GenderDysphoria.fyi/terraform/www.tf


resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
}

# -----------------------------------------------------------------------------------------------------------
# Cloudfront Configuration

resource "aws_cloudfront_distribution" "site" {
  origin {
    domain_name = aws_s3_bucket.src.bucket_regional_domain_name
    origin_id   = "S3-Website-${aws_s3_bucket.src.website_endpoint}"

    custom_origin_config {
      origin_protocol_policy = "http-only"
      http_port = "80"
      https_port = "443"
      origin_ssl_protocols = ["SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"]
    }
  }

  enabled             = true
  is_ipv6_enabled     = true
  default_root_object = "index.html"

  aliases = [
    var.domain,
    "www.${var.domain}"
  ]

  default_cache_behavior {
    allowed_methods  = ["GET", "HEAD"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "S3-Website-${aws_s3_bucket.src.website_endpoint}"

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"
      }
    }

    lambda_function_association {
      event_type   = "origin-request"
      lambda_arn   = aws_lambda_function.index_redirect.qualified_arn
      include_body = false
    }

    viewer_protocol_policy = "redirect-to-https"
    min_ttl                = 0
    default_ttl            = 86400
    max_ttl                = 31536000
  }

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  viewer_certificate {
    acm_certificate_arn       = aws_acm_certificate.cert.arn
    ssl_support_method        = "sni-only"
    minimum_protocol_version  = "TLSv1.1_2016"
  }

  # viewer_certificate {
  #   cloudfront_default_certificate = true
  # }

  tags = {
    Name = "Main Site"
    Site = var.site
  }
}

# -----------------------------------------------------------------------------------------------------------
# Domains

resource "aws_route53_record" "site" {
  name    = var.domain
  zone_id = aws_route53_zone.zone.zone_id
  type    = "A"

  alias {
    name                   = aws_cloudfront_distribution.site.domain_name
    zone_id                = aws_cloudfront_distribution.site.hosted_zone_id
    evaluate_target_health = false
  }
}

resource "aws_route53_record" "www" {
  name    = "www.${var.domain}"
  zone_id = aws_route53_zone.zone.zone_id
  type    = "A"

  alias {
    name                   = aws_cloudfront_distribution.site.domain_name
    zone_id                = aws_cloudfront_distribution.site.hosted_zone_id
    evaluate_target_health = false
  }
}

# -----------------------------------------------------------------------------------------------------------
# Lambda Subdirectory index.html Redirect

data "archive_file" "index_redirect" {
  type        = "zip"
  output_path = ".terraform/tmp/lambda/index_redirect.zip"
  source_file = "${path.module}/files/index_redirect.js"
}

resource "aws_lambda_function" "index_redirect" {
  description      = "index.html subdirectory redirect"
  filename         = "${path.module}/files/index_redirect.js.zip"
  function_name    = "${var.site}-index-redirect"
  handler          = "index_redirect.handler"
  # source_code_hash = data.archive_file.index_redirect.output_base64sha256
  publish          = true
  role             = aws_iam_role.lambda_redirect.arn
  runtime          = "nodejs16.x"

  tags = {
    Name   = "${var.site}-index-redirect"
    Site = var.site
  }
}
Adding terraform config This currently just redirects to the old bible, but at least everything is up and running 2020-02-13 09:46:46 -08:00
Updated terraform config for newer aws provider, deleted old lambdas 2023-02-19 12:58:46 -08:00			`resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {`
			`}`

Adding terraform config This currently just redirects to the old bible, but at least everything is up and running 2020-02-13 09:46:46 -08:00			`# -----------------------------------------------------------------------------------------------------------`
			`# Cloudfront Configuration`

			`resource "aws_cloudfront_distribution" "site" {`
			`origin {`
Launched! 2020-02-20 18:20:00 -08:00			`domain_name = aws_s3_bucket.src.bucket_regional_domain_name`
Adding terraform config This currently just redirects to the old bible, but at least everything is up and running 2020-02-13 09:46:46 -08:00			`origin_id = "S3-Website-${aws_s3_bucket.src.website_endpoint}"`

