Created terraform configuration to manage AWS infrastructure.

This commit is contained in:
Jonathan Bernard 2019-09-24 22:40:08 -05:00
parent a4b798cec4
commit 0a8f701c3c
11 changed files with 994 additions and 0 deletions

View File

@ -0,0 +1 @@
{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"dev_env","Source":"./deployed_env","Dir":"deployed_env"},{"Key":"prod_env","Source":"./deployed_env","Dir":"deployed_env"}]}

View File

@ -0,0 +1,3 @@
{
"aws": "7b0461a9e1bb61eb2b58ee46d67d51a2f59d4b0fe6137025c82b4f5060477d2f"
}

View File

@ -0,0 +1,19 @@
### Variables
variable "aws_region" {
description = "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html"
default = "us-west-2" # Oregon
}
variable "deploy_bucket_name" {
description = "Name of the S3 bucket to store deployed artifacts, logs, etc."
default = "pm.jdb-labs.com"
}
#### Provider Configuration
provider "aws" {
region = var.aws_region
}

View File

@ -0,0 +1,102 @@
data "aws_iam_policy_document" "bucket_access_policy" {
statement {
actions = [ "s3:GetObject" ]
effect = "Allow"
resources = [ "${var.artifact_bucket.arn}/${var.environment}/webroot/*" ]
principals {
type = "AWS"
identifiers = [ "${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}" ]
}
}
statement {
actions = [ "s3:ListBucket" ]
effect = "Allow"
resources = [ "${var.artifact_bucket.arn}" ]
principals {
type = "AWS"
identifiers = [ "${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}" ]
}
}
}
output "oai_access_policy" {
value = data.aws_iam_policy_document.bucket_access_policy
}
locals {
env_domain_name = "pm${var.environment == "prod" ? "" : "-${var.environment}"}.jdb-labs.com"
}
resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
comment = "OAI for Personal Measure {$var.environment} environment."
}
resource "aws_cloudfront_distribution" "s3_distribution" {
origin {
domain_name = "${var.artifact_bucket.bucket_regional_domain_name}"
origin_id = "S3-PersonalMeasure-${var.environment}"
origin_path = "/${var.environment}/webroot"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
}
}
enabled = true
is_ipv6_enabled = true
comment = "Personal Measure ${var.environment} distribution."
default_root_object = "/index.html"
logging_config {
include_cookies = false
bucket = "${var.artifact_bucket.bucket_domain_name}"
prefix = "${var.environment}/logs/cloudfront"
}
aliases = ["${local.env_domain_name}"]
default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = "S3-PersonalMeasure-${var.environment}"
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
min_ttl = 0
default_ttl = 60 * 60 * 24 * 365 # cache for a year
max_ttl = 60 * 60 * 24 * 365 # cache for a year
compress = true
viewer_protocol_policy = "redirect-to-https"
}
custom_error_response {
error_code = 404
response_code = 200
response_page_path = "/index.html"
}
price_class = "PriceClass_100" # US and Canada only
restrictions {
geo_restriction {
restriction_type = "none"
}
}
tags = {
Environment = "${var.environment}"
}
viewer_certificate {
acm_certificate_arn = "${var.cloudfront_ssl_certificate_arn}"
ssl_support_method = "sni-only"
}
}

View File

@ -0,0 +1,13 @@
### Variables
variable "environment" {
description = "The short name of this deployed environment. For example: 'dev' or 'prod'. This short name will be used to name resources (CloudFront distributions, etc.)"
}
variable "artifact_bucket" {
description = "The aws_s3_bucket object representing the artifact bucket where deployed artifacts, logs, etc. live."
}
variable "cloudfront_ssl_certificate_arn" {
description = "ARN of the managed SSL certificate to use for this environment."
}

