s3_cdn.module.logs.aws_s3_bucket.default"
]
}
]
},
{
"module": "module.cloudfront_s3_cdn.module.dns",
"mode": "managed",
"type": "aws_route53_record",
"name": "ipv6",
"each": "list",
"provider": "provider.aws",
"instances": [
{
"index_key": 0,
"schema_version": 2,
"attributes": {
"alias": [
{
"evaluate_target_health": false,
"name": "d244ranky0ff54.cloudfront.net",
"zone_id": "Z2FDTNDATAQYW2"
}
],
"allow_overwrite": null,
"failover_routing_policy": [],
"fqdn": "panaetius.io",
"geolocation_routing_policy": [],
"health_check_id": "",
"id": "Z05316671VABVSMAAF1RC_panaetius.io_AAAA",
"latency_routing_policy": [],
"multivalue_answer_routing_policy": null,
"name": "panaetius.io",
"records": [],
"set_identifier": "",
"ttl": 0,
"type": "AAAA",
"weighted_routing_policy": [],
"zone_id": "Z05316671VABVSMAAF1RC"
},
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==",
"dependencies": [
"module.cloudfront_s3_cdn.aws_cloudfront_distribution.default",
"module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default",
"module.cloudfront_s3_cdn.aws_s3_bucket.origin",
"module.cloudfront_s3_cdn.module.logs.aws_s3_bucket.default"
]
}
]
},
{
"module": "module.cloudfront_s3_cdn.module.logs",
"mode": "managed",
"type": "aws_s3_bucket",
"name": "default",
"each": "list",
"provider": "provider.aws",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"acceleration_status": "",
"acl": "log-delivery-write",
"arn": "arn:aws:s3:::prod-panaetius-blog-logs",
"bucket": "prod-panaetius-blog-logs",
"bucket_domain_name": "prod-panaetius-blog-logs.s3.amazonaws.com",
"bucket_prefix": null,
"bucket_regional_domain_name": "prod-panaetius-blog-logs.s3.eu-west-1.amazonaws.com",
"cors_rule": [],
"force_destroy": true,
"grant": [],
"hosted_zone_id": "Z1BKCTXD74EZPE",
"id": "prod-panaetius-blog-logs",
"lifecycle_rule": [
{
"abort_incomplete_multipart_upload_days": 0,
"enabled": true,
"expiration": [
{
"date": "",
"days": 90,
"expired_object_delete_marker": false
}
],
"id": "prod-panaetius-blog-logs",
"noncurrent_version_expiration": [
{
"days": 90
}
],
"noncurrent_version_transition": [
{
"days": 30,
"storage_class": "GLACIER"
}
],
"prefix": "",
"tags": {},
"transition": [
{
"date": "",
"days": 30,
"storage_class": "STANDARD_IA"
},
{
"date": "",
"days": 60,
"storage_class": "GLACIER"
}
]
}
],
"logging": [],
"object_lock_configuration": [],
"policy": "",
"region": "eu-west-1",
"replication_configuration": [],
"request_payer": "BucketOwner",
"server_side_encryption_configuration": [
{
"rule": [
{
"apply_server_side_encryption_by_default": [
{
"kms_master_key_id": "",
"sse_algorithm": "AES256"
}
]
}
]
}
],
"tags": {
"Attributes": "logs",
"Description": "terraform resources to host the blog",
"Name": "prod-panaetius-blog-logs",
"Project": "panaetius-blog",
"Stage": "prod"
},
"versioning": [
{
"enabled": false,
"mfa_delete": false
}
],
"website": [],
"website_domain": null,
"website_endpoint": null
},
"private": "bnVsbA=="
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "managed",
"type": "aws_s3_bucket",
"name": "origin",
"each": "list",
"provider": "provider.aws",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"acceleration_status": "",
"acl": "private",
"arn": "arn:aws:s3:::prod-panaetius-blog-origin",
"bucket": "prod-panaetius-blog-origin",
"bucket_domain_name": "prod-panaetius-blog-origin.s3.amazonaws.com",
"bucket_prefix": null,
"bucket_regional_domain_name": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com",
"cors_rule": [
{
"allowed_headers": [
"*"
],
"allowed_methods": [
"GET",
"HEAD",
"PUT",
"POST"
],
"allowed_origins": [
"*.panaetius.io",
"panaetius.io"
],
"expose_headers": [
"ETag"
],
