diff --git a/deploy/PersonalMeasure_RoutingRules.xml b/operations/PersonalMeasure_RoutingRules.xml similarity index 100% rename from deploy/PersonalMeasure_RoutingRules.xml rename to operations/PersonalMeasure_RoutingRules.xml diff --git a/deploy/doc.md b/operations/doc.md similarity index 100% rename from deploy/doc.md rename to operations/doc.md diff --git a/operations/terraform/.terraform/modules/modules.json b/operations/terraform/.terraform/modules/modules.json new file mode 100644 index 0000000..e1334ee --- /dev/null +++ b/operations/terraform/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"dev_env","Source":"./deployed_env","Dir":"deployed_env"},{"Key":"prod_env","Source":"./deployed_env","Dir":"deployed_env"}]} \ No newline at end of file diff --git a/operations/terraform/.terraform/plugins/linux_amd64/lock.json b/operations/terraform/.terraform/plugins/linux_amd64/lock.json new file mode 100644 index 0000000..61e2e16 --- /dev/null +++ b/operations/terraform/.terraform/plugins/linux_amd64/lock.json @@ -0,0 +1,3 @@ +{ + "aws": "7b0461a9e1bb61eb2b58ee46d67d51a2f59d4b0fe6137025c82b4f5060477d2f" +} \ No newline at end of file diff --git a/operations/terraform/.terraform/plugins/linux_amd64/terraform-provider-aws_v2.29.0_x4 b/operations/terraform/.terraform/plugins/linux_amd64/terraform-provider-aws_v2.29.0_x4 new file mode 100644 index 0000000..8bf93d5 Binary files /dev/null and b/operations/terraform/.terraform/plugins/linux_amd64/terraform-provider-aws_v2.29.0_x4 differ diff --git a/operations/terraform/common.tf b/operations/terraform/common.tf new file mode 100644 index 0000000..6037a21 --- /dev/null +++ b/operations/terraform/common.tf @@ -0,0 +1,19 @@ +### Variables + +variable "aws_region" { + description = "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html" + default = "us-west-2" # Oregon +} + +variable "deploy_bucket_name" { + description = "Name of the S3 bucket to store deployed artifacts, logs, etc." + default = "pm.jdb-labs.com" +} + +#### Provider Configuration + +provider "aws" { + region = var.aws_region +} + + diff --git a/operations/terraform/deployed_env/main.tf b/operations/terraform/deployed_env/main.tf new file mode 100644 index 0000000..38f25dc --- /dev/null +++ b/operations/terraform/deployed_env/main.tf @@ -0,0 +1,102 @@ +data "aws_iam_policy_document" "bucket_access_policy" { + statement { + actions = [ "s3:GetObject" ] + effect = "Allow" + resources = [ "${var.artifact_bucket.arn}/${var.environment}/webroot/*" ] + + principals { + type = "AWS" + identifiers = [ "${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}" ] + } + } + + statement { + actions = [ "s3:ListBucket" ] + effect = "Allow" + resources = [ "${var.artifact_bucket.arn}" ] + + principals { + type = "AWS" + identifiers = [ "${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}" ] + } + } +} + +output "oai_access_policy" { + value = data.aws_iam_policy_document.bucket_access_policy +} + +locals { + env_domain_name = "pm${var.environment == "prod" ? "" : "-${var.environment}"}.jdb-labs.com" +} + +resource "aws_cloudfront_origin_access_identity" "origin_access_identity" { + comment = "OAI for Personal Measure {$var.environment} environment." +} + +resource "aws_cloudfront_distribution" "s3_distribution" { + origin { + domain_name = "${var.artifact_bucket.bucket_regional_domain_name}" + origin_id = "S3-PersonalMeasure-${var.environment}" + origin_path = "/${var.environment}/webroot" + + s3_origin_config { + origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}" + } + } + + enabled = true + is_ipv6_enabled = true + comment = "Personal Measure ${var.environment} distribution." + default_root_object = "/index.html" + + logging_config { + include_cookies = false + bucket = "${var.artifact_bucket.bucket_domain_name}" + prefix = "${var.environment}/logs/cloudfront" + } + + aliases = ["${local.env_domain_name}"] + + default_cache_behavior { + allowed_methods = ["GET", "HEAD", "OPTIONS"] + cached_methods = ["GET", "HEAD", "OPTIONS"] + target_origin_id = "S3-PersonalMeasure-${var.environment}" + + forwarded_values { + query_string = false + + cookies { + forward = "none" + } + } + + min_ttl = 0 + default_ttl = 60 * 60 * 24 * 365 # cache for a year + max_ttl = 60 * 60 * 24 * 365 # cache for a year + compress = true + viewer_protocol_policy = "redirect-to-https" + } + + custom_error_response { + error_code = 404 + response_code = 200 + response_page_path = "/index.html" + } + + price_class = "PriceClass_100" # US and Canada only + + restrictions { + geo_restriction { + restriction_type = "none" + } + } + tags = { + Environment = "${var.environment}" + } + + viewer_certificate { + acm_certificate_arn = "${var.cloudfront_ssl_certificate_arn}" + ssl_support_method = "sni-only" + } +} diff --git a/operations/terraform/deployed_env/variables.tf b/operations/terraform/deployed_env/variables.tf new file mode 100644 index 0000000..dac8aae --- /dev/null +++ b/operations/terraform/deployed_env/variables.tf @@ -0,0 +1,13 @@ +### Variables + +variable "environment" { + description = "The short name of this deployed environment. For example: 'dev' or 'prod'. This short name will be used to name resources (CloudFront distributions, etc.)" +} + +variable "artifact_bucket" { + description = "The aws_s3_bucket object representing the artifact bucket where deployed artifacts, logs, etc. live." +} + +variable "cloudfront_ssl_certificate_arn" { + description = "ARN of the managed SSL certificate to use for this environment." +} diff --git a/operations/terraform/main.tf b/operations/terraform/main.tf new file mode 100644 index 0000000..5744c84 --- /dev/null +++ b/operations/terraform/main.tf @@ -0,0 +1,30 @@ +resource "aws_s3_bucket" "personal_measure" { + bucket = "${var.deploy_bucket_name}" + acl = "log-delivery-write" +} + +module "dev_env" { + source = "./deployed_env" + + environment = "dev" + artifact_bucket = aws_s3_bucket.personal_measure + cloudfront_ssl_certificate_arn = "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c" +} + +module "prod_env" { + source = "./deployed_env" + + environment = "prod" + artifact_bucket = aws_s3_bucket.personal_measure + cloudfront_ssl_certificate_arn = "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c" +} + +data "aws_iam_policy_document" "cloudfront_access_policy" { + source_json = "${module.dev_env.oai_access_policy.json}" + override_json = "${module.prod_env.oai_access_policy.json}" +} + +resource "aws_s3_bucket_policy" "personal_measure" { + bucket = "${aws_s3_bucket.personal_measure.id}" + policy = "${data.aws_iam_policy_document.cloudfront_access_policy.json}" +} diff --git a/operations/terraform/terraform.tfstate b/operations/terraform/terraform.tfstate new file mode 100644 index 0000000..c53b1fd --- /dev/null +++ b/operations/terraform/terraform.tfstate @@ -0,0 +1,547 @@ +{ + "version": 4, + "terraform_version": "0.12.9", + "serial": 13, + "lineage": "07ea4679-dcfc-ec03-69c0-9f3b3df53386", + "outputs": {}, + "resources": [ + { + "module": "module.prod_env", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "bucket_access_policy", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "4164925389", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n }\n ]\n}", + "override_json": null, + "policy_id": null, + "source_json": null, + "statement": [ + { + "actions": [ + "s3:GetObject" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM" + ], + "type": "AWS" + } + ], + "resources": [ + "arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*" + ], + "sid": "" + }, + { + "actions": [ + "s3:ListBucket" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM" + ], + "type": "AWS" + } + ], + "resources": [ + "arn:aws:s3:::pm.jdb-labs.com" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "depends_on": [ + "aws_cloudfront_origin_access_identity.origin_access_identity" + ] + } + ] + }, + { + "module": "module.dev_env", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "bucket_access_policy", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "672870168", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n }\n ]\n}", + "override_json": null, + "policy_id": null, + "source_json": null, + "statement": [ + { + "actions": [ + "s3:GetObject" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY" + ], + "type": "AWS" + } + ], + "resources": [ + "arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*" + ], + "sid": "" + }, + { + "actions": [ + "s3:ListBucket" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY" + ], + "type": "AWS" + } + ], + "resources": [ + "arn:aws:s3:::pm.jdb-labs.com" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "depends_on": [ + "aws_cloudfront_origin_access_identity.origin_access_identity" + ] + } + ] + }, + { + "mode": "data", + "type": "aws_iam_policy_document", + "name": "cloudfront_access_policy", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "1534115699", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n }\n ]\n}", + "override_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n }\n ]\n}", + "policy_id": null, + "source_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n }\n ]\n}", + "statement": null, + "version": "2012-10-17" + }, + "depends_on": [ + "module.dev_env", + "module.prod_env" + ] + } + ] + }, + { + "module": "module.prod_env", + "mode": "managed", + "type": "aws_cloudfront_distribution", + "name": "s3_distribution", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 1, + "attributes": { + "active_trusted_signers": { + "enabled": "false", + "items.