web-development/onmyoji-deck-builder
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

adding terraform config

Browse Source
This commit is contained in:
Daniel Tomlinson
2021-03-18 01:00:12 +00:00
parent 848551e00a
commit 7df0ed18f7
11 changed files with 1106 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -25,3 +25,6 @@ pnpm-debug.log*
# Custom # Custom
src/assets/deck_of_cards src/assets/deck_of_cards
src/assets/avatars src/assets/avatars
# terraform
*.terraform

215
.infrastructure/Makefile Normal file
View File

@@ -0,0 +1,215 @@
# Copyright 2016 Philip G. Porada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
.ONESHELL:
.SHELL := /usr/bin/bash
.PHONY: apply destroy-backend destroy destroy-target plan-destroy plan plan-target prep
-include Makefile.env
# VARS="variables/$(ENV)-$(REGION).tfvars"
VARS="$(ENV)-$(REGION).tfvars"
CURRENT_FOLDER=$(shell basename "$$(pwd)")
S3_BUCKET="$(ENV)-$(REGION)-$(PROJECT)-terraform"
DYNAMODB_TABLE="$(ENV)-$(REGION)-$(PROJECT)-terraform"
WORKSPACE="$(ENV)-$(REGION)"
BOLD=$(shell tput bold)
RED=$(shell tput setaf 1)
GREEN=$(shell tput setaf 2)
YELLOW=$(shell tput setaf 3)
RESET=$(shell tput sgr0)
help:
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
set-env:
@if [ -z $(ENV) ]; then \
echo "$(BOLD)$(RED)ENV was not set$(RESET)"; \
ERROR=1; \
fi
@if [ -z $(REGION) ]; then \
echo "$(BOLD)$(RED)REGION was not set$(RESET)"; \
ERROR=1; \
fi
@if [ -z $(AWS_PROFILE) ]; then \
echo "$(BOLD)$(RED)AWS_PROFILE was not set.$(RESET)"; \
ERROR=1; \
fi
@if [ ! -z $${ERROR} ] && [ $${ERROR} -eq 1 ]; then \
echo "$(BOLD)Example usage: \`AWS_PROFILE=whatever ENV=demo REGION=us-east-2 make plan\`$(RESET)"; \
exit 1; \
fi
@if [ ! -f "$(VARS)" ]; then \
echo "$(BOLD)$(RED)Could not find variables file: $(VARS)$(RESET)"; \
exit 1; \
fi
prep: set-env ## Prepare a new workspace (environment) if needed, configure the tfstate backend, update any modules, and switch to the workspace
@echo "$(BOLD)Verifying that the S3 bucket $(S3_BUCKET) for remote state exists$(RESET)"
@if ! aws --profile $(AWS_PROFILE) s3api head-bucket --region $(REGION) --bucket $(S3_BUCKET) > /dev/null 2>&1 ; then \
echo "$(BOLD)S3 bucket $(S3_BUCKET) was not found, creating new bucket with versioning enabled to store tfstate$(RESET)"; \
aws --profile $(AWS_PROFILE) s3api create-bucket \
--bucket $(S3_BUCKET) \
--acl private \
--region $(REGION) \
--create-bucket-configuration LocationConstraint=$(REGION) > /dev/null 2>&1 ; \
aws --profile $(AWS_PROFILE) s3api put-bucket-versioning \
--bucket $(S3_BUCKET) \
--versioning-configuration Status=Enabled > /dev/null 2>&1 ; \
echo "$(BOLD)$(GREEN)S3 bucket $(S3_BUCKET) created$(RESET)"; \
else
echo "$(BOLD)$(GREEN)S3 bucket $(S3_BUCKET) exists$(RESET)"; \
fi
@echo "$(BOLD)Verifying that the DynamoDB table exists for remote state locking$(RESET)"
@if ! aws --profile $(AWS_PROFILE) --region $(REGION) dynamodb describe-table --table-name $(DYNAMODB_TABLE) > /dev/null 2>&1 ; then \
echo "$(BOLD)DynamoDB table $(DYNAMODB_TABLE) was not found, creating new DynamoDB table to maintain locks$(RESET)"; \
aws --profile $(AWS_PROFILE) dynamodb create-table \
--region $(REGION) \
--table-name $(DYNAMODB_TABLE) \
--attribute-definitions AttributeName=LockID,AttributeType=S \
--key-schema AttributeName=LockID,KeyType=HASH \
--provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5 > /dev/null 2>&1 ; \
echo "$(BOLD)$(GREEN)DynamoDB table $(DYNAMODB_TABLE) created$(RESET)"; \
echo "Sleeping for 10 seconds to allow DynamoDB state to propagate through AWS"; \
sleep 10; \
else
echo "$(BOLD)$(GREEN)DynamoDB Table $(DYNAMODB_TABLE) exists$(RESET)"; \
fi
@aws ec2 --profile=$(AWS_PROFILE) describe-key-pairs | jq -r '.KeyPairs[].KeyName' | grep "$(ENV)_infra_key" > /dev/null 2>&1; \
if [ $$? -ne 0 ]; then \
echo "$(BOLD)$(RED)EC2 Key Pair $(INFRA_KEY)_infra_key was not found$(RESET)"; \
read -p '$(BOLD)Do you want to generate a new keypair? [y/Y]: $(RESET)' ANSWER && \
if [ "$${ANSWER}" == "y" ] || [ "$${ANSWER}" == "Y" ]; then \
mkdir -p ~/.ssh; \