View File

@ -0,0 +1,30 @@
resource "aws_s3_bucket" "personal_measure" {
bucket = "${var.deploy_bucket_name}"
acl = "log-delivery-write"
}
module "dev_env" {
source = "./deployed_env"
environment = "dev"
artifact_bucket = aws_s3_bucket.personal_measure
cloudfront_ssl_certificate_arn = "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c"
}
module "prod_env" {
source = "./deployed_env"
environment = "prod"
artifact_bucket = aws_s3_bucket.personal_measure
cloudfront_ssl_certificate_arn = "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c"
}
data "aws_iam_policy_document" "cloudfront_access_policy" {
source_json = "${module.dev_env.oai_access_policy.json}"
override_json = "${module.prod_env.oai_access_policy.json}"
}
resource "aws_s3_bucket_policy" "personal_measure" {
bucket = "${aws_s3_bucket.personal_measure.id}"
policy = "${data.aws_iam_policy_document.cloudfront_access_policy.json}"
}

View File

@ -0,0 +1,547 @@
{
"version": 4,
"terraform_version": "0.12.9",
"serial": 13,
"lineage": "07ea4679-dcfc-ec03-69c0-9f3b3df53386",
"outputs": {},
"resources": [
{
"module": "module.prod_env",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "bucket_access_policy",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "4164925389",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n }\n ]\n}",
"override_json": null,
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"s3:GetObject"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*"
],
"sid": ""
},
{
"actions": [
"s3:ListBucket"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::pm.jdb-labs.com"
],
"sid": ""
}
],
"version": "2012-10-17"
},
"depends_on": [
"aws_cloudfront_origin_access_identity.origin_access_identity"
]
}
]
},
{
"module": "module.dev_env",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "bucket_access_policy",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "672870168",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n }\n ]\n}",
"override_json": null,
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"s3:GetObject"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*"
],
"sid": ""
},
{
"actions": [
"s3:ListBucket"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::pm.jdb-labs.com"
],
"sid": ""
}
],
"version": "2012-10-17"
},
"depends_on": [
"aws_cloudfront_origin_access_identity.origin_access_identity"
]
}
]
},
{
"mode": "data",
"type": "aws_iam_policy_document",
"name": "cloudfront_access_policy",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "1534115699",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n }\n ]\n}",
"override_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n }\n ]\n}",
"policy_id": null,
"source_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n }\n ]\n}",
"statement": null,
"version": "2012-10-17"
},
"depends_on": [
"module.dev_env",
"module.prod_env"
]
}
]
},
{
"module": "module.prod_env",
"mode": "managed",
"type": "aws_cloudfront_distribution",
"name": "s3_distribution",
"provider": "provider.aws",
"instances": [
{
"schema_version": 1,
"attributes": {
"active_trusted_signers": {
"enabled": "false",
"items.#": "0"
},
"aliases": [
"pm.jdb-labs.com"
],
"arn": "arn:aws:cloudfront::063932952339:distribution/E331OLEUZMJYX2",
"cache_behavior": [],
"caller_reference": "terraform-20190924171430991900000002",
"comment": "Personal Measure prod distribution.",
"custom_error_response": [
{
"error_caching_min_ttl": null,
"error_code": 404,
"response_code": 200,
"response_page_path": "/index.html"
}
],
"default_cache_behavior": [
{
"allowed_methods": [
"GET",
"HEAD",
"OPTIONS"
],
"cached_methods": [
"GET",
"HEAD",
"OPTIONS"
],