"max_age_seconds": 3600
}
],
"force_destroy": true,
"grant": [],
"hosted_zone_id": "Z1BKCTXD74EZPE",
"id": "prod-panaetius-blog-origin",
"lifecycle_rule": [],
"logging": [],
"object_lock_configuration": [],
"policy": null,
"region": "eu-west-1",
"replication_configuration": [],
"request_payer": "BucketOwner",
"server_side_encryption_configuration": [],
"tags": {
"Attributes": "origin",
"Description": "terraform resources to host the blog",
"Name": "prod-panaetius-blog-origin",
"Project": "panaetius-blog",
"Stage": "prod"
},
"versioning": [
{
"enabled": false,
"mfa_delete": false
}
],
"website": [],
"website_domain": null,
"website_endpoint": null
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_s3_bucket_object",
"name": "index",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"acl": "public-read",
"bucket": "prod-panaetius-blog-origin",
"cache_control": "",
"content": null,
"content_base64": null,
"content_disposition": "",
"content_encoding": "",
"content_language": "",
"content_type": "text/html",
"etag": "83350948ee374f30e5513497c69c0fe5",
"force_destroy": false,
"id": "index.html",
"key": "index.html",
"kms_key_id": null,
"metadata": {},
"object_lock_legal_hold_status": "",
"object_lock_mode": "",
"object_lock_retain_until_date": "",
"server_side_encryption": "",
"source": "./test/index.html",
"storage_class": "STANDARD",
"tags": {},
"version_id": "",
"website_redirect": ""
},
"private": "bnVsbA==",
"dependencies": [
"module.cloudfront_s3_cdn.aws_s3_bucket.origin"
]
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "managed",
"type": "aws_s3_bucket_policy",
"name": "default",
"each": "list",
"provider": "provider.aws",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"bucket": "prod-panaetius-blog-origin",
"id": "prod-panaetius-blog-origin",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"\n }\n },\n {\n \"Sid\": \"PublicRead\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": \"*\"\n }\n ]\n}"
},
"private": "bnVsbA==",
"dependencies": [
"module.cloudfront_s3_cdn.aws_s3_bucket.origin"
]
}
]
}
]
}

743
infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate.backup Normal file
View File

@@ -0,0 +1,743 @@
{
"version": 4,
"terraform_version": "0.12.26",
"serial": 88,
"lineage": "cda52006-90fc-4aec-a630-42e69057b365",
"outputs": {
"cf_arn": {
"value": "arn:aws:cloudfront::745437999005:distribution/E2IHXIMPI3MZ2X",
"type": "string"
},
"cf_domain_name": {
"value": "d244ranky0ff54.cloudfront.net",
"type": "string"
},
"cf_etag": {
"value": "E2SEL7AYXF1CKS",
"type": "string"
},
"cf_hosted_zone_id": {
"value": "Z2FDTNDATAQYW2",
"type": "string"
},
"cf_id": {
"value": "E2IHXIMPI3MZ2X",
"type": "string"
},
"cf_status": {
"value": "Deployed",
"type": "string"
},
"s3_bucket": {
"value": "prod-panaetius-blog-origin",
"type": "string"
},
"s3_bucket_domain_name": {
"value": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com",
"type": "string"
}
},
"resources": [
{
"module": "module.cloudfront_s3_cdn",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "origin",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "1149999058",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n }\n ]\n}",
"override_json": "{\n \"Sid\":\"PublicRead\",\n \"Effect\":\"Allow\",\n \"Principal\": \"*\",\n \"Action\":[\"s3:GetObject\"],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\"\n}\n",
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"s3:GetObject"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"${cloudfront_origin_access_identity_iam_arn}"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::${bucket_name}${origin_path}*"
],
"sid": "S3GetObjectForCloudFront"
},
{
