Before you get started, you'll need a few things that are outside the scope of this module. You will need:
- A way to deploy Terraform in your environment
- An Amazon Certificate Manager certificate
- Proper IAM permissions to deploy resources in your environment either with your IAM account or a role, depending on how you deploy Terraform
- A random string of characters for a shared secret between CloudFront and S3
First, create your Amazon certificate using the normal process. Note down the ARN and supply it for the variable "acm_site_certificate_arn" below.
This chunk of code creates a site for "example.com":
module "example_site" {
source = "github.com/vermyndax/terraform-aws-s3-website"
create_www_redirect_bucket = "true"
create_cloudfront_distribution = "true"
site_github_owner = "<your-github-owner>"
site_tld = "example.com"
acm_site_certificate_arn = "arn:aws:acm:us-east-1:111111111111:certificate/00000000-0000-0000-0000-000000000000"
create_public_dns_zone = "false"
create_public_dns_site_record = "true"
create_public_dns_www_record = "true"
}| Name | Version |
|---|---|
| terraform | >= 1.1.2 |
| Name | Version |
|---|---|
| aws | n/a |
| random | n/a |
No modules.
| Name | Type |
|---|---|
| aws_cloudfront_distribution.site_cloudfront_distribution | resource |
| aws_iam_access_key.content_sync_key | resource |
| aws_iam_user.content_sync | resource |
| aws_iam_user_policy.content_sync_policy | resource |
| aws_route53_record.site_tld_record | resource |
| aws_route53_record.site_www_record | resource |
| aws_route53_zone.primary_site_tld | resource |
| aws_s3_bucket.main_site | resource |
| aws_s3_bucket.site_cloudfront_logs | resource |
| aws_s3_bucket.site_www_redirect | resource |
| aws_s3_bucket_public_access_block.cloudfront_logs_block | resource |
| aws_s3_bucket_public_access_block.content_bucket_block | resource |
| random_password.random_site_secret | resource |
| random_uuid.random_bucket_name | resource |
| aws_canonical_user_id.current | data source |
| aws_route53_zone.site_tld_selected | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| acm_site_certificate_arn | ARN of an ACM certificate to use for https on the CloudFront distribution. | string |
n/a | yes |
| cloudfront_price_class | Price class for Cloudfront. | string |
"PriceClass_100" |
no |
| content_bucket_versioning | Defines whether or not to set versioning on the content bucket. | bool |
true |
no |
| create_cloudfront_distribution | Defines whether or not to create a CloudFront distribution for the S3 bucket. | bool |
true |
no |
| create_content_sync_user | Optionally create an IAM user and access keys to sync the content bucket. Note that this will store access information in your state file. Protect it accordingly. | bool |
false |
no |
| create_public_dns_site_record | If set to true, creates a public DNS record in your site_tld hosted zone. If you do not already have a hosted zone for this TLD, you should set create_public_dns_zone to true. Otherwise, this will try to create a record in an existing zone or fail. | bool |
true |
no |
| create_public_dns_www_record | Defines whether or not to create a WWW DNS record for the site. | bool |
false |
no |
| create_public_dns_zone | If set to true, creates a public hosted zone in Route53 for your site. | bool |
false |
no |
| create_www_redirect_bucket | Defines whether or not to create a www redirect S3 bucket. | bool |
true |
no |
| error_page_object | The error page object for the Cloudfront/S3 distribution. | string |
"404.html" |
no |
| log_include_cookies | Defines whether or not CloudFront should log cookies. | bool |
false |
no |
| root_page_object | The root page object for the Cloudfront/S3 distribution. | string |
"index.html" |
no |
| site_region | Region in which to provision the site. Default: us-east-1 | string |
"us-east-1" |
no |
| site_tld | TLD of the website you want to create. A bucket will be created that is named this. Note that the module will error out if this bucket already exists in AWS. Example: example.com | string |
n/a | yes |
| Name | Description |
|---|---|
| cloudfront_distribution_id | CloudFront distribution ID. |
| content_sync_access_key | Access key ID of the optional content sync user. |
| content_sync_access_secret | Secret Access key of the optional content sync user. This is marked as sensitive and will not show in plan output, but be aware that it is stored in your state file. Encrypt accordingly. |
| content_sync_bucket_name | Bucket name that contains the content for the site. |