Skip to content

slalom-consulting-ltd/terraform-aws-cloudfront-s3

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Slalom

terraform-aws-cloudfront-s3

Build Status Latest Release pre-commit pre-commit

This Terraform module is to provision a private S3 bucket, and use it as a static website, and sit that behind a Cloudfront distribution.

Usage

Creates a static site with cloudfront distribution in front, add a file module.cloudfront.tf to your template:

module "cloudfront" {
  source       = "JamesWoolfenden/cloudfront-s3/aws"
  version      = "0.3.1"
  common_tags = var.common_tags
  bucket_name = var.bucket_name
}

The default ttl values have been set very low, you will override these (but os so helpful for development), for a more effective cache.

Providers

Name Version
aws n/a

Inputs

Name Description Type Default Required
access_log_bucket Name of your access logging bucket string "logging" no
acm_certificate_arn The ARN of the certificate to be used string "" no
bucket_acl n/a string "Private" no
bucket_name name of the bucket string n/a yes
cloudfront_default_certificate use default SSL certificate bool true no
common_tags Implements the common tags scheme map n/a yes
default_ttl default ttl values number 90 no
force_destroy n/a bool true no
locations Locations for the Distribution list
[
"GB"
]
no
max_ttl max ttl values number 300 no
min_ttl min ttl values number 30 no
price_class n/a string "PriceClass_100" no
ttl n/a string "300" no
versioning Switch to control versioning bool true no
web_acl_id If a WAF is being used - the Id of the AWS WAF web ACL that is associated with the distribution string "" no

Outputs

Name Description
bucket n/a
distribution n/a
identity n/a
logging n/a

Checkov Exclusion

I have added:

  #checkov:skip=CKV_AWS_52: "Ensure S3 bucket has MFA delete enabled"
  #checkov:skip=CKV_AWS_19: "Ensure all data stored in the S3 bucket is securely encrypted at rest"

As we will want to deploy to this bucket and it needs to be readable to the world if it's a website. There are also some exceptions on the logging bucket, e.g. logging of the logging bucket.

Related Projects

Check out these related projects.

Help

Got a question?

File a GitHub issue.

Contributing

Bug Reports & Feature Requests

Please use the issue tracker to report any bugs or file feature requests.

Copyrights

Copyright © 2019-2020 Slalom, LLC

License

License

See LICENSE for full details.

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Contributors

James Woolfenden
James Woolfenden

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • HCL 74.3%
  • Makefile 11.9%
  • HTML 11.4%
  • PowerShell 1.5%
  • Shell 0.9%