ssh-keygen -t rsa -b 4096 -N '' -f ~/.ssh/$(ENV)_infra_key; \
aws ec2 --profile=$(AWS_PROFILE) import-key-pair --key-name "$(ENV)_infra_key" --public-key-material "file://~/.ssh/$(ENV)_infra_key.pub"; \
fi; \
else \
echo "$(BOLD)$(GREEN)EC2 Key Pair $(ENV)_infra_key exists$(RESET)";\
fi
@echo "$(BOLD)Configuring the terraform backend$(RESET)"
@terraform init \
-input=false \
-force-copy \
-lock=true \
-upgrade \
-verify-plugins=true \
-backend=true \
-backend-config="profile=$(AWS_PROFILE)" \
-backend-config="region=$(REGION)" \
-backend-config="bucket=$(S3_BUCKET)" \
-backend-config="key=$(ENV)/$(CURRENT_FOLDER)/terraform.tfstate" \
-backend-config="dynamodb_table=$(DYNAMODB_TABLE)"\
-backend-config="acl=private"
@echo "$(BOLD)Switching to workspace $(WORKSPACE)$(RESET)"
@terraform workspace select $(WORKSPACE) || terraform workspace new $(WORKSPACE)
plan: prep ## Show what terraform thinks it will do
@terraform plan \
-lock=true \
-input=false \
-refresh=true \
-var-file="$(VARS)"
format: prep ## Rewrites all Terraform configuration files to a canonical format.
@terraform fmt \
-write=true \
-recursive
# https://github.com/terraform-linters/tflint
lint: prep ## Check for possible errors, best practices, etc in current directory!
@tflint
# https://github.com/liamg/tfsec
check-security: prep ## Static analysis of your terraform templates to spot potential security issues.
@tfsec .
documentation: prep ## Generate README.md for a module
@terraform-docs \
markdown table \
--sort-by-required . > README.md
plan-target: prep ## Shows what a plan looks like for applying a specific resource
@echo "$(YELLOW)$(BOLD)[INFO] $(RESET)"; echo "Example to type for the following question: module.rds.aws_route53_record.rds-master"
@read -p "PLAN target: " DATA && \
terraform plan \
-lock=true \
-input=true \
-refresh=true \
-var-file="$(VARS)" \
-target=$$DATA
plan-destroy: prep ## Creates a destruction plan.
@terraform plan \
-input=false \
-refresh=true \
-destroy \
-var-file="$(VARS)"
apply: prep ## Have terraform do the things. This will cost money.
@terraform apply \
-lock=true \
-input=false \
-refresh=true \
-var-file="$(VARS)"
destroy: prep ## Destroy the things
@terraform destroy \
-lock=true \
-input=false \
-refresh=true \
-var-file="$(VARS)"
destroy-target: prep ## Destroy a specific resource. Caution though, this destroys chained resources.
@echo "$(YELLOW)$(BOLD)[INFO] Specifically destroy a piece of Terraform data.$(RESET)"; echo "Example to type for the following question: module.rds.aws_route53_record.rds-master"
@read -p "Destroy target: " DATA && \
terraform destroy \
-lock=true \
-input=false \
-refresh=true \
-var-file=$(VARS) \
-target=$$DATA
destroy-backend: ## Destroy S3 bucket and DynamoDB table
@if ! aws --profile $(AWS_PROFILE) dynamodb delete-table \
--region $(REGION) \
--table-name $(DYNAMODB_TABLE) > /dev/null 2>&1 ; then \
echo "$(BOLD)$(RED)Unable to delete DynamoDB table $(DYNAMODB_TABLE)$(RESET)"; \
else
echo "$(BOLD)$(RED)DynamoDB table $(DYNAMODB_TABLE) does not exist.$(RESET)"; \
fi
@if ! aws --profile $(AWS_PROFILE) s3api delete-objects \
--region $(REGION) \
--bucket $(S3_BUCKET) \
--delete "$$(aws --profile $(AWS_PROFILE) s3api list-object-versions \
--region $(REGION) \
--bucket $(S3_BUCKET) \
--output=json \
--query='{Objects: Versions[].{Key:Key,VersionId:VersionId}}')" > /dev/null 2>&1 ; then \
echo "$(BOLD)$(RED)Unable to delete objects in S3 bucket $(S3_BUCKET)$(RESET)"; \
fi
@if ! aws --profile $(AWS_PROFILE) s3api delete-objects \
--region $(REGION) \
--bucket $(S3_BUCKET) \
--delete "$$(aws --profile $(AWS_PROFILE) s3api list-object-versions \
--region $(REGION) \
--bucket $(S3_BUCKET) \
--output=json \
--query='{Objects: DeleteMarkers[].{Key:Key,VersionId:VersionId}}')" > /dev/null 2>&1 ; then \
echo "$(BOLD)$(RED)Unable to delete markers in S3 bucket $(S3_BUCKET)$(RESET)"; \
fi
@if ! aws --profile $(AWS_PROFILE) s3api delete-bucket \
--region $(REGION) \
--bucket $(S3_BUCKET) > /dev/null 2>&1 ; then \
echo "$(BOLD)$(RED)Unable to delete S3 bucket $(S3_BUCKET) itself$(RESET)"; \
fi

