benoram / oram.co Goto Github PK

Describe the bug
Currently SSL Labs gives our site a grade of "A". But A+ is possible.

To Reproduce
Steps to reproduce the behavior:

1. Go to SSL Labs
2. See grade

Expected behavior
A grade of A+ is preferred.

Additional context
The problem is with Strict Transport Security (HSTS), and can be fixed with an appropriate HTTP header

Describe the bug
We are missing some http headers that can only be set with Lambda Edge for CloudFront

To Reproduce
Steps to reproduce the behavior:

1. Go to securityheaders.com
2. See grade

Expected behavior
We should have an A or even A+ grade

Additional context
AWS Reference

Now that we have the start of a new site, we should get it deployed. The rough plan is for.

S3 to host the static content (we will host using a primary and secondary bucket from different regions)
CloudFront to act as a CDN between the client and the buckets
Certificate Manager to generate TLS certs, approved automatically by DNS

The route53 zone is already in place for oram.co, so we should add the appropriate DNS records too. IPv4 and IPv6.

Success criteria:

• Infrastructure is managed by Terraform, and Terraform deploys are triggered by our CodePipeline after a successful build.
• The static site is deployed to S3 using CodeBuild triggered by CodePipeline.
• The static website is available on the Internet via https://oram.co

I expect there will still be issues reported by SSLLabs, Lighthouse and SecurityHeaders.com, among others. Those can be dealt with in subsequent releases.

Is your feature request related to a problem? Please describe.
This project should be in a different terraform org instead of cluttering up the existing one

Describe the solution you'd like
Move to workspaces in the 'benoram' organization

Keybase now supports the ability to open a chat in their app directly from a web link. So change from

https://keybase.io/benoram

to

https://keybase.io/benoram/chat

Our project needs a CICD solution to automate software builds, tests and deployments.

The scope of this first phase is to

1. Create a CodePipeline using Terraform that can retrieve source from GitHub
2. Stub out Website Build
3. Stub out Infrastructure Deploy with Terraform
4. Stub out Website Deploy

The infrastructure created in Phase 1 will be used to orchestrate the majority of software and infrastructure deployments.

Infrastructure state will be hosted with Terraform Cloud.
SSM Parameter Store will be used to store variables shared between CodePipeline stages.

Describe the solution you'd like
In addition to Github, a link to Keybase would be useful

Let's build a basic website with Vue2 and tailwindcss.

Describe the solution you'd like
The website should be built with CodeBuild using code/web/buildspec.yaml.

** Success criteria
A successful build will be logged to S3 artifact:build_output, and we will download it manually to verify everything looks good.