GenderDysphoria.fyi/terraform/tracking.tf



# -----------------------------------------------------------------------------------------------------------
# Bucket for holding the tracking pixel file

resource "aws_s3_bucket" "pixel" {
  bucket = "t.${var.domain}"
  acl    = "public-read"

  cors_rule {
    allowed_headers = ["*"]
    allowed_methods = ["GET", "HEAD"]
    allowed_origins = ["*"]
    expose_headers  = ["ETag"]
    max_age_seconds = 3000
  }

  tags = {
    Name = "Tracking Pixel"
    Site = var.site
  }
}

resource "aws_s3_bucket_object" "ipixel" {
  bucket       = aws_s3_bucket.pixel.bucket
  key          = "i"
  source       = "${path.module}/files/i.gif"
  etag         = filemd5("${path.module}/files/i.gif")
  acl          = "public-read"
  content_type = "image/gif"
}

data "aws_canonical_user_id" "current" {}

resource "aws_s3_bucket" "ipixel_logs" {
  bucket = "${var.site}-analytics"

  grant {
    id          = data.aws_canonical_user_id.current.id
    permissions = ["FULL_CONTROL"]
    type        = "CanonicalUser"
  }

  grant {
    # Grant CloudFront awslogsdelivery logs access to your Amazon S3 Bucket
    # https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html#AccessLogsBucketAndFileOwnership
    id          = "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0"
    permissions = ["FULL_CONTROL"]
    type        = "CanonicalUser"
  }

  lifecycle_rule {
    id      = "logfiles"
    enabled = true

    prefix = "RAW/"

    transition {
      days          = 30
      storage_class = "STANDARD_IA" # or "ONEZONE_IA"
    }

    # transition {
    #   days          = 30
    #   storage_class = "GLACIER"
    # }

    # expiration {
    #   days = 90
    # }
  }

  tags = {
    Name = "iPixel Logs Storage"
    Site = var.site
  }
}

# -----------------------------------------------------------------------------------------------------------
# Cloudfront Configuration for the tracking pixel

resource "aws_cloudfront_distribution" "tracking" {
  origin {
    domain_name = aws_s3_bucket.pixel.bucket_regional_domain_name
    origin_id   = "S3-${aws_s3_bucket.pixel.bucket}"
  }

  enabled         = true
  is_ipv6_enabled = true
  comment         = "Cloudfront distribution for tracking pixel"

  logging_config {
    include_cookies = true
    bucket          = aws_s3_bucket.ipixel_logs.bucket_regional_domain_name
    prefix          = "RAW"
  }

  aliases = [
    "t.${var.domain}"
  ]

  default_cache_behavior {
    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "S3-${aws_s3_bucket.pixel.bucket}"

    forwarded_values {
      query_string = true

      cookies {
        forward = "all"
      }

      headers = [
        "Origin",
        "Access-Control-Request-Headers",
        "Access-Control-Request-Method",
      ]
    }

    viewer_protocol_policy = "allow-all"
    min_ttl                = 0
    default_ttl            = 3600
    max_ttl                = 86400
  }

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  viewer_certificate {
    acm_certificate_arn = aws_acm_certificate.cert.arn
    ssl_support_method  = "sni-only"
  }

  tags = {
    Name = "Tracking Site"
    Site = var.site
  }
}

resource "aws_route53_record" "tracking" {
  name    = "t.${var.domain}"
  zone_id = aws_route53_zone.zone.zone_id
  type    = "A"

  alias {
    name                   = aws_cloudfront_distribution.tracking.domain_name
    zone_id                = aws_cloudfront_distribution.tracking.hosted_zone_id
    evaluate_target_health = false
  }
}
Adding terraform config This currently just redirects to the old bible, but at least everything is up and running 2020-02-13 09:46:46 -08:00

			`# -----------------------------------------------------------------------------------------------------------`
			`# Bucket for holding the tracking pixel file`

			`resource "aws_s3_bucket" "pixel" {`
			`bucket = "t.${var.domain}"`
			`acl = "public-read"`

			`cors_rule {`
			`allowed_headers = ["*"]`
			`allowed_methods = ["GET", "HEAD"]`
			`allowed_origins = ["*"]`
			`expose_headers = ["ETag"]`
			`max_age_seconds = 3000`
			`}`

			`tags = {`
			`Name = "Tracking Pixel"`
			`Site = var.site`
			`}`
			`}`

			`resource "aws_s3_bucket_object" "ipixel" {`
			`bucket = aws_s3_bucket.pixel.bucket`
			`key = "i"`
			`source = "${path.module}/files/i.gif"`
			`etag = filemd5("${path.module}/files/i.gif")`
			`acl = "public-read"`
			`content_type = "image/gif"`
			`}`