"compress": true,
"default_ttl": 31536000,
"field_level_encryption_id": "",
"forwarded_values": [
{
"cookies": [
{
"forward": "none",
"whitelisted_names": null
}
],
"headers": null,
"query_string": false,
"query_string_cache_keys": null
}
],
"lambda_function_association": [],
"max_ttl": 31536000,
"min_ttl": 0,
"smooth_streaming": false,
"target_origin_id": "S3-PersonalMeasure-prod",
"trusted_signers": null,
"viewer_protocol_policy": "redirect-to-https"
}
],
"default_root_object": "/index.html",
"domain_name": "d1pydbw1mwi6dq.cloudfront.net",
"enabled": true,
"etag": "E39Y9O0I859AQB",
"hosted_zone_id": "Z2FDTNDATAQYW2",
"http_version": "http2",
"id": "E331OLEUZMJYX2",
"in_progress_validation_batches": 0,
"is_ipv6_enabled": true,
"last_modified_time": "2019-09-24 17:14:34.861 +0000 UTC",
"logging_config": [
{
"bucket": "pm.jdb-labs.com.s3.amazonaws.com",
"include_cookies": false,
"prefix": "prod/logs/cloudfront"
}
],
"ordered_cache_behavior": [],
"origin": [
{
"custom_header": [],
"custom_origin_config": [],
"domain_name": "pm.jdb-labs.com.s3.us-west-2.amazonaws.com",
"origin_id": "S3-PersonalMeasure-prod",
"origin_path": "/prod/webroot",
"s3_origin_config": [
{
"origin_access_identity": "origin-access-identity/cloudfront/EV7VQF8SH3HMM"
}
]
}
],
"origin_group": [],
"price_class": "PriceClass_100",
"restrictions": [
{
"geo_restriction": [
{
"locations": null,
"restriction_type": "none"
}
]
}
],
"retain_on_delete": false,
"status": "Deployed",
"tags": {
"Environment": "prod"
},
"viewer_certificate": [
{
"acm_certificate_arn": "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c",
"cloudfront_default_certificate": false,
"iam_certificate_id": "",
"minimum_protocol_version": "TLSv1",
"ssl_support_method": "sni-only"
}
],
"wait_for_deployment": true,
"web_acl_id": ""
},
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
"depends_on": [
"aws_cloudfront_origin_access_identity.origin_access_identity"
]
}
]
},
{
"module": "module.dev_env",
"mode": "managed",
"type": "aws_cloudfront_distribution",
"name": "s3_distribution",
"provider": "provider.aws",
"instances": [
{
"schema_version": 1,
"attributes": {
"active_trusted_signers": {
"enabled": "false",
"items.#": "0"
},
"aliases": [
"pm-dev.jdb-labs.com"
],
"arn": "arn:aws:cloudfront::063932952339:distribution/EYDKNEMGBYXK6",
"cache_behavior": [],
"caller_reference": "terraform-20190924171430991900000001",
"comment": "Personal Measure dev distribution.",
"custom_error_response": [
{
"error_caching_min_ttl": null,
"error_code": 404,
"response_code": 200,
"response_page_path": "/index.html"
}
],
"default_cache_behavior": [
{
"allowed_methods": [
"GET",
"HEAD",
"OPTIONS"
],
"cached_methods": [
"GET",
"HEAD",
"OPTIONS"
],
"compress": true,
"default_ttl": 31536000,
"field_level_encryption_id": "",
"forwarded_values": [
{
"cookies": [
{
"forward": "none",
"whitelisted_names": null
}
],
"headers": null,
"query_string": false,
"query_string_cache_keys": null
}
],
"lambda_function_association": [],
"max_ttl": 31536000,
"min_ttl": 0,
"smooth_streaming": false,
"target_origin_id": "S3-PersonalMeasure-dev",
"trusted_signers": null,
"viewer_protocol_policy": "redirect-to-https"
}
],
"default_root_object": "/index.html",
"domain_name": "d2gk6d79ot5fv3.cloudfront.net",
"enabled": true,
"etag": "E1DN3CB5IQVST8",
"hosted_zone_id": "Z2FDTNDATAQYW2",
"http_version": "http2",
"id": "EYDKNEMGBYXK6",
"in_progress_validation_batches": 0,
"is_ipv6_enabled": true,
"last_modified_time": "2019-09-24 17:14:32.614 +0000 UTC",
"logging_config": [
{
"bucket": "pm.jdb-labs.com.s3.amazonaws.com",
"include_cookies": false,
"prefix": "dev/logs/cloudfront"
