This Terraform module provides the required infrastructure to host a static website on S3.
Check versions for this module on:
- Github Releases: https://github.com/cn-terraform/terraform-aws-s3-static-website/releases
- Terraform Module Registry: https://registry.terraform.io/modules/cn-terraform/s3-static-website/aws
Run this command right after cloning the repository.
pre-commit install
For that you may need to install the following tools:
In order to run all checks at any point run the following command:
pre-commit run --all-files
Name | Version |
---|---|
terraform | >= 0.13 |
aws | >= 4.0 |
Name | Version |
---|---|
aws.acm_provider | 4.15.1 |
aws.main | 4.15.1 |
Name | Source | Version |
---|---|---|
s3_logs_bucket | cn-terraform/logs-s3-bucket/aws | 1.0.5 |
Name | Type |
---|---|
aws_acm_certificate.cert | resource |
aws_acm_certificate_validation.cert_validation | resource |
aws_cloudfront_distribution.website | resource |
aws_cloudfront_origin_access_identity.cf_oai | resource |
aws_route53_record.acm_certificate_validation_records | resource |
aws_route53_record.website_cloudfront_record | resource |
aws_route53_record.www_website_record | resource |
aws_route53_zone.hosted_zone | resource |
aws_s3_bucket.website | resource |
aws_s3_bucket_acl.website | resource |
aws_s3_bucket_cors_configuration.website | resource |
aws_s3_bucket_logging.website | resource |
aws_s3_bucket_policy.website | resource |
aws_s3_bucket_public_access_block.website_bucket_public_access_block | resource |
aws_s3_bucket_server_side_encryption_configuration.website_bucket_website_server_side_encryption_configuration | resource |
aws_s3_bucket_versioning.website | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
acm_certificate_arn_to_use | ACM Certificate ARN to use in case you disable automatic certificate creation. Certificate must be in us-east-1 region. | string |
"" |
no |
aws_accounts_with_read_view_log_bucket | List of AWS accounts with read permissions to log bucket | list(string) |
[] |
no |
cloudfront_additional_origins | (Optional) List of origin configurations in addiiton to the bucket that hosts the static web site. No support yet for origin shield. | list(object) |
[] |
no |
cloudfront_allowed_cached_methods | (Optional) Specifies which methods are allowed and cached by CloudFront. Can be GET, PUT, POST, DELETE or HEAD. Defaults to GET and HEAD | list(string) |
[ |
no |
cloudfront_custom_error_responses | A list of custom error responses | list(object({ |
[] |
no |
cloudfront_default_root_object | (Optional) - The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. Defaults to index.html | string |
"index.html" |
no |
cloudfront_enable_compression | (Optional, Default:false) Enable compression with Gzip or Brotli for requests with a valid Accept-Encoding header | bool |
false |
no |
cloudfront_function_association | (Optional - up to 2 per distribution) List containing information to associate a CF function to cloudfront. The first field is event_type of the CF function associated with default cache behavior, it can be viewer-request or viewer-response |
list(object({ |
[] |
no |
cloudfront_geo_restriction_locations | (Optional) - The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist). Defaults to [] | list(string) |
[] |
no |
cloudfront_geo_restriction_type | The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist. Defaults to none | string |
"none" |
no |
cloudfront_http_version | (Optional) - The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2. | string |
"http2" |
no |
cloudfront_ordered_cache_behaviors | (Optional) - List of ordered cache behavior configurations. No support yet for function associations or trusted key groups. | list(object) |
[] |
no |
cloudfront_price_class | (Optional) - The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100. Defaults to PriceClass_100 | string |
"PriceClass_100" |
no |
cloudfront_viewer_protocol_policy | Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https. Defautls to redirect-to-https | string |
"redirect-to-https" |
no |
cloudfront_web_acl_id | (Optional) A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. | string |
null |
no |
cloudfront_website_retain_on_delete | (Optional) - Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. Defaults to false. | bool |
false |
no |
cloudfront_website_wait_for_deployment | (Optional) - If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Defaults to true. | bool |
true |
no |
comment_for_cloudfront_website | Comment for the Website CloudFront Distribution | string |
"" |
no |
create_acm_certificate | Enable or disable automatic ACM certificate creation. If set to false, the variable acm_certificate_arn_to_use is required. Defaults to true | bool |
true |
no |
create_route53_hosted_zone | Enable or disable Route 53 hosted zone creation. If set to false, the variable route53_hosted_zone_id is required. Defaults to true | bool |
true |
no |
create_route53_website_records | Enable or disable creation of Route 53 records in the hosted zone. Defaults to true | bool |
true |
no |
is_ipv6_enabled | (Optional) - Whether the IPv6 is enabled for the distribution. Defaults to true | bool |
true |
no |
log_bucket_force_destroy | (Optional, Default:false) A boolean that indicates all objects (including any locked objects) should be deleted from the log bucket so that the bucket can be destroyed without error. These objects are not recoverable. | bool |
false |
no |
log_bucket_versioning_mfa_delete | (Optional) Specifies whether MFA delete is enabled in the bucket versioning configuration. Valid values: Enabled or Disabled. Defaults to Disabled | string |
"Disabled" |
no |
log_bucket_versioning_status | (Optional) The versioning state of the bucket. Valid values: Enabled or Suspended. Defaults to Enabled | string |
"Enabled" |
no |
name_prefix | Name prefix for resources on AWS | any |
n/a | yes |
route53_hosted_zone_id | The Route 53 hosted zone ID to use if create_route53_hosted_zone is false | string |
"" |
no |
tags | Resource tags | map(string) |
{} |
no |
website_bucket_acl | (Optional) The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. | string |
