Initial commit

.gitignore

@@ -0,0 +1,35 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.terraform.lock.hcl

cloudfront.tf

@@ -0,0 +1,64 @@
+resource "aws_cloudfront_origin_access_identity" "default" {
+  count = var.cloudfront ? 1 : 0
+}
+
+resource "aws_cloudfront_distribution" "s3_distribution" {
+  count = var.cloudfront ? 1 : 0
+
+  origin {
+    domain_name = aws_s3_bucket.website.bucket_regional_domain_name
+    origin_id   = aws_s3_bucket.website.id
+
+    s3_origin_config {
+      origin_access_identity = aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path
+    }
+  }
+
+  enabled             = true
+  is_ipv6_enabled     = true
+  default_root_object = var.index_document
+
+  logging_config {
+    include_cookies = false
+    bucket          = "${var.bucket_name}.s3.amazonaws.com"
+    prefix          = "myprefix"
+  }
+
+  aliases = var.aliases
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = aws_s3_bucket.website.id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = var.whitelist
+    }
+  }
+
+  tags = {
+    Terraform   = "true"
+    Description = "${var.bucket_name} website cloudfront"
+    "Workspace" = terraform.workspace
+  }
+}

files/policy.json.tpl

@@ -0,0 +1,16 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "PublicReadGetObject",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": [
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::${bucket}/*"
+      ]
+    }
+  ]
+}

output.tf

@@ -0,0 +1,4 @@
+output "website_endpoint" {
+  value       = aws_s3_bucket.website.website_endpoint
+  description = "Website endpoint"
+}

s3.tf

@@ -0,0 +1,26 @@
+resource "aws_s3_bucket" "website" {
+  bucket = var.bucket_name
+
+  acl = "public-read"
+
+  policy = var.policy ? var.policy : templatefile("${path.module}/files/policy.json.tpl", {
+    bucket = var.bucket_name
+  })
+
+  force_destroy = true
+
+  lifecycle {
+    prevent_destroy = false
+  }
+
+  website {
+    index_document = var.index_document
+    error_document = var.error_document
+  }
+
+  tags = {
+    Terraform   = "true"
+    Description = "${var.bucket_name} bucket"
+    "Workspace" = terraform.workspace
+  }
+}

variables.tf

@@ -0,0 +1,30 @@
+variable "bucket_name" {}
+
+variable "index_document" {
+  default = "index.html"
+}
+
+variable "error_document" {
+  default = "index.html"
+}
+
+variable "cloudfront" {
+  default     = false
+  type        = bool
+  description = "Enable CloudFront"
+}
+
+variable "policy" {
+  default     = false
+  description = "Set custom policy"
+}
+
+variable "aliases" {
+  default     = []
+  description = "Cloudfront Array Aliases"
+}
+
+variable "whitelist" {
+  default     = ["US", "CA", "GB", "DE"]
+  description = "Cloudfront location whitelist"
+}