"actions": [
"s3:ListBucket"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"${cloudfront_origin_access_identity_iam_arn}"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::${bucket_name}"
],
"sid": "S3ListBucketForCloudFront"
}
],
"version": "2012-10-17"
}
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "origin_website",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "239689126",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"*\"\n }\n }\n ]\n}",
"override_json": "{\n \"Sid\":\"PublicRead\",\n \"Effect\":\"Allow\",\n \"Principal\": \"*\",\n \"Action\":[\"s3:GetObject\"],\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\"\n}\n",
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"s3:GetObject"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"*"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::${bucket_name}${origin_path}*"
],
"sid": "S3GetObjectForCloudFront"
}
],
"version": "2012-10-17"
}
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "data",
"type": "aws_region",
"name": "current",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"current": null,
"description": "Europe (Ireland)",
"endpoint": "ec2.eu-west-1.amazonaws.com",
"id": "eu-west-1",
"name": "eu-west-1"
}
}
]
},
{
"module": "module.cloudfront_s3_cdn.module.dns",
"mode": "data",
"type": "aws_route53_zone",
"name": "default",
"each": "list",
"provider": "provider.aws",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"caller_reference": "321439A9-2EB4-9C82-858E-22E353E3CC06",
"comment": "blog",
"id": "Z05316671VABVSMAAF1RC",
"linked_service_description": null,
"linked_service_principal": null,
"name": "panaetius.io.",
"name_servers": [
"ns-1774.awsdns-29.co.uk",
"ns-667.awsdns-19.net",
"ns-1261.awsdns-29.org",
"ns-401.awsdns-50.com"
],
"private_zone": false,
"resource_record_set_count": 5,
"tags": {},
"vpc_id": null,
"zone_id": "Z05316671VABVSMAAF1RC"
}
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "data",
"type": "aws_s3_bucket",
"name": "selected",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:s3:::prod-panaetius-blog-origin",
"bucket": "prod-panaetius-blog-origin",
"bucket_domain_name": "prod-panaetius-blog-origin.s3.amazonaws.com",
"bucket_regional_domain_name": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com",
"hosted_zone_id": "Z1BKCTXD74EZPE",
"id": "prod-panaetius-blog-origin",
"region": "eu-west-1",
"website_domain": null,
"website_endpoint": null
}
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "data",
"type": "template_file",
"name": "default",
"provider": "provider.template",
"instances": [
{
"schema_version": 0,
"attributes": {
"filename": null,
"id": "bf2245baaea68e5cc89448356e64936cbd79d0706457d884cdd7badc903719e8",
"rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::prod-panaetius-blog-origin\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"\n }\n }\n ]\n}",
"template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n }\n ]\n}",
"vars": {
"bucket_name": "prod-panaetius-blog-origin",
"cloudfront_origin_access_identity_iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5",
"origin_path": "/"
}
}
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "managed",
"type": "aws_cloudfront_distribution",
"name": "default",
"provider": "provider.aws",
"instances": [
{
"schema_version": 1,
"attributes": {
"active_trusted_signers": {
"enabled": "false",
"items.#": "0"
},
"aliases": [
"panaetius.io"
],
"arn": "arn:aws:cloudfront::745437999005:distribution/E2IHXIMPI3MZ2X",
"cache_behavior": [],
"caller_reference": "terraform-20200713232651089800000002",
"comment": "Managed by Terraform",
"custom_error_response": [],
