Terraform module to setup my blog infrastructure
- Static web site
- Traffic must be SSL/TLS
- Keep costs to a minimum
For hosting static web assets. To keep costs down, lifecycle is added to ensure that objects will transition to the
One Zone-IA storage class in case files are uploaded as standard. S3 bucket will not run in static website mode
and will not be publicly accessible to minimize data transfer costs.
SSL certificate used by CloudFront. This isn't actually generated by this module as it must be done manually. Just wanted
to note that this certificate must be provisioned in the us-east-1 region to work with CloudFront.
CloudFront will be used to enforce SSL/TLS and will be configured with an Origin Access Identity that will be granted
read access to the private S3 bucket. Caching will minimize data transfer costs from S3. It's configured to expect an
ACM certificate ARN. Traffic will be optimized only for North America, UK, and Germany.
This is being paired with CloudFront to resolve an issue with the lack of default directory indexes when querying S3.
The issue is that the S3 bucket only has a REST API endpoint available since it's not running in static website mode.
This module will already provide the code that will rewrite requests to the origin so that the URL slug will go from:
domain/path/ to domain/path/index.html. Lambda@Edge function must be created in the us-east-1 region in order to
be triggered by CloudFront. Additionally, the ARN provided to be CloudFront must be the fully qualified
(includes the version).
A CloudWatch LogGroup created explicitly for Lambda@Edge so that a log expiration can be set to 7 days.