}
],
"ordered_cache_behavior": [],
"origin": [
{
"custom_header": [],
"custom_origin_config": [],
"domain_name": "pm.jdb-labs.com.s3.us-west-2.amazonaws.com",
"origin_id": "S3-PersonalMeasure-dev",
"origin_path": "/dev/webroot",
"s3_origin_config": [
{
"origin_access_identity": "origin-access-identity/cloudfront/ENADNQSO0I1JY"
}
]
}
],
"origin_group": [],
"price_class": "PriceClass_100",
"restrictions": [
{
"geo_restriction": [
{
"locations": null,
"restriction_type": "none"
}
]
}
],
"retain_on_delete": false,
"status": "Deployed",
"tags": {
"Environment": "dev"
},
"viewer_certificate": [
{
"acm_certificate_arn": "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c",
"cloudfront_default_certificate": false,
"iam_certificate_id": "",
"minimum_protocol_version": "TLSv1",
"ssl_support_method": "sni-only"
}
],
"wait_for_deployment": true,
"web_acl_id": ""
},
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
"depends_on": [
"aws_cloudfront_origin_access_identity.origin_access_identity"
]
}
]
},
{
"module": "module.prod_env",
"mode": "managed",
"type": "aws_cloudfront_origin_access_identity",
"name": "origin_access_identity",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"caller_reference": "terraform-20190924170615555500000002",
"cloudfront_access_identity_path": "origin-access-identity/cloudfront/EV7VQF8SH3HMM",
"comment": "OAI for Personal Measure {$var.environment} environment.",
"etag": "E1XJOGSBHHRD9K",
"iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM",
"id": "EV7VQF8SH3HMM",
"s3_canonical_user_id": "3a882d18f05e2fa5a3cabc208bcb8c0e2143166b56c0b8442f5b8b405c203859a3f525afcabc2e52dd1c9799d883a166"
},
"private": "bnVsbA=="
}
]
},
{
"module": "module.dev_env",
"mode": "managed",
"type": "aws_cloudfront_origin_access_identity",
"name": "origin_access_identity",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"caller_reference": "terraform-20190924170615555100000001",
"cloudfront_access_identity_path": "origin-access-identity/cloudfront/ENADNQSO0I1JY",
"comment": "OAI for Personal Measure {$var.environment} environment.",
"etag": "E1K0T63S2F5CYR",
"iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY",
"id": "ENADNQSO0I1JY",
"s3_canonical_user_id": "6e965a9a0e9034badac65e1ac223e048b6d1b934d146abd32c49634489959a5ee1252e34fb643cd222dde425f2abfcd4"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_s3_bucket",
"name": "personal_measure",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"acceleration_status": "",
"acl": "log-delivery-write",
"arn": "arn:aws:s3:::pm.jdb-labs.com",
"bucket": "pm.jdb-labs.com",
"bucket_domain_name": "pm.jdb-labs.com.s3.amazonaws.com",
"bucket_prefix": null,
"bucket_regional_domain_name": "pm.jdb-labs.com.s3.us-west-2.amazonaws.com",
"cors_rule": [],
"force_destroy": false,
"hosted_zone_id": "Z3BJ6K6RIION7M",
"id": "pm.jdb-labs.com",
"lifecycle_rule": [],
"logging": [],
"object_lock_configuration": [],
"policy": null,
"region": "us-west-2",
"replication_configuration": [],
"request_payer": "BucketOwner",
"server_side_encryption_configuration": [],
"tags": {},
"versioning": [
{
"enabled": false,
"mfa_delete": false
}
],
"website": [],
"website_domain": null,
"website_endpoint": null
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_s3_bucket_policy",
"name": "personal_measure",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"bucket": "pm.jdb-labs.com",
"id": "pm.jdb-labs.com",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n }\n ]\n}"
},
"private": "bnVsbA==",
"depends_on": [
"aws_s3_bucket.personal_measure",
"data.aws_iam_policy_document.cloudfront_access_policy"
]
}
]
}
]
}