4
.infrastructure/Makefile.env Normal file
View File

@@ -0,0 +1,4 @@
ENV="prod"
REGION="eu-west-1"
PROJECT="onmyojideckbuilder"
AWS_PROFILE="admin"

29
.infrastructure/lambda/main.js Normal file
View File

@@ -0,0 +1,29 @@
"use strict";
exports.handler = (event, context, callback) => {
// Extract the request from the Cloudfront event that is sent to Lambda@Edge
var request = event.Records[0].cf.request;
// Extract the URI from the request
var oldURI = request.uri;
// Match any '/' that occurs at the end of a URI. Replace it with a default index
function replace_uri(uri) {
uri = uri.replace(/\/$/, "/index.html");
// uri = uri.replace(/\.io\/search\?q\=(.*)/, ".io/search/index.html?q=$1");
// console.log(uri)
return uri;
}
// var newURI = oldURI.replace(/\/$/, "/index.html");
var newURI = replace_uri(oldURI);
// Log the URI as received by Cloudfront and the new URI to be used to fetch from the origin
console.log(`Old URI: ${oldURI}`);
console.log(`New URI: ${newURI}`);
// Replace the received URI with the URI that includes the index page
request.uri = newURI;
// Return to Cloudfront
return callback(null, request);
};

BIN
.infrastructure/lambda/main.js.zip Normal file
View File

Binary file not shown.

