Terraform AWS Static Site Hosting

This module creates and manages Static Site hosting on AWS, mainly using S3 and Cloudfront.

Usage

Example module usage:

# Because this module _might_ utilise CloudFront resources,
# which are required to be launched in the us-east-1 region,
# an AWS provider with the 'us-east-1' region must be provided
#
# It's not yet possible to conditionally require a regional AWS provider
provider "aws" {
  region = "us-east-1"
  alias  = "useast1"
}

module "static_site_hosting" {
  source  = "github.com/chris-qa-org/terraform-aws-static-site-hosting?ref=v0.1.0"

  project_name = "my-project"

  # site_host_name = ""

  #  providers = {
  #    aws.useast1 = aws.useast1
  #  }

  # static_site_s3_acl               = "private"
  # static_site_s3_enable_encryption = true
  # enable_s3_access_logs            = false
  # s3_static_site_force_destroy     = false
  # s3_logs_force_destroy            = false

  # enable_cloudfront                          = true
  # cloudfront_static_site_web_acl_id          = null
  # cloudfront_static_site_tls_certificate_arn = ""
  # cloudfront_static_site_default_cache_behaviour = {}
  # cloudfront_static_site_custom_error_responses = {
  #    "404" = {
  #      response_code      = "404",
  #      response_page_path = "/404.html"
  #   }
  # }
  # cloudfront_static_site_default_root_object = "index.html"
  # cloudfront_static_site_price_class         = "PriceClass_100"
  # cloudfront_static_site_restrictions = {
  #   geo_restriction = {
  #     restriction_type = "none"
  #     locations        = []
  #   }
  # }
  # cloudfront_static_site_is_ipv6_enabled = true
  # cloudfront_static_site_http_version = "http2"
  # enable_cloudfront_static_site_logs = true
}

Requirements

Name	Version
terraform	>= 1.4.4
aws	>= 4.64.0

Providers

Name	Version
aws	4.64.0
aws.useast1	4.64.0

Resources

Name	Type
aws_acm_certificate.cloudfront_static_site	resource
aws_acm_certificate_validation.cloudfront_static_site	resource
aws_cloudfront_cache_policy.static_site	resource
aws_cloudfront_distribution.site_www_redirect	resource
aws_cloudfront_distribution.static_site	resource
aws_cloudfront_origin_access_control.static_site	resource
aws_cloudfront_origin_request_policy.static_site	resource
aws_route53_record.cloudfront_static_site_tls_certificate_dns_validation	resource
aws_route53_record.static_site	resource
aws_route53_record.static_site_www_redirect	resource
aws_s3_bucket.logs	resource
aws_s3_bucket.site_redirect_to_www	resource
aws_s3_bucket.static_site	resource
aws_s3_bucket_acl.cloudfront_logs	resource
aws_s3_bucket_acl.logs	resource
aws_s3_bucket_acl.site_redirect_to_www	resource
aws_s3_bucket_acl.static_site	resource
aws_s3_bucket_logging.site_redirect_to_www	resource
aws_s3_bucket_logging.static_site	resource
aws_s3_bucket_ownership_controls.logs	resource
aws_s3_bucket_ownership_controls.site_redirect_to_www	resource
aws_s3_bucket_ownership_controls.static_site	resource
aws_s3_bucket_policy.logs	resource
aws_s3_bucket_policy.site_redirect_to_www	resource
aws_s3_bucket_policy.static_site	resource
aws_s3_bucket_public_access_block.logs	resource
aws_s3_bucket_public_access_block.site_redirect_to_www	resource
aws_s3_bucket_public_access_block.static_site	resource
aws_s3_bucket_server_side_encryption_configuration.logs	resource
aws_s3_bucket_server_side_encryption_configuration.site_redirect_to_www	resource
aws_s3_bucket_server_side_encryption_configuration.static_site	resource
aws_s3_bucket_versioning.logs	resource
aws_s3_bucket_versioning.site_redirect_to_www	resource
aws_s3_bucket_versioning.static_site	resource
aws_s3_bucket_website_configuration.site_redirect_to_www	resource
aws_s3_bucket_website_configuration.static_site	resource
aws_s3_object.static_site_index	resource
aws_caller_identity.current	data source
aws_canonical_user_id.current	data source
aws_route53_zone.static_site	data source

Inputs

Name	Description	Type	Default	Required
cloudfront_static_site_custom_error_responses	CloudFront Static Site custom error responses	map(object({ response_code = string response_page_path = string }))	{ "404": { "response_code": "404", "response_page_path": "/404.html" } }	no
cloudfront_static_site_default_cache_behaviour	Default cache behaviour block for the Static Site CloudFront Distribution	object({ allowed_methods = optional(list(string), ["GET", "HEAD"]) cached_methods = optional(list(string), ["GET", "HEAD"]) cache_policy_id = optional(string, null) compress = optional(bool, true) default_ttl = optional(number, 0) lambda_function_associations = optional(map(object({ event_type = string lambda_arn = string include_body = optional(bool, false) })), {}) function_associations = optional(map(object({ event_type = string function_arn = string })), {}) max_ttl = optional(number, 31536000) min_ttl = optional(number, 1) origin_request_policy_id = optional(string, null) realtime_log_config_arn = optional(string, null) response_headers_policy_id = optional(string, null) smooth_streaming = optional(bool, false) trusted_signers = optional(list(string), null) viewer_protocol_policy = optional(string, "redirect-to-https") })	{}	no
cloudfront_static_site_default_root_object	CloudFront Static Site default root object	string	"index.html"	no
cloudfront_static_site_http_version	CloudFront Static Site http version	string	"http2"	no
cloudfront_static_site_is_ipv6_enabled	CloudFront Static Site enable ipv6	bool	true	no
cloudfront_static_site_price_class	CloudFront Static Site price class	string	"PriceClass_100"	no
cloudfront_static_site_restrictions	Cloudfront Static Site restrictions block	object({ geo_restriction = optional(object({ restriction_type = string locations = list(string) })) })	{ "geo_restriction": { "locations": [], "restriction_type": "none" } }	no
cloudfront_static_site_tls_certificate_arn	CloudFront static site TLS Certificate ARN. This is not required, as one will be created based on the site_url. Use this only if the created certificate is not sufficient.	string	""	no
cloudfront_static_site_web_acl_id	CloudFront static site Web ACL id	string	null	no
enable_cloudfront	Enable creation of CloudFront Distribution	bool	true	no
enable_cloudfront_static_site_logs	Enable CloudFront Staci Site logging to the logs bucket	bool	true	no
enable_s3_access_logs	Enable S3 access logs	bool	true	no
project_name	Project Name	string	n/a	yes
route53_zone_id	Route53 zone id. If provided, the certificate validation records and site records will be created in that zone	string	""	no
s3_logs_force_destroy	Force destroy Logs S3 bucket	bool	false	no
s3_static_site_force_destroy	Force destroy Static Site S3 bucket	bool	false	no
site_host_name	Site Host Name. This will be used for Certificate generation and CloudFront aliases	string	""	no
site_redirect_to_www	Conditionally redirect to www.<site_host_name>	bool	false	no
static_site_s3_acl	Static Site S3 ACL	string	"private"	no
static_site_s3_enable_encryption	Static Site S3 Enable Encyption	bool	true	no

Outputs

Name	Description
aws_s3_bucket_logs	The Logs S3 resource
aws_s3_bucket_static_site	The Static Site S3 resource