"default_cache_behavior": [
{
"allowed_methods": [
"DELETE",
"GET",
"HEAD",
"OPTIONS",
"PATCH",
"POST",
"PUT"
],
"cached_methods": [
"GET",
"HEAD"
],
"compress": false,
"default_ttl": 60,
"field_level_encryption_id": "",
"forwarded_values": [
{
"cookies": [
{
"forward": "none",
"whitelisted_names": []
}
],
"headers": [
"Access-Control-Request-Headers",
"Access-Control-Request-Method",
"Origin"
],
"query_string": false,
"query_string_cache_keys": []
}
],
"lambda_function_association": [],
"max_ttl": 31536000,
"min_ttl": 0,
"smooth_streaming": false,
"target_origin_id": "prod-panaetius-blog",
"trusted_signers": [],
"viewer_protocol_policy": "redirect-to-https"
}
],
"default_root_object": "index.html",
"domain_name": "d244ranky0ff54.cloudfront.net",
"enabled": true,
"etag": "E2SEL7AYXF1CKS",
"hosted_zone_id": "Z2FDTNDATAQYW2",
"http_version": "http2",
"id": "E2IHXIMPI3MZ2X",
"in_progress_validation_batches": 0,
"is_ipv6_enabled": true,
"last_modified_time": "2020-07-15 00:18:34.684 +0000 UTC",
"logging_config": [
{
"bucket": "prod-panaetius-blog-logs.s3.amazonaws.com",
"include_cookies": false,
"prefix": ""
}
],
"ordered_cache_behavior": [],
"origin": [
{
"custom_header": [],
"custom_origin_config": [],
"domain_name": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com",
"origin_id": "prod-panaetius-blog",
"origin_path": "",
"s3_origin_config": [
{
"origin_access_identity": "origin-access-identity/cloudfront/E21A7YWJ1RT3K5"
}
]
}
],
"origin_group": [],
"price_class": "PriceClass_100",
"restrictions": [
{
"geo_restriction": [
{
"locations": [],
"restriction_type": "none"
}
]
}
],
"retain_on_delete": false,
"status": "Deployed",
"tags": {
"Description": "terraform resources to host the blog",
"Name": "prod-panaetius-blog",
"Project": "panaetius-blog",
"Stage": "prod"
},
"viewer_certificate": [
{
"acm_certificate_arn": "arn:aws:acm:us-east-1:745437999005:certificate/60af49f0-07bb-4680-8f5b-3c9a33f756e5",
"cloudfront_default_certificate": false,
"iam_certificate_id": "",
"minimum_protocol_version": "TLSv1",
"ssl_support_method": "sni-only"
}
],
"wait_for_deployment": true,
"web_acl_id": ""
},
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
"dependencies": [
"module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default",
"module.cloudfront_s3_cdn.aws_s3_bucket.origin",
"module.cloudfront_s3_cdn.module.logs.aws_s3_bucket.default"
]
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "managed",
"type": "aws_cloudfront_origin_access_identity",
"name": "default",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"caller_reference": "terraform-20200713232645930800000001",
"cloudfront_access_identity_path": "origin-access-identity/cloudfront/E21A7YWJ1RT3K5",
"comment": "prod-panaetius-blog",
"etag": "EESE0U5KF261",
"iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5",
"id": "E21A7YWJ1RT3K5",
"s3_canonical_user_id": "2d7779400635ec843efe9b677769fc4f82b0d384408cf22382bf3a90540502e09e75d1346e7105b4da159515b229f39b"
},
"private": "bnVsbA=="
}
]
},
{
"module": "module.cloudfront_s3_cdn.module.dns",
"mode": "managed",
"type": "aws_route53_record",
"name": "default",
"each": "list",
"provider": "provider.aws",
"instances": [
{
"index_key": 0,
"schema_version": 2,
"attributes": {
"alias": [
{
"evaluate_target_health": false,
"name": "d244ranky0ff54.cloudfront.net",
"zone_id": "Z2FDTNDATAQYW2"
}
],
"allow_overwrite": null,
"failover_routing_policy": [],
"fqdn": "panaetius.io",
"geolocation_routing_policy": [],
"health_check_id": "",
"id": "Z05316671VABVSMAAF1RC_panaetius.io_A",
"latency_routing_policy": [],
"multivalue_answer_routing_policy": null,
"name": "panaetius.io",
"records": [],