			`custom_origin_config {`
			`origin_protocol_policy = "http-only"`
			`http_port = "80"`
			`https_port = "443"`
			`origin_ssl_protocols = ["SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"]`
			`}`
			`}`

			`enabled = true`
			`is_ipv6_enabled = true`
			`default_root_object = "index.html"`

			`aliases = [`
			`var.domain,`
			`"www.${var.domain}"`
			`]`

			`default_cache_behavior {`
			`allowed_methods = ["GET", "HEAD"]`
			`cached_methods = ["GET", "HEAD"]`
			`target_origin_id = "S3-Website-${aws_s3_bucket.src.website_endpoint}"`

			`forwarded_values {`
			`query_string = false`

			`cookies {`
			`forward = "none"`
			`}`
			`}`

Launched! 2020-02-20 18:20:00 -08:00			`lambda_function_association {`
			`event_type = "origin-request"`
			`lambda_arn = aws_lambda_function.index_redirect.qualified_arn`
			`include_body = false`
			`}`
Adding terraform config This currently just redirects to the old bible, but at least everything is up and running 2020-02-13 09:46:46 -08:00
			`viewer_protocol_policy = "redirect-to-https"`
			`min_ttl = 0`
			`default_ttl = 86400`
			`max_ttl = 31536000`
			`}`

			`restrictions {`
			`geo_restriction {`
			`restriction_type = "none"`
			`}`
			`}`

			`viewer_certificate {`
			`acm_certificate_arn = aws_acm_certificate.cert.arn`
			`ssl_support_method = "sni-only"`
			`minimum_protocol_version = "TLSv1.1_2016"`
			`}`

			`# viewer_certificate {`
			`# cloudfront_default_certificate = true`
			`# }`

			`tags = {`
			`Name = "Main Site"`
			`Site = var.site`
			`}`
			`}`

			`# -----------------------------------------------------------------------------------------------------------`
			`# Domains`

			`resource "aws_route53_record" "site" {`
			`name = var.domain`
			`zone_id = aws_route53_zone.zone.zone_id`
			`type = "A"`

			`alias {`
			`name = aws_cloudfront_distribution.site.domain_name`
			`zone_id = aws_cloudfront_distribution.site.hosted_zone_id`
			`evaluate_target_health = false`
			`}`
			`}`

			`resource "aws_route53_record" "www" {`
			`name = "www.${var.domain}"`
			`zone_id = aws_route53_zone.zone.zone_id`
			`type = "A"`

			`alias {`
			`name = aws_cloudfront_distribution.site.domain_name`
			`zone_id = aws_cloudfront_distribution.site.hosted_zone_id`
			`evaluate_target_health = false`
			`}`
			`}`

			`# -----------------------------------------------------------------------------------------------------------`
			`# Lambda Subdirectory index.html Redirect`

Launched! 2020-02-20 18:20:00 -08:00			`data "archive_file" "index_redirect" {`
			`type = "zip"`
Terraform updates Attempting to do some log parsing into cloudwatch logs 2021-03-01 12:40:35 -08:00			`output_path = ".terraform/tmp/lambda/index_redirect.zip"`
Launched! 2020-02-20 18:20:00 -08:00			`source_file = "${path.module}/files/index_redirect.js"`
			`}`

			`resource "aws_lambda_function" "index_redirect" {`
			`description = "index.html subdirectory redirect"`
			`filename = "${path.module}/files/index_redirect.js.zip"`
			`function_name = "${var.site}-index-redirect"`
			`handler = "index_redirect.handler"`
Updated terraform config for newer aws provider, deleted old lambdas 2023-02-19 12:58:46 -08:00			`# source_code_hash = data.archive_file.index_redirect.output_base64sha256`
Launched! 2020-02-20 18:20:00 -08:00			`publish = true`
			`role = aws_iam_role.lambda_redirect.arn`
Updated terraform config for newer aws provider, deleted old lambdas 2023-02-19 12:58:46 -08:00			`runtime = "nodejs16.x"`
Launched! 2020-02-20 18:20:00 -08:00
			`tags = {`
			`Name = "${var.site}-index-redirect"`
			`Site = var.site`
			`}`
			`}`