133
.infrastructure/main.tf Normal file
View File

@@ -0,0 +1,133 @@
# aws config
provider "aws" {
region = var.region
profile = var.profile
version = "~> 2.66"
}
provider "aws" {
alias = "us_east_1"
profile = var.profile
region = "us-east-1"
}
# tags
locals {
tags = {
"Project" = "onmyoji-deck-builder"
"Description" = "website to build and share onmyoji decks"
}
}
# cloudfront
module "cloudfront_s3_cdn" {
source = "git::https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn.git?ref=tags/0.52.0"
stage = var.stage
name = var.name
parent_zone_id = var.parent_zone_id
acm_certificate_arn = var.acm_certificate_arn
use_regional_s3_endpoint = true
origin_force_destroy = true
compress = true
cors_allowed_headers = ["*"]
cors_allowed_methods = ["GET", "HEAD", "PUT", "POST"]
cors_allowed_origins = var.allowed_origins
tags = local.tags
aliases = var.aliases
index_document = "index.html"
lambda_function_association = [
{
event_type : "origin-request",
lambda_arn : aws_lambda_function.directory_indexes.qualified_arn,
include_body : false
}
]
# this policy sets the bucket to be public for all newly created files
additional_bucket_policy = <<-EOT
{
"Version": "2012-10-17",
"Statement": [
{
"Sid":"PublicRead",
"Effect":"Allow",
"Principal":"*",
"Action":["s3:GetObject"],
"Resource":"arn:aws:s3:::${module.cloudfront_s3_cdn.s3_bucket}/*"
}
]
}
EOT
}
data "archive_file" "lambda_main" {
type = "zip"
source_file = var.source_file
output_path = "${var.source_file}.zip"
}
resource "aws_lambda_function" "directory_indexes" {
provider = aws.us_east_1
function_name = "${var.stage}-${var.name}-directory_indexes"
filename = "${var.source_file}.zip"
source_code_hash = data.archive_file.lambda_main.output_base64sha256
# s3_bucket = aws_s3_bucket.lambda_s3.id
# s3_key = var.lambda_key
handler = var.handler
runtime = var.runtime
role = aws_iam_role.lambda_role.arn
publish = true
tags = local.tags
depends_on = [aws_iam_role_policy_attachment.lambda_logging]
}
## Lambda iam role & policies
resource "aws_iam_role" "lambda_role" {
name = "${var.stage}-${var.name}-lambda"
tags = local.tags
assume_role_policy = <<-EOT
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com",
"edgelambda.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
EOT
}
resource "aws_iam_policy" "lambda_logging" {
name = "${var.stage}-${var.name}-lambda_logging"
policy = <<-EOT
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*",
"Effect": "Allow"
}
]
}
EOT
}
resource "aws_iam_role_policy_attachment" "lambda_logging" {
role = aws_iam_role.lambda_role.name
policy_arn = aws_iam_policy.lambda_logging.arn
}

39
.infrastructure/outputs.tf Normal file
View File

@@ -0,0 +1,39 @@
output "cf_id" {
value = module.cloudfront_s3_cdn.cf_id
description = "ID of AWS CloudFront distribution"
}
output "cf_arn" {
value = module.cloudfront_s3_cdn.cf_arn
description = "ARN of AWS CloudFront distribution"
}
output "cf_status" {
value = module.cloudfront_s3_cdn.cf_status
description = "Current status of the distribution"
}
output "cf_domain_name" {
value = module.cloudfront_s3_cdn.cf_domain_name
description = "Domain name corresponding to the distribution"
}
output "cf_etag" {
value = module.cloudfront_s3_cdn.cf_etag
description = "Current version of the distribution's information"
}
output "cf_hosted_zone_id" {
value = module.cloudfront_s3_cdn.cf_hosted_zone_id
description = "CloudFront Route 53 zone ID"
}
output "s3_bucket" {
value = module.cloudfront_s3_cdn.s3_bucket
description = "Name of S3 bucket"
}
output "s3_bucket_domain_name" {
value = module.cloudfront_s3_cdn.s3_bucket_domain_name
description = "Domain of S3 bucket"
}

19
.infrastructure/prod-eu-west-1.tfvars Normal file
View File

@@ -0,0 +1,19 @@
# module
name = "onmyojideckbuilder"
region = "eu-west-1"
stage = "prod"
profile = "admin"
# cloudfront
acm_certificate_arn = "arn:aws:acm:us-east-1:745437999005:certificate/f510b1b0-f475-43c6-a217-e884b77a894d"
parent_zone_id = "Z0511918V1SF3MCG22JU"
aliases = ["onmyojideckbuilder.com"]
allowed_origins = ["*.onmyojideckbuilder.com"]
# s3 & lambda
acl = "private"
lambda_key = "main.zip"
source_file = "./lambda/main.js"
handler = "main.handler"
runtime = "nodejs12.x"
s3_region = "us-east-1"