"set_identifier": "",
"ttl": 0,
"type": "A",
"weighted_routing_policy": [],
"zone_id": "Z05316671VABVSMAAF1RC"
},
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==",
"dependencies": [
"module.cloudfront_s3_cdn.aws_cloudfront_distribution.default",
"module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default",
"module.cloudfront_s3_cdn.aws_s3_bucket.origin",
"module.cloudfront_s3_cdn.module.logs.aws_s3_bucket.default"
]
}
]
},
{
"module": "module.cloudfront_s3_cdn.module.dns",
"mode": "managed",
"type": "aws_route53_record",
"name": "ipv6",
"each": "list",
"provider": "provider.aws",
"instances": [
{
"index_key": 0,
"schema_version": 2,
"attributes": {
"alias": [
{
"evaluate_target_health": false,
"name": "d244ranky0ff54.cloudfront.net",
"zone_id": "Z2FDTNDATAQYW2"
}
],
"allow_overwrite": null,
"failover_routing_policy": [],
"fqdn": "panaetius.io",
"geolocation_routing_policy": [],
"health_check_id": "",
"id": "Z05316671VABVSMAAF1RC_panaetius.io_AAAA",
"latency_routing_policy": [],
"multivalue_answer_routing_policy": null,
"name": "panaetius.io",
"records": [],
"set_identifier": "",
"ttl": 0,
"type": "AAAA",
"weighted_routing_policy": [],
"zone_id": "Z05316671VABVSMAAF1RC"
},
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==",
"dependencies": [
"module.cloudfront_s3_cdn.aws_cloudfront_distribution.default",
"module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default",
"module.cloudfront_s3_cdn.aws_s3_bucket.origin",
"module.cloudfront_s3_cdn.module.logs.aws_s3_bucket.default"
]
}
]
},
{
"module": "module.cloudfront_s3_cdn.module.logs",
"mode": "managed",
"type": "aws_s3_bucket",
"name": "default",
"each": "list",
"provider": "provider.aws",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"acceleration_status": "",
"acl": "log-delivery-write",
"arn": "arn:aws:s3:::prod-panaetius-blog-logs",
"bucket": "prod-panaetius-blog-logs",
"bucket_domain_name": "prod-panaetius-blog-logs.s3.amazonaws.com",
"bucket_prefix": null,
"bucket_regional_domain_name": "prod-panaetius-blog-logs.s3.eu-west-1.amazonaws.com",
"cors_rule": [],
"force_destroy": true,
"grant": [],
"hosted_zone_id": "Z1BKCTXD74EZPE",
"id": "prod-panaetius-blog-logs",
"lifecycle_rule": [
{
"abort_incomplete_multipart_upload_days": 0,
"enabled": true,
"expiration": [
{
"date": "",
"days": 90,
"expired_object_delete_marker": false
}
],
"id": "prod-panaetius-blog-logs",
"noncurrent_version_expiration": [
{
"days": 90
}
],
"noncurrent_version_transition": [
{
"days": 30,
"storage_class": "GLACIER"
}
],
"prefix": "",
"tags": {},
"transition": [
{
"date": "",
"days": 30,
"storage_class": "STANDARD_IA"
},
{
"date": "",
"days": 60,
"storage_class": "GLACIER"
}
]
}
],
"logging": [],
"object_lock_configuration": [],
"policy": "",
"region": "eu-west-1",
"replication_configuration": [],
"request_payer": "BucketOwner",
"server_side_encryption_configuration": [
{
"rule": [
{
"apply_server_side_encryption_by_default": [
{
"kms_master_key_id": "",
"sse_algorithm": "AES256"
}
]
}
]
}
],
"tags": {
"Attributes": "logs",
"Description": "terraform resources to host the blog",
"Name": "prod-panaetius-blog-logs",
"Project": "panaetius-blog",
"Stage": "prod"
},
"versioning": [
{
"enabled": false,
"mfa_delete": false
}
],
"website": [],
"website_domain": null,
"website_endpoint": null
},
"private": "bnVsbA=="
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "managed",
"type": "aws_s3_bucket",
"name": "origin",
"each": "list",
"provider": "provider.aws",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"acceleration_status": "",
"acl": "private",
"arn": "arn:aws:s3:::prod-panaetius-blog-origin",
"bucket": "prod-panaetius-blog-origin",