View File

@ -0,0 +1,279 @@
{
"version": 4,
"terraform_version": "0.12.9",
"serial": 9,
"lineage": "07ea4679-dcfc-ec03-69c0-9f3b3df53386",
"outputs": {},
"resources": [
{
"module": "module.prod_env",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "bucket_access_policy",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "1727217411",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n }\n ]\n}",
"override_json": null,
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"s3:GetObject"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*"
],
"sid": ""
},
{
"actions": [
"s3:ListBucket"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::pm.jdb-labs.com"
],
"sid": ""
}
],
"version": "2012-10-17"
},
"depends_on": [
"aws_cloudfront_origin_access_identity.origin_access_identity"
]
}
]
},
{
"module": "module.dev_env",
"mode": "data",
"type": "aws_iam_policy_document",
"name": "bucket_access_policy",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "3067586518",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n }\n ]\n}",
"override_json": null,
"policy_id": null,
"source_json": null,
"statement": [
{
"actions": [
"s3:GetObject"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*"
],
"sid": ""
},
{
"actions": [
"s3:ListBucket"
],
"condition": [],
"effect": "Allow",
"not_actions": [],
"not_principals": [],
"not_resources": [],
"principals": [
{
"identifiers": [
"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY"
],
"type": "AWS"
}
],
"resources": [
"arn:aws:s3:::pm.jdb-labs.com"
],
"sid": ""
}
],
"version": "2012-10-17"
},
"depends_on": [
"aws_cloudfront_origin_access_identity.origin_access_identity"
]
}
]
},
{
"mode": "data",
"type": "aws_iam_policy_document",
"name": "cloudfront_access_policy",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "754132408",
"json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n }\n ]\n}",
"override_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n }\n ]\n}",
"policy_id": null,
"source_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n }\n ]\n}",
"statement": null,
"version": "2012-10-17"
},
"depends_on": [
"module.dev_env",
"module.prod_env"
]
}
]
},
{
"module": "module.prod_env",
"mode": "managed",
"type": "aws_cloudfront_origin_access_identity",
"name": "origin_access_identity",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"caller_reference": "terraform-20190924170615555500000002",
"cloudfront_access_identity_path": "origin-access-identity/cloudfront/EV7VQF8SH3HMM",
"comment": "OAI for Personal Measure {$var.environment} environment.",
"etag": "E1XJOGSBHHRD9K",
"iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM",
"id": "EV7VQF8SH3HMM",
"s3_canonical_user_id": "3a882d18f05e2fa5a3cabc208bcb8c0e2143166b56c0b8442f5b8b405c203859a3f525afcabc2e52dd1c9799d883a166"
},
"private": "bnVsbA=="
}
]
},
{
"module": "module.dev_env",
"mode": "managed",
"type": "aws_cloudfront_origin_access_identity",
"name": "origin_access_identity",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"caller_reference": "terraform-20190924170615555100000001",
"cloudfront_access_identity_path": "origin-access-identity/cloudfront/ENADNQSO0I1JY",
"comment": "OAI for Personal Measure {$var.environment} environment.",
"etag": "E1K0T63S2F5CYR",
"iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY",
"id": "ENADNQSO0I1JY",
"s3_canonical_user_id": "6e965a9a0e9034badac65e1ac223e048b6d1b934d146abd32c49634489959a5ee1252e34fb643cd222dde425f2abfcd4"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_s3_bucket",
"name": "personal_measure",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"acceleration_status": "",
"acl": "log-delivery-write",
"arn": "arn:aws:s3:::pm.jdb-labs.com",
"bucket": "pm.jdb-labs.com",
"bucket_domain_name": "pm.jdb-labs.com.s3.amazonaws.com",
"bucket_prefix": null,
"bucket_regional_domain_name": "pm.jdb-labs.com.s3.us-west-2.amazonaws.com",
"cors_rule": [],
"force_destroy": false,
"hosted_zone_id": "Z3BJ6K6RIION7M",
"id": "pm.jdb-labs.com",
"lifecycle_rule": [],
"logging": [],
"object_lock_configuration": [],
"policy": null,
"region": "us-west-2",
"replication_configuration": [],
"request_payer": "BucketOwner",
"server_side_encryption_configuration": [],
"tags": {},
"versioning": [
{
"enabled": false,
"mfa_delete": false
}
],
"website": [],
"website_domain": null,
"website_endpoint": null
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_s3_bucket_policy",
"name": "personal_measure",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"bucket": "pm.jdb-labs.com",
"id": "pm.jdb-labs.com",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n }\n ]\n}"
},
"private": "bnVsbA==",
"depends_on": [
"aws_s3_bucket.personal_measure",
"data.aws_iam_policy_document.cloudfront_access_policy"
]
}
]
}
]
}