1
.infrastructure/terraform.tfstate.d/prod-eu-west-1/.terraform.tfstate.lock.info Normal file
View File

@@ -0,0 +1 @@
{"ID":"98905c4f-6035-74f7-7650-6a47316a4218","Operation":"OperationTypeApply","Info":"","Who":"dtomlinson@daniel-macbook.local","Version":"0.13.5","Created":"2021-03-18T00:59:02.31725Z","Path":"terraform.tfstate.d/prod-eu-west-1/terraform.tfstate"}

608
.infrastructure/terraform.tfstate.d/prod-eu-west-1/terraform.tfstate Normal file
View File

@@ -0,0 +1,608 @@
{
"version": 4,
"terraform_version": "0.13.5",
"serial": 14,
"lineage": "baf13f49-a91e-4ef3-40f8-b010f53cf030",
"outputs": {
"s3_bucket": {
"value": "prod-onmyojideckbuilder-origin",
"type": "string"
},
"s3_bucket_domain_name": {
"value": "prod-onmyojideckbuilder-origin.s3.eu-west-1.amazonaws.com",
"type": "string"
}
},
"resources": [
{
"mode": "data",
"type": "archive_file",
"name": "lambda_main",
"provider": "provider[\"registry.terraform.io/hashicorp/archive\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"excludes": null,
"id": "320d4868dd37d1674e98bd790b8a54b006838d04",
"output_base64sha256": "5EVmwQDkgGfYMpMXNaWHUz3cmb/dSssoWl8mM8o3aMs=",
"output_md5": "611fc9e8b494e4b399217f632b8e35ed",
"output_path": "./lambda/main.js.zip",
"output_sha": "320d4868dd37d1674e98bd790b8a54b006838d04",
"output_size": 601,
"source": [],
"source_content": null,
"source_content_filename": null,
"source_dir": null,
"source_file": "./lambda/main.js",
"type": "zip"
}
}
]
},
{
"mode": "managed",
"type": "aws_iam_policy",
"name": "lambda_logging",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::745437999005:policy/prod-onmyojideckbuilder-lambda_logging",
"description": "",
"id": "arn:aws:iam::745437999005:policy/prod-onmyojideckbuilder-lambda_logging",
"name": "prod-onmyojideckbuilder-lambda_logging",
"name_prefix": null,
"path": "/",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\"\n ],\n \"Resource\": \"arn:aws:logs:*:*:*\",\n \"Effect\": \"Allow\"\n }\n ]\n}\n"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_role",
"name": "lambda_role",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::745437999005:role/prod-onmyojideckbuilder-lambda",
"assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"lambda.amazonaws.com\",\"edgelambda.amazonaws.com\"]},\"Action\":\"sts:AssumeRole\"}]}",
"create_date": "2021-03-18T00:54:31Z",
"description": "",
"force_detach_policies": false,
"id": "prod-onmyojideckbuilder-lambda",
"max_session_duration": 3600,
"name": "prod-onmyojideckbuilder-lambda",
"name_prefix": null,
"path": "/",
"permissions_boundary": null,
"tags": {
"Description": "website to build and share onmyoji decks",
"Project": "onmyoji-deck-builder"
},
"unique_id": "AROA23D4RF6OTBMEPSDVE"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_role_policy_attachment",
"name": "lambda_logging",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "prod-onmyojideckbuilder-lambda-20210318005433729100000002",
"policy_arn": "arn:aws:iam::745437999005:policy/prod-onmyojideckbuilder-lambda_logging",
"role": "prod-onmyojideckbuilder-lambda"
},
"private": "bnVsbA==",
"dependencies": [
"aws_iam_policy.lambda_logging",
"aws_iam_role.lambda_role"
]
}
]
},
{
"mode": "managed",
"type": "aws_lambda_function",
"name": "directory_indexes",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"].us_east_1",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:lambda:us-east-1:745437999005:function:prod-onmyojideckbuilder-directory_indexes",
"dead_letter_config": [],
"description": "",
"environment": [],
"file_system_config": [],
"filename": "./lambda/main.js.zip",
"function_name": "prod-onmyojideckbuilder-directory_indexes",
"handler": "main.handler",
"id": "prod-onmyojideckbuilder-directory_indexes",
