Skip to content

Commit

Permalink
feat: add CloudFront origin
Browse files Browse the repository at this point in the history
  • Loading branch information
Timothée Aufort committed Oct 17, 2024
1 parent 1ae9403 commit 796c68e
Show file tree
Hide file tree
Showing 8 changed files with 148 additions and 0 deletions.
36 changes: 36 additions & 0 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,19 +38,55 @@ jobs:
- run: terraform plan -out=tfplan.out
- run: terraform apply -input=false tfplan.out

terraform-20-cloudfront:
runs-on: ubuntu-latest
defaults:
run:
working-directory: infrastructure/20_cloudfront
steps:
- uses: actions/checkout@v4
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::448878779811:role/twitch-live-1710204-my-web-site
role-session-name: github-ipppontech-my-web-site-to-aws-via-oidc
aws-region: ${{ env.AWS_REGION }}
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.9.7"
terraform_wrapper: false
- run: terraform fmt -check -recursive
- run: terraform init -backend=false
- run: terraform validate
- run: terraform init
- run: terraform plan -out=tfplan.out
- run: terraform apply -input=false tfplan.out

build:
needs:
- terraform-10-boostrap
- terraform-20-cloudfront
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::448878779811:role/twitch-live-1710204-my-web-site
role-session-name: github-ipppontech-my-web-site-to-aws-via-oidc
aws-region: ${{ env.AWS_REGION }}
- name: Use Node.js LTS
uses: actions/setup-node@v4
with:
cache: 'npm'
node-version: 'lts/*'
registry-url: 'https://registry.npmjs.org'
- uses: unfor19/install-aws-cli-action@v1
with:
version: 2
verbose: false
- name: build
run: |
npm ci
npm run build
- name: copy dist folder to S3
run: |
aws s3 cp dist s3://twitch-live-17102024-my-web-site-origin/
10 changes: 10 additions & 0 deletions infrastructure/20_cloudfront/backend.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Note: at the moment, it's not possible to use variables in Terraform backend
terraform {
backend "s3" {
bucket = "twitch-live-17102024-tf-states"
key = "20_cloudfront/terraform.tfstate"
region = "eu-west-3"
dynamodb_table = "twitch-live-17102024-tf-states-lock"
encrypt = true
}
}
44 changes: 44 additions & 0 deletions infrastructure/20_cloudfront/cloudfront.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
locals {
origin_id = "myOriginId"
}

module "cdn" {
source = "terraform-aws-modules/cloudfront/aws"

# aliases = ["cdn.example.com"]

comment = "My awesome CloudFront"
enabled = true
is_ipv6_enabled = true
price_class = "PriceClass_All"
retain_on_delete = false
wait_for_deployment = false

create_origin_access_identity = true

origin_access_control = {
s3_oac = {
description = "CloudFront access to S3"
origin_type = "s3"
signing_behavior = "always"
signing_protocol = "sigv4"
}
}

origin = {
s3_one = {
domain_name = module.s3_bucket.s3_bucket_bucket_domain_name
origin_access_control = "s3_oac" # key in `origin_access_control`
origin_id = local.origin_id
}
}

default_cache_behavior = {
target_origin_id = local.origin_id
viewer_protocol_policy = "allow-all"
}
# viewer_certificate = {
# acm_certificate_arn = "arn:aws:acm:us-east-1:135367859851:certificate/1032b155-22da-4ae0-9f69-e206f825458b"
# ssl_support_method = "sni-only"
# }
}
1 change: 1 addition & 0 deletions infrastructure/20_cloudfront/data.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
data "aws_caller_identity" "current" {}
10 changes: 10 additions & 0 deletions infrastructure/20_cloudfront/providers.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
provider "aws" {
region = var.region

default_tags {
tags = {
project = basename(abspath("${path.module}/../.."))
subproject = basename(abspath(path.module))
}
}
}
33 changes: 33 additions & 0 deletions infrastructure/20_cloudfront/s3_origin.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
locals {
origin_bucket_name = "twitch-live-17102024-my-web-site-origin"
}

module "s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws"

bucket = local.origin_bucket_name
acl = "private"

control_object_ownership = true
object_ownership = "ObjectWriter"

server_side_encryption_configuration = {
rule = {
apply_server_side_encryption_by_default = {
sse_algorithm = "AES256"
}
}
}

# policy = data.aws_iam_policy_document.origin_bucket_policy.json
}


# data "aws_iam_policy_document" "origin_bucket_policy" {
# statement {
# effect = "Allow"
# principals {
#
# }
# }
# }
5 changes: 5 additions & 0 deletions infrastructure/20_cloudfront/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
variable "region" {
description = "Default AWS region"
default = "eu-west-3"
type = string
}
9 changes: 9 additions & 0 deletions infrastructure/20_cloudfront/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
terraform {
required_version = "~> 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}

0 comments on commit 796c68e

Please sign in to comment.