"private" |
no |
website_bucket_force_destroy | (Optional, Default:false) A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | bool |
false |
no |
website_cors_additional_allowed_origins | (Optional) Specifies which origins are allowed besides the domain name specified | list(string) |
[] |
no |
website_cors_allowed_headers | (Optional) Specifies which headers are allowed. Defaults to Authorization and Content-Length | list(string) |
[ |
no |
website_cors_allowed_methods | (Optional) Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD. Defaults to GET and POST | list(string) |
[ |
no |
website_cors_expose_headers | (Optional) Specifies expose header in the response. | list(string) |
[] |
no |
website_cors_max_age_seconds | (Optional) Specifies time in seconds that browser can cache the response for a preflight request. Defaults to 3600 | number |
3600 |
no |
website_domain_name | The domain name to use for the website | string |
n/a | yes |
website_error_document | (Optional) An absolute path to the document to return in case of a 4XX error. Defaults to 404.html | string |
"404.html" |
no |
website_index_document | Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders. Defaults to index.html | string |
"index.html" |
no |
website_server_side_encryption_configuration | (Optional) Map containing server-side encryption configuration for the website bucket. Defaults to no encryption. See examples/complete/main.tf for configuration example. | any |
{} |
no |
website_versioning_mfa_delete | (Optional) Specifies whether MFA delete is enabled in the bucket versioning configuration. Valid values: Enabled or Disabled. Defaults to Disabled | string |
"Disabled" |
no |
website_versioning_status | (Optional) The versioning state of the bucket. Valid values: Enabled or Suspended. Defaults to Enabled | string |
"Enabled" |
no |
www_website_bucket_acl | (Optional) The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. | string |
"private" |
no |
www_website_bucket_force_destroy | (Optional, Default:false) A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | bool |
false |
no |
www_website_redirect_enabled | (Optional) Whether to redirect www subdomain. Defaults to true. | bool |
true |
no |
www_website_versioning_enabled | (Optional) Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. Defaults to true | bool |
true |
no |
www_website_versioning_mfa_delete | (Optional) Enable MFA delete for either change the versioning state of your bucket or permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS. | bool |
false |
no |
Name | Description |
---|---|
acm_certificate_arn | The ARN of the certificate |
acm_certificate_domain_name | The domain name for which the certificate is issued |
acm_certificate_domain_validation_options | Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g. if SANs are defined. |
acm_certificate_id | The ARN of the certificate |
acm_certificate_status | Status of the certificate. |
acm_certificate_tags_all | A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block. |
cert_validation_certificate_arn | The ARN of the certificate that is being validated. |
cert_validation_id | The time at which the certificate was issued |
cert_validation_validation_record_fqdns | List of FQDNs that implement the validation. |
cloudfront_website_arn | The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID. |
cloudfront_website_caller_reference | Internal value used by CloudFront to allow future updates to the distribution configuration. |
cloudfront_website_domain_name | The domain name corresponding to the distribution. For example: d604721fxaaqy9.cloudfront.net. |
cloudfront_website_etag | The current version of the distribution's information. For example: E2QWRUHAPOMQZL. |
cloudfront_website_hosted_zone_id | The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2. |
cloudfront_website_id | The identifier for the distribution. For example: EDFDVBD632BHDS5. |
cloudfront_website_in_progress_validation_batches | The number of invalidation batches currently in progress. |
cloudfront_website_last_modified_time | The date and time the distribution was last modified. |
cloudfront_website_status | The current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system. |
cloudfront_website_tags_all | A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block. |
cloudfront_website_trusted_key_groups | List of nested attributes for active trusted key groups, if the distribution is set up to serve private content with signed URLs |
cloudfront_website_trusted_signers | List of nested attributes for active trusted signers, if the distribution is set up to serve private content with signed URLs |
hosted_zone_id | The Hosted Zone ID. This can be referenced by zone records. |
hosted_zone_name_servers | A list of name servers in the associated (or default) delegation set. Find more about delegation sets in AWS docs. |
hosted_zone_tags_all | A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block. |
route_53_record_website_fqdn | FQDN built using the zone domain and name. |
route_53_record_website_name | The name of the record. |
route_53_record_www_website_fqdn | FQDN built using the zone domain and name. |
route_53_record_www_website_name | The name of the record. |
website_bucket_arn | The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. |
website_bucket_domain_name | The bucket domain name. Will be of format bucketname.s3.amazonaws.com. |
website_bucket_hosted_zone_id | The Route 53 Hosted Zone ID for this bucket's region. |
website_bucket_id | The name of the bucket. |
website_bucket_region | The AWS region this bucket resides in. |
website_bucket_regional_domain_name | The bucket region-specific domain name. The bucket domain name including the region name, please refer to https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoints when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL. |
website_bucket_tags_all | A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block. |
website_logs_bucket_id | The name of the bucket which holds the access logs |