"invoke_arn": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:745437999005:function:prod-onmyojideckbuilder-directory_indexes/invocations",
"kms_key_arn": "",
"last_modified": "2021-03-18T00:54:40.108+0000",
"layers": null,
"memory_size": 128,
"publish": true,
"qualified_arn": "arn:aws:lambda:us-east-1:745437999005:function:prod-onmyojideckbuilder-directory_indexes:1",
"reserved_concurrent_executions": -1,
"role": "arn:aws:iam::745437999005:role/prod-onmyojideckbuilder-lambda",
"runtime": "nodejs12.x",
"s3_bucket": null,
"s3_key": null,
"s3_object_version": null,
"source_code_hash": "5EVmwQDkgGfYMpMXNaWHUz3cmb/dSssoWl8mM8o3aMs=",
"source_code_size": 601,
"tags": {
"Description": "website to build and share onmyoji decks",
"Project": "onmyoji-deck-builder"
},
"timeout": 3,
"timeouts": null,
"tracing_config": [
{
"mode": "PassThrough"
}
],
"version": "1",
"vpc_config": []
},
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9fQ==",
"dependencies": [
"aws_iam_policy.lambda_logging",
"aws_iam_role.lambda_role",
"aws_iam_role_policy_attachment.lambda_logging",
"data.archive_file.lambda_main"
]
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "origin",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "637012258",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"PublicRead\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": \"arn:aws:s3:::prod-onmyojideckbuilder-origin/*\",\n \"Principal\": \"*\"\n }\n ]\n}",
"override_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\":\"PublicRead\",\n \"Effect\":\"Allow\",\n \"Principal\":\"*\",\n \"Action\":[\"s3:GetObject\"],\n \"Resource\":\"arn:aws:s3:::prod-onmyojideckbuilder-origin/*\"\n }\n ]\n}\n",
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"s3:GetObject"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"${cloudfront_origin_access_identity_iam_arn}"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::${bucket_name}${origin_path}*"
],
"sid": "S3GetObjectForCloudFront"
},
{
"actions": [
"s3:ListBucket"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"${cloudfront_origin_access_identity_iam_arn}"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::${bucket_name}"
],
"sid": "S3ListBucketForCloudFront"
}
],
"version": "2012-10-17"
}
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "origin_website",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "2989024212",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"*\"\n }\n },\n {\n \"Sid\": \"PublicRead\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": \"arn:aws:s3:::prod-onmyojideckbuilder-origin/*\",\n \"Principal\": \"*\"\n }\n ]\n}",
"override_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\":\"PublicRead\",\n \"Effect\":\"Allow\",\n \"Principal\":\"*\",\n \"Action\":[\"s3:GetObject\"],\n \"Resource\":\"arn:aws:s3:::prod-onmyojideckbuilder-origin/*\"\n }\n ]\n}\n",
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"s3:GetObject"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"*"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::${bucket_name}${origin_path}*"
],
"sid": "S3GetObjectForCloudFront"
}
],
"version": "2012-10-17"
}
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "data",
"type": "aws_s3_bucket",
"name": "selected",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:s3:::prod-onmyojideckbuilder-origin",
"bucket": "prod-onmyojideckbuilder-origin",
"bucket_domain_name": "prod-onmyojideckbuilder-origin.s3.amazonaws.com",
"bucket_regional_domain_name": "prod-onmyojideckbuilder-origin.s3.eu-west-1.amazonaws.com",
"hosted_zone_id": "Z1BKCTXD74EZPE",
"id": "prod-onmyojideckbuilder-origin",
"region": "eu-west-1",
"website_domain": null,
"website_endpoint": null
}
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "data",
"type": "template_file",
"name": "default",