#": "0" + }, + "aliases": [ + "pm.jdb-labs.com" + ], + "arn": "arn:aws:cloudfront::063932952339:distribution/E331OLEUZMJYX2", + "cache_behavior": [], + "caller_reference": "terraform-20190924171430991900000002", + "comment": "Personal Measure prod distribution.", + "custom_error_response": [ + { + "error_caching_min_ttl": null, + "error_code": 404, + "response_code": 200, + "response_page_path": "/index.html" + } + ], + "default_cache_behavior": [ + { + "allowed_methods": [ + "GET", + "HEAD", + "OPTIONS" + ], + "cached_methods": [ + "GET", + "HEAD", + "OPTIONS" + ], + "compress": true, + "default_ttl": 31536000, + "field_level_encryption_id": "", + "forwarded_values": [ + { + "cookies": [ + { + "forward": "none", + "whitelisted_names": null + } + ], + "headers": null, + "query_string": false, + "query_string_cache_keys": null + } + ], + "lambda_function_association": [], + "max_ttl": 31536000, + "min_ttl": 0, + "smooth_streaming": false, + "target_origin_id": "S3-PersonalMeasure-prod", + "trusted_signers": null, + "viewer_protocol_policy": "redirect-to-https" + } + ], + "default_root_object": "/index.html", + "domain_name": "d1pydbw1mwi6dq.cloudfront.net", + "enabled": true, + "etag": "E39Y9O0I859AQB", + "hosted_zone_id": "Z2FDTNDATAQYW2", + "http_version": "http2", + "id": "E331OLEUZMJYX2", + "in_progress_validation_batches": 0, + "is_ipv6_enabled": true, + "last_modified_time": "2019-09-24 17:14:34.861 +0000 UTC", + "logging_config": [ + { + "bucket": "pm.jdb-labs.com.s3.amazonaws.com", + "include_cookies": false, + "prefix": "prod/logs/cloudfront" + } + ], + "ordered_cache_behavior": [], + "origin": [ + { + "custom_header": [], + "custom_origin_config": [], + "domain_name": "pm.jdb-labs.com.s3.us-west-2.amazonaws.com", + "origin_id": "S3-PersonalMeasure-prod", + "origin_path": "/prod/webroot", + "s3_origin_config": [ + { + "origin_access_identity": "origin-access-identity/cloudfront/EV7VQF8SH3HMM" + } + ] + } + ], + "origin_group": [], + "price_class": "PriceClass_100", + "restrictions": [ + { + "geo_restriction": [ + { + "locations": null, + "restriction_type": "none" + } + ] + } + ], + "retain_on_delete": false, + "status": "Deployed", + "tags": { + "Environment": "prod" + }, + "viewer_certificate": [ + { + "acm_certificate_arn": "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c", + "cloudfront_default_certificate": false, + "iam_certificate_id": "", + "minimum_protocol_version": "TLSv1", + "ssl_support_method": "sni-only" + } + ], + "wait_for_deployment": true, + "web_acl_id": "" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "depends_on": [ + "aws_cloudfront_origin_access_identity.origin_access_identity" + ] + } + ] + }, + { + "module": "module.dev_env", + "mode": "managed", + "type": "aws_cloudfront_distribution", + "name": "s3_distribution", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 1, + "attributes": { + "active_trusted_signers": { + "enabled": "false", + "items.#": "0" + }, + "aliases": [ + "pm-dev.jdb-labs.com" + ], + "arn": "arn:aws:cloudfront::063932952339:distribution/EYDKNEMGBYXK6", + "cache_behavior": [], + "caller_reference": "terraform-20190924171430991900000001", + "comment": "Personal Measure dev distribution.", + "custom_error_response": [ + { + "error_caching_min_ttl": null, + "error_code": 404, + "response_code": 200, + "response_page_path": "/index.html" + } + ], + "default_cache_behavior": [ + { + "allowed_methods": [ + "GET", + "HEAD", + "OPTIONS" + ], + "cached_methods": [ + "GET", + "HEAD", + "OPTIONS" + ], + "compress": true, + "default_ttl": 31536000, + "field_level_encryption_id": "", + "forwarded_values": [ + { + "cookies": [ + { + "forward": "none", + "whitelisted_names": null + } + ], + "headers": null, + "query_string": false, + "query_string_cache_keys": null + } + ], + "lambda_function_association": [], + "max_ttl": 31536000, + "min_ttl": 0, + "smooth_streaming": false, + "target_origin_id": "S3-PersonalMeasure-dev", + "trusted_signers": null, + "viewer_protocol_policy": "redirect-to-https" + } + ], + "default_root_object": "/index.html", + "domain_name": "d2gk6d79ot5fv3.cloudfront.net", + "enabled": true, + "etag": "E1DN3CB5IQVST8", + "hosted_zone_id": "Z2FDTNDATAQYW2", + "http_version": "http2", + "id": "EYDKNEMGBYXK6", + "in_progress_validation_batches": 0, + "is_ipv6_enabled": true, + "last_modified_time": "2019-09-24 17:14:32.614 +0000 UTC", + "logging_config": [