Fixing broken cloudwatch log permissions 2021-03-02 16:20:35 -08:00			`data "aws_canonical_user_id" "current" {}`

Terraform updates Attempting to do some log parsing into cloudwatch logs 2021-03-01 12:40:35 -08:00			`resource "aws_s3_bucket" "ipixel_logs" {`
Adding terraform config This currently just redirects to the old bible, but at least everything is up and running 2020-02-13 09:46:46 -08:00			`bucket = "${var.site}-analytics"`

Fixing broken cloudwatch log permissions 2021-03-02 16:20:35 -08:00			`grant {`
			`id = data.aws_canonical_user_id.current.id`
			`permissions = ["FULL_CONTROL"]`
			`type = "CanonicalUser"`
			`}`

			`grant {`
			`# Grant CloudFront awslogsdelivery logs access to your Amazon S3 Bucket`
			`# https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html#AccessLogsBucketAndFileOwnership`
			`id = "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0"`
			`permissions = ["FULL_CONTROL"]`
			`type = "CanonicalUser"`
			`}`

More terraform 2021-03-02 12:40:02 -08:00			`lifecycle_rule {`
			`id = "logfiles"`
			`enabled = true`

			`prefix = "RAW/"`

			`transition {`
			`days = 30`
			`storage_class = "STANDARD_IA" # or "ONEZONE_IA"`
			`}`

			`# transition {`
			`# days = 30`
			`# storage_class = "GLACIER"`
			`# }`

			`# expiration {`
			`# days = 90`
			`# }`
			`}`

Adding terraform config This currently just redirects to the old bible, but at least everything is up and running 2020-02-13 09:46:46 -08:00			`tags = {`
More terraform 2021-03-02 12:40:02 -08:00			`Name = "iPixel Logs Storage"`
Adding terraform config This currently just redirects to the old bible, but at least everything is up and running 2020-02-13 09:46:46 -08:00			`Site = var.site`
			`}`
			`}`

			`# -----------------------------------------------------------------------------------------------------------`
			`# Cloudfront Configuration for the tracking pixel`

			`resource "aws_cloudfront_distribution" "tracking" {`
			`origin {`
			`domain_name = aws_s3_bucket.pixel.bucket_regional_domain_name`
			`origin_id = "S3-${aws_s3_bucket.pixel.bucket}"`
			`}`

			`enabled = true`
			`is_ipv6_enabled = true`
			`comment = "Cloudfront distribution for tracking pixel"`

			`logging_config {`
			`include_cookies = true`
Terraform updates Attempting to do some log parsing into cloudwatch logs 2021-03-01 12:40:35 -08:00			`bucket = aws_s3_bucket.ipixel_logs.bucket_regional_domain_name`
Adding terraform config This currently just redirects to the old bible, but at least everything is up and running 2020-02-13 09:46:46 -08:00			`prefix = "RAW"`
			`}`

			`aliases = [`
			`"t.${var.domain}"`
			`]`

			`default_cache_behavior {`
			`allowed_methods = ["GET", "HEAD", "OPTIONS"]`
			`cached_methods = ["GET", "HEAD"]`
			`target_origin_id = "S3-${aws_s3_bucket.pixel.bucket}"`

			`forwarded_values {`
			`query_string = true`

			`cookies {`
			`forward = "all"`
			`}`

			`headers = [`
			`"Origin",`
			`"Access-Control-Request-Headers",`
			`"Access-Control-Request-Method",`
			`]`
			`}`

			`viewer_protocol_policy = "allow-all"`
			`min_ttl = 0`
			`default_ttl = 3600`
			`max_ttl = 86400`
			`}`

			`restrictions {`
			`geo_restriction {`
			`restriction_type = "none"`
			`}`
			`}`

			`viewer_certificate {`
			`acm_certificate_arn = aws_acm_certificate.cert.arn`
			`ssl_support_method = "sni-only"`
			`}`

			`tags = {`
			`Name = "Tracking Site"`
			`Site = var.site`
			`}`
			`}`

			`resource "aws_route53_record" "tracking" {`
			`name = "t.${var.domain}"`
			`zone_id = aws_route53_zone.zone.zone_id`
			`type = "A"`

			`alias {`
			`name = aws_cloudfront_distribution.tracking.domain_name`
			`zone_id = aws_cloudfront_distribution.tracking.hosted_zone_id`
			`evaluate_target_health = false`
			`}`
			`}`
Terraform updates Attempting to do some log parsing into cloudwatch logs 2021-03-01 12:40:35 -08:00