"provider": "provider[\"registry.terraform.io/hashicorp/template\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"filename": null,
"id": "fe3f480e1db2aede6d6d5ec8f112356a914f3fe62dc64248e9a9ee28c0b51963",
"rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::prod-onmyojideckbuilder-origin/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2UDO80PGVO0I7\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::prod-onmyojideckbuilder-origin\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2UDO80PGVO0I7\"\n }\n },\n {\n \"Sid\": \"PublicRead\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": \"arn:aws:s3:::prod-onmyojideckbuilder-origin/*\",\n \"Principal\": \"*\"\n }\n ]\n}",
"template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}${origin_path}*\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::${bucket_name}\",\n \"Principal\": {\n \"AWS\": \"${cloudfront_origin_access_identity_iam_arn}\"\n }\n },\n {\n \"Sid\": \"PublicRead\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": \"arn:aws:s3:::prod-onmyojideckbuilder-origin/*\",\n \"Principal\": \"*\"\n }\n ]\n}",
"vars": {
"bucket_name": "prod-onmyojideckbuilder-origin",
"cloudfront_origin_access_identity_iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2UDO80PGVO0I7",
"origin_path": "/"
}
}
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "managed",
"type": "aws_cloudfront_origin_access_identity",
"name": "default",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"caller_reference": "terraform-20210318005431202400000001",
"cloudfront_access_identity_path": "origin-access-identity/cloudfront/E2UDO80PGVO0I7",
"comment": "prod-onmyojideckbuilder",
"etag": "E1TCA4Q1CA5VJS",
"iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2UDO80PGVO0I7",
"id": "E2UDO80PGVO0I7",
"s3_canonical_user_id": "0cfcad41a6b0276d057a0ebf19d20c199a1506b2fff651979fa92da43f68347b1f60e881f157f22b76dde44b55009f31"
},
"private": "bnVsbA=="
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "managed",
"type": "aws_s3_bucket",
"name": "origin",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"acceleration_status": "",
"acl": "private",
"arn": "arn:aws:s3:::prod-onmyojideckbuilder-origin",
"bucket": "prod-onmyojideckbuilder-origin",
"bucket_domain_name": "prod-onmyojideckbuilder-origin.s3.amazonaws.com",
"bucket_prefix": null,
"bucket_regional_domain_name": "prod-onmyojideckbuilder-origin.s3.eu-west-1.amazonaws.com",
"cors_rule": [
{
"allowed_headers": [
"*"
],
"allowed_methods": [
"GET",
"HEAD",
"PUT",
"POST"
],
"allowed_origins": [
"*.onmyojideckbuilder.com"
],
"expose_headers": [
"ETag"
],
"max_age_seconds": 3600
},
{
"allowed_headers": [
"*"
],
"allowed_methods": [
"GET",
"HEAD",
"PUT",
"POST"
],
"allowed_origins": [
"onmyojideckbuilder.com"
],
"expose_headers": [
"ETag"
],
"max_age_seconds": 3600
}
],
"force_destroy": true,
"grant": [],
"hosted_zone_id": "Z1BKCTXD74EZPE",
"id": "prod-onmyojideckbuilder-origin",
"lifecycle_rule": [],
"logging": [],
"object_lock_configuration": [],
"policy": null,
"region": "eu-west-1",
"replication_configuration": [],
"request_payer": "BucketOwner",
"server_side_encryption_configuration": [
{
"rule": [
{
"apply_server_side_encryption_by_default": [
{
"kms_master_key_id": "",
"sse_algorithm": "AES256"
}
]
}
]
}
],
"tags": {
"Attributes": "origin",
"Description": "website to build and share onmyoji decks",
"Name": "prod-onmyojideckbuilder-origin",
"Project": "onmyoji-deck-builder",
"Stage": "prod"
},
"versioning": [
{
"enabled": true,
"mfa_delete": false
}
],
"website": [],
"website_domain": null,
"website_endpoint": null
},
"private": "bnVsbA=="
}
]
},
{
"module": "module.cloudfront_s3_cdn",
"mode": "managed",
"type": "aws_s3_bucket_policy",
"name": "default",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"bucket": "prod-onmyojideckbuilder-origin",