"bucket_domain_name": "prod-panaetius-blog-origin.s3.amazonaws.com",
"bucket_prefix": null,
"bucket_regional_domain_name": "prod-panaetius-blog-origin.s3.eu-west-1.amazonaws.com",
"cors_rule": [
{
"allowed_headers": [
"*"
],
"allowed_methods": [
"GET",
"HEAD",
"PUT",
"POST"
],
"allowed_origins": [
"*.panaetius.io",
"panaetius.io"
],
"expose_headers": [
"ETag"
],
"max_age_seconds": 3600
}
],
"force_destroy": true,
"grant": [],
"hosted_zone_id": "Z1BKCTXD74EZPE",
"id": "prod-panaetius-blog-origin",
"lifecycle_rule": [],
"logging": [],
"object_lock_configuration": [],
"policy": null,
"region": "eu-west-1",
"replication_configuration": [],
"request_payer": "BucketOwner",
"server_side_encryption_configuration": [],
"tags": {
"Attributes": "origin",
"Description": "terraform resources to host the blog",
"Name": "prod-panaetius-blog-origin",
"Project": "panaetius-blog",
"Stage": "prod"
},
"versioning": [
{
"enabled": false,
"mfa_delete": false
}
],
"website": [],
"website_domain": null,
"website_endpoint": null
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_s3_bucket_object",
"name": "index",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"acl": "public-read",
"bucket": "prod-panaetius-blog-origin",
"cache_control": "",
"content": null,
"content_base64": null,
"content_disposition": "",
"content_encoding": "",
"content_language": "",
"content_type": "text/html",
"etag": "83350948ee374f30e5513497c69c0fe5",
"force_destroy": false,
"id": "index.html",
"key": "index.html",
"kms_key_id": null,
"metadata": {},
"object_lock_legal_hold_status": "",
"object_lock_mode": "",
"object_lock_retain_until_date": "",
"server_side_encryption": "",
"source": "./test/index.html",
"storage_class": "STANDARD",
"tags": {},
"version_id": "",
"website_redirect": ""
},
"private": "bnVsbA==",
"dependencies": [
"module.cloudfront_s3_cdn.aws_s3_bucket.origin"
]
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "managed",
"type": "aws_s3_bucket_policy",
"name": "default",
"each": "list",
"provider": "provider.aws",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"bucket": "prod-panaetius-blog-origin",
"id": "prod-panaetius-blog-origin",
"policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"S3GetObjectForCloudFront\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"},\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::prod-panaetius-blog-origin/*\"},{\"Sid\":\"S3ListBucketForCloudFront\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E21A7YWJ1RT3K5\"},\"Action\":\"s3:ListBucket\",\"Resource\":\"arn:aws:s3:::prod-panaetius-blog-origin\"}]}"
},
"private": "bnVsbA==",
"dependencies": [
"module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default",
"module.cloudfront_s3_cdn.aws_s3_bucket.origin"
]
}
]
}
]
}

44
infrastructure/variables.tf Normal file
View File

@@ -0,0 +1,44 @@
variable "name" {
}
variable "region" {
}
variable "stage" {
}
variable "profile" {
}
variable "bucket_name" {
}
variable "acm_certificate_arn" {
}
variable "parent_zone_id" {
}
variable "aliases" {
}
variable "allowed_origins" {
}
# variable "log_expiration_days" {
# }
# variable "log_standard_transition_days" {
# }

11
infrastructure/variables/prod-eu-west-1.tfvars Normal file
View File

@@ -0,0 +1,11 @@
name = "panaetius-blog"
region = "eu-west-1"
stage = "prod"
profile = "admin"
bucket_name = "prod-panaetius-blog-origin"
acm_certificate_arn = "arn:aws:acm:us-east-1:745437999005:certificate/60af49f0-07bb-4680-8f5b-3c9a33f756e5"
parent_zone_id = "Z05316671VABVSMAAF1RC"
aliases = ["panaetius.io"]
allowed_origins = ["*.panaetius.io"]
# log_expiration_days = 60
# log_standard_transition_days = 60