skyscrapers / terraform-website-s3-cloudfront-route53 Goto Github PK
View Code? Open in Web Editor NEWTerraform scripts to setup an S3 based static website, with a CloudFront distribution and the required Route53 entries.
License: MIT License
Terraform scripts to setup an S3 based static website, with a CloudFront distribution and the required Route53 entries.
License: MIT License
If my main site is https://example.com and redirecting the www version to the naked domain; do i need two security certificates?
I only have one currently which is for main site.
Example: example.com
In site redirect module i reused the same certificate.
So when I redirect from www.example.com browser reports certificate issue.
Thanks,
Shane.
Hi,
currently it's not possible to utilize the functionality of multiple CNAMEs for the cloudfront distribution. In my case I'm trying to register a wildcard subdomain.
Due to the missing type in the variable declaration we're not able to pass a list, although the terraform resource allows a list: https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#aliases
In addition to that: if we just provide a wildcard-domain, e.g. *.test.example.com
, the default tag handling creates invalid tags (asterisks are not allowed as it seems).
Best
The Terraform modules in this repo are frequently used. Should we publish these modules to the Terraform Registry?
The following tags are hard coded (in variables.tf):
tags.Project
tags.Environment
tags.Name
It would be good to remove the hard coding so that we can have a clean set of custom values.
it's currently hard coded to TLSv1, but that's mostly being deprecated.
Thanks
Is there any case you're aware of where you'd prefer a Route53 CNAME over A-ALIAS? ALIAS records save the client from additional DNS lookups
Both site-main
and site-redirect
try to create an aws_iam_policy
resource with the name "site.${replace("${var.domain}",".","-")}.deployer"
. Since the domain
variable will generally be the same for the main and redirect buckets, the result is an error from Terraform/AWS like:
* aws_iam_policy.site_deployer_policy: Error creating IAM policy site.my-domain-com.deployer: EntityAlreadyExists: A policy called site.my-domain-com.deployer already exists. Duplicate names are not allowed.
status code: 409, request id: 38816639-7dd1-11e6-9f1a-6d0a94ff2f5f
Seems like adding a -main
and -redirect
or something to the policy name would be an easy enough fix. Alternatively, since the deployer_role_policy.json
file that they each use is identical, perhaps just a refactor so it only tries to create it once?
Happy to make the PR myself, but wondering if you'd agree to "deployer" being optional for site-main?
Some of us already have managed IAM roles with superuser access, or some of us (bad i know) just use the root user on our own AWS accounts.
So, for these cases we don't need this IAM Role Policy Attachment.
Hi there,
I'm running into an error like this when I try to use your module:
2020/03/21 16:27:37 [ERROR] module.site-main: eval: *terraform.EvalDiff, err: "origin.0.domain_name": required field is not set
2020/03/21 16:27:37 [ERROR] module.site-main: eval: *terraform.EvalSequence, err: "origin.0.domain_name": required field is not set
2020/03/21 16:27:37 [TRACE] [walkRefresh] Exiting eval tree: module.site-main.aws_cloudfront_distribution.website_cdn
2020/03/21 16:27:37 [TRACE] vertex "module.site-main.aws_cloudfront_distribution.website_cdn": visit complete
2020/03/21 16:27:37 [TRACE] vertex "module.site-main.aws_cloudfront_distribution.website_cdn": dynamic subgraph encountered errors
2020/03/21 16:27:37 [TRACE] vertex "module.site-main.aws_cloudfront_distribution.website_cdn": visit complete
2020/03/21 16:27:37 [TRACE] dag/walk: upstream of "module.site-main.output.website_cdn_hostname" errored, so skipping
2020/03/21 16:27:37 [TRACE] dag/walk: upstream of "module.site-main.output.website_cdn_arn" errored, so skipping
2020/03/21 16:27:37 [TRACE] dag/walk: upstream of "module.site-main.output.website_cdn_zone_id" errored, so skipping
2020/03/21 16:27:37 [TRACE] dag/walk: upstream of "module.site-main.output.website_cdn_id" errored, so skipping
2020/03/21 16:27:37 [TRACE] dag/walk: upstream of "provider.aws (close)" errored, so skipping
2020/03/21 16:27:37 [TRACE] dag/walk: upstream of "root" errored, so skipping
Error: "origin.0.domain_name": required field is not set
My implementation looks like this:
module "site-main" {
source = "github.com/skyscrapers/terraform-website-s3-cloudfront-route53//site-main"
region = "eu-central-1"
domain = var.domain
bucket_name = "prefix-${var.environment}-suffix"
duplicate-content-penalty-secret = var.duplicate-content-penalty-secret
deployer = var.deployer
acm-certificate-arn = aws_acm_certificate.cert.arn
not-found-response-path = "/404.html"
}
I have 2 aws profiles: prod
and dev
. Default is dev.
Even if i set profile in provider like that:
provider "aws" {
region = "ap-northeast-2"
profile = "prod"
}
i don't know why, but it creates cloudfront distribution on my prod
profile, but other resources will be deployed on my default profile.
I added profile
variable and now it works correctly!
Hi,
I have a feature request
Expose CloudFront price_class
attribute as an optional module variable.
So I can define where on the world a website is fast accessible.
Let me know if you like this feature.
I'm willing to create a PR.
Cheers and thank you for a great module.
Describe the problem
When making terraform init - it will automatically download aws 4.2.0 - which results in error when try to terraform plan or apply.
If we use aws 3.7.0 everything works as expected
To Reproduce
Steps to reproduce the behavior:
Expected behavior
everything should work, or we should specify 3.7.0 as supported aws provider version.
Your Environment
Ubuntu 21.04
Hi,
Just ran through the modules and got an error running the module above
"target field is needed"
But the readme doesnt outline this.
Example:
module "site-redirect" {
source = "github.com/ringods/terraform-website-s3-cloudfront-route53//site-redirect"
region = "${var.region}"
domain = "www.xxx.com"
duplicate-content-penalty-secret = "some-secret-password"
deployer = "xxx"
acm-certificate-arn = "arn:aws:acm:us-east-1:118195946080:certificate/0a124b1d-6988-4d46-8f50-c7a8a567a0f9"
target = "${var.domain}"
}
Also, Im using an aws profile.
When i run the modules i have to run as
AWS_PROFILE=xxx terraform plan
does your modules support profile from aws provider?
provider "aws" {
region = "${var.region}"
profile = "thsmiko"
}
Awesome modules btw! ;-)
Hi,
I just ran chrome lighthouse test and I noticed http2 is not enabled:
https://developers.google.com/web/tools/lighthouse/audits/http2
Should that be variable defined in the module?
Thanks,
Shane.
I want to let multiple users be the 'deployer' to my s3 bucket, e.g. me, my colleagues, + the user from a CI app like Jenkins or something.
Normally to facilitate this I'd have a 'deployer' role (not user), and then authorize any of the above users assume that role so that they can deploy.
As this is coded now, there can only be one user. https://github.com/ringods/terraform-website-s3-cloudfront-route53/blob/d2e06/site-redirect/main.tf#L78
Agree it's a good idea to have this module support making a role instead? It could output the role arn, and users of this module could authorize users to assume that role as needed. https://www.terraform.io/docs/providers/aws/r/iam_role_policy_attachment.html
Alternatively, the modules could just output the policy JSON, and then users of this module could use that to send into IAM however makes sense.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.