"id": "prod-onmyojideckbuilder-origin",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"S3GetObjectForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::prod-onmyojideckbuilder-origin/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2UDO80PGVO0I7\"\n }\n },\n {\n \"Sid\": \"S3ListBucketForCloudFront\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::prod-onmyojideckbuilder-origin\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2UDO80PGVO0I7\"\n }\n },\n {\n \"Sid\": \"PublicRead\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Resource\": \"arn:aws:s3:::prod-onmyojideckbuilder-origin/*\",\n \"Principal\": \"*\"\n }\n ]\n}"
},
"private": "bnVsbA==",
"dependencies": [
"module.cloudfront_s3_cdn.aws_cloudfront_origin_access_identity.default",
"module.cloudfront_s3_cdn.aws_s3_bucket.origin",
"module.cloudfront_s3_cdn.data.aws_iam_policy_document.origin",
"module.cloudfront_s3_cdn.data.aws_iam_policy_document.origin_website",
"module.cloudfront_s3_cdn.data.template_file.default"
]
}
]
},
{
"module": "module.cloudfront_s3_cdn.module.logs",
"mode": "managed",
"type": "aws_s3_bucket",
"name": "default",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"acceleration_status": "",
"acl": "log-delivery-write",
"arn": "arn:aws:s3:::prod-onmyojideckbuilder-logs",
"bucket": "prod-onmyojideckbuilder-logs",
"bucket_domain_name": "prod-onmyojideckbuilder-logs.s3.amazonaws.com",
"bucket_prefix": null,
"bucket_regional_domain_name": "prod-onmyojideckbuilder-logs.s3.eu-west-1.amazonaws.com",
"cors_rule": [],
"force_destroy": true,
"grant": [],
"hosted_zone_id": "Z1BKCTXD74EZPE",
"id": "prod-onmyojideckbuilder-logs",
"lifecycle_rule": [
{
"abort_incomplete_multipart_upload_days": 5,
"enabled": true,
"expiration": [
{
"date": "",
"days": 90,
"expired_object_delete_marker": false
}
],
"id": "prod-onmyojideckbuilder-logs",
"noncurrent_version_expiration": [
{
"days": 90
}
],
"noncurrent_version_transition": [
{
"days": 30,
"storage_class": "GLACIER"
}
],
"prefix": "",
"tags": null,
"transition": [
{
"date": "",
"days": 30,
"storage_class": "STANDARD_IA"
},
{
"date": "",
"days": 60,
"storage_class": "GLACIER"
}
]
}
],
"logging": [],
"object_lock_configuration": [],
"policy": "",
"region": "eu-west-1",
"replication_configuration": [],
"request_payer": "BucketOwner",
"server_side_encryption_configuration": [
{
"rule": [
{
"apply_server_side_encryption_by_default": [
{
"kms_master_key_id": "",
"sse_algorithm": "AES256"
}
]
}
]
}
],
"tags": {
"Attributes": "logs",
"Description": "website to build and share onmyoji decks",
"Name": "prod-onmyojideckbuilder-logs",
"Project": "onmyoji-deck-builder",
"Stage": "prod"
},
"versioning": [
{
"enabled": false,
"mfa_delete": false
}
],
"website": [],
"website_domain": null,
"website_endpoint": null
},
"private": "bnVsbA=="
}
]
},
{
"module": "module.cloudfront_s3_cdn.module.logs",
"mode": "managed",
"type": "aws_s3_bucket_public_access_block",
"name": "default",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"block_public_acls": true,
"block_public_policy": true,
"bucket": "prod-onmyojideckbuilder-logs",
"id": "prod-onmyojideckbuilder-logs",
"ignore_public_acls": true,
"restrict_public_buckets": true
},
"private": "bnVsbA==",
"dependencies": [
"module.cloudfront_s3_cdn.module.logs.aws_s3_bucket.default"
]
}
]
}
]
}

55
.infrastructure/variables.tf Normal file
View File

@@ -0,0 +1,55 @@
variable "name" {
}
variable "region" {
}
variable "stage" {
}
variable "profile" {
}
variable "acm_certificate_arn" {
}
variable "parent_zone_id" {
}
variable "aliases" {
}
variable "allowed_origins" {
}
variable "acl" {
}
variable "lambda_key" {
}
variable "source_file" {
}
variable "handler" {
}
variable "runtime" {
}
variable "s3_region" {
}