opdavies/rebuilding-acquia
Archived
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Use the wildcard SSL cert and manage DNS with

Browse source 
...Terraform
This commit is contained in:
Oliver Davies 2023-02-17 12:38:11 +00:00
parent ed3d331ddd
commit 4efe94398f
1 changed files with 27 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
main.tf
View file

@ -4,6 +4,11 @@ terraform {
source = "hashicorp/aws" source = "hashicorp/aws"
version = "~> 4.0" version = "~> 4.0"
} }
cloudflare = {
source = "cloudflare/cloudflare"
version = "~> 3.0"
}
} }
} }
@ -27,6 +32,7 @@ resource "aws_s3_bucket_acl" "rebuilding-acquia" {
locals { locals {
s3_origin_id = "rebuilding-acquia" s3_origin_id = "rebuilding-acquia"
zone_name = "oliverdavies.uk"
} }
resource "aws_cloudfront_origin_access_control" "rebuilding-acquia" { resource "aws_cloudfront_origin_access_control" "rebuilding-acquia" {
@ -37,6 +43,16 @@ resource "aws_cloudfront_origin_access_control" "rebuilding-acquia" {
signing_protocol = "sigv4" signing_protocol = "sigv4"
} }
data "cloudflare_zone" "rebuilding-acquia" {
name = local.zone_name
}
data "aws_acm_certificate" "rebuilding-acquia" {
domain = local.zone_name
provider = aws.us-east-1
statuses = ["ISSUED"]
}
resource "aws_cloudfront_distribution" "s3_distribution" { resource "aws_cloudfront_distribution" "s3_distribution" {
origin { origin {
domain_name = aws_s3_bucket.rebuilding-acquia.bucket_regional_domain_name domain_name = aws_s3_bucket.rebuilding-acquia.bucket_regional_domain_name
@ -49,7 +65,7 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
enabled = true enabled = true
is_ipv6_enabled = true is_ipv6_enabled = true
aliases = ["rebuilding-acquia.oliverdavies.uk"] aliases = ["rebuilding-acquia.${local.zone_name}"]
default_cache_behavior { default_cache_behavior {
allowed_methods = ["GET", "HEAD"] allowed_methods = ["GET", "HEAD"]
@ -74,23 +90,22 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
restrictions { restrictions {
geo_restriction { geo_restriction {
locations = ["US", "CA", "GB"] locations = []
restriction_type = "whitelist" restriction_type = "none"
} }
} }
viewer_certificate { viewer_certificate {
acm_certificate_arn = aws_acm_certificate.cert.arn acm_certificate_arn = data.aws_acm_certificate.rebuilding-acquia.arn
ssl_support_method = "sni-only" ssl_support_method = "sni-only"
} }
} }
resource "aws_acm_certificate" "cert" { resource "cloudflare_record" "rebuilding-acquia" {
domain_name = "rebuilding-acquia.oliverdavies.uk" name = "rebuilding-acquia"
provider = aws.us-east-1 proxied = false
validation_method = "DNS" ttl = 0
type = "CNAME"
lifecycle { value = aws_cloudfront_distribution.s3_distribution.domain_name
create_before_destroy = true zone_id = data.cloudflare_zone.rebuilding-acquia.id
}
} }