Terraform module which provision required AWS resources to host a performant and secured static website.
This Terraform module creates the following AWS resources:
- AWS Certificate Manager: wildcard certificate for your domain.
- S3
- Bucket #1: to store logs.
- Bucket #2: to store the content (
example.com). - Bucket #3: to redirect a different subdomain to the main domain (e.g.,
www.example.comredirected toexample.com).
- CloudFront
- Distribution #1: to frontend the website.
- Distribution #2: to frontend the subdomain that will be redirected to the main domain.
- Route53 record sets pointing to the two CloudFront distributions.
- This module is meant for use with Terraform 0.12+. It has not been tested with previous versions of Terraform.
- An AWS account and your credentials (
aws_access_key_idandaws_secret_access_key) configured. There are several ways to do this (environment variables, shared credentials file, etc.); more information in the AWS Provider documentation. - Your domain already configured as a hosted zone on Route53.
provider "aws" {
region = "eu-west-3"
shared_credentials_file = "~/.aws/credentials"
}
module "aws_static_website" {
source = "cloudmaniac/static-website/aws"
# This is the domain as defined in Route53
domains-zone-root = "cloudmaniac.net"
# Domains used for CloudFront
website-domain-main = "cloudmaniac.net"
website-domain-redirect = "www.cloudmaniac.net"
website-additional-domains = ["noredir1.cloudmaniac.net","noredir2.cloudmaniac.net"]
}Although AWS services are available in many locations, some of them require the us-east-1 (N. Virginia) region to be configured:
- To use an ACM certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region. ACM certificates in this region associated with a CloudFront distribution are distributed to all the geographic locations configured for that distribution.
For that reason, the module includes an aliased provider definition to create supplemental resources in the us-east-1 region when required. Remaining resources from the module will inherit default (un-aliased) provider configurations from the parent.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| domains-zone-root | Root zone under which the domain should be registered in Route 53 | string | - | yes |
| website-domain-main | Domain for the website (e.g., example.com) |
string | - | yes |
| website-domain-redirect | Alternate subdomain to redirect to the main website (e.g., www.example.com) |
string | - | yes |
| support-spa | Determine if website is SPA (Single-Page Application) to direct 404 response to index.html | bool | false |
no |
| website-additional-domains | Main website additional domains (e.g., noredir.example.com) that don't need redirection |
list(string) | [] | no |
| cloudfront_lambda_function_arn | ARN of optional AWS Lambda Function that can be associated with the CloudFront distribution to provide custom behaviour | string | - | no |
| cloudfront_lambda_function_event_type | The type of event that triggers the above Lambda Function (documentation) | string | origin-request |
no |
| Name | Description |
|---|---|
| website_cdn_root_id | CloudFront Distribution ID |
Module written by @cloudmaniac.
Module Support: terraform-aws-static-website. Contributions and comments are welcomed.
- Blog post describing the thought process behind this: My Wordpress to Hugo Migration #2 - Hosting
- Use versioning on S3 buckets instead of invalidation
- Secure S3 buckets
- Optional enhanced version with Lambda@Edge configuration and S3 endpoint (REST endpoint) used as the origin
- Variable names cleaning
- Add more outputs