-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
171 lines (140 loc) · 4.48 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
# main.tf
# Data resource to retrieve the Route 53 hosted zone for the domain
data "aws_route53_zone" "zone" {
name = "aynm-rental-buyout-calculator.com"
}
# Define the main S3 bucket for the root domain with website configuration
resource "aws_s3_bucket" "aynm_rental_buyout_calculator" {
bucket = "aynm-rental-buyout-calculator"
lifecycle {
prevent_destroy = true
}
}
# Website configuration for root domain bucket
resource "aws_s3_bucket_website_configuration" "aynm_rental_buyout_calculator_website" {
bucket = aws_s3_bucket.aynm_rental_buyout_calculator.id
index_document {
suffix = "index.html"
}
error_document {
key = "error.html"
}
}
# Define the S3 bucket for www redirect with website configuration
resource "aws_s3_bucket" "www_redirect" {
bucket = "www.aynm-rental-buyout-calculator.com"
lifecycle {
prevent_destroy = true
}
}
# Website configuration for www bucket to redirect to root domain
resource "aws_s3_bucket_website_configuration" "www_redirect_website" {
bucket = aws_s3_bucket.www_redirect.id
redirect_all_requests_to {
host_name = "aynm-rental-buyout-calculator.com"
protocol = "https"
}
}
# ACM SSL Certificate in us-east-1 for CloudFront compatibility
provider "aws" {
alias = "us_east_1"
region = "us-east-1"
}
resource "aws_acm_certificate" "cert" {
provider = aws.us_east_1
domain_name = "aynm-rental-buyout-calculator.com"
subject_alternative_names = ["www.aynm-rental-buyout-calculator.com"]
validation_method = "DNS"
lifecycle {
prevent_destroy = true
}
}
resource "aws_cloudfront_function" "security_headers_function" {
name = "add-security-headers"
runtime = "cloudfront-js-1.0"
comment = "Function to add security headers to response headers"
code = file("${path.module}/add-security-headers.js")
}
# Define CloudFront distribution for S3 website
resource "aws_cloudfront_distribution" "cdn" {
origin {
domain_name = "aynm-rental-buyout-calculator.s3-website.us-east-2.amazonaws.com"
origin_id = "S3-AYNM-Buyout-Calculator"
custom_origin_config {
http_port = 80
https_port = 443
origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
}
}
enabled = true
is_ipv6_enabled = true
default_root_object = "index.html"
aliases = [
"aynm-rental-buyout-calculator.com",
"www.aynm-rental-buyout-calculator.com",
]
viewer_certificate {
acm_certificate_arn = aws_acm_certificate.cert.arn
ssl_support_method = "sni-only"
minimum_protocol_version = "TLSv1.2_2019"
}
default_cache_behavior {
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "S3-AYNM-Buyout-Calculator"
viewer_protocol_policy = "redirect-to-https"
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
function_association {
event_type = "viewer-response"
function_arn = aws_cloudfront_function.security_headers_function.arn
}
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
}
# Route 53 Record for root domain pointing to CloudFront distribution
resource "aws_route53_record" "root" {
zone_id = data.aws_route53_zone.zone.id
name = "aynm-rental-buyout-calculator.com"
type = "A"
alias {
name = aws_cloudfront_distribution.cdn.domain_name
zone_id = aws_cloudfront_distribution.cdn.hosted_zone_id
evaluate_target_health = false
}
}
# Route 53 Record for www pointing to CloudFront distribution
resource "aws_route53_record" "www_redirect" {
zone_id = data.aws_route53_zone.zone.id
name = "www.aynm-rental-buyout-calculator.com"
type = "A"
alias {
name = aws_cloudfront_distribution.cdn.domain_name
zone_id = aws_cloudfront_distribution.cdn.hosted_zone_id
evaluate_target_health = false
}
}
# SSL Validation records
resource "aws_route53_record" "cert_validation" {
for_each = {
for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
type = dvo.resource_record_type
record = dvo.resource_record_value
}
}
zone_id = data.aws_route53_zone.zone.id
name = each.value.name
type = each.value.type
records = [each.value.record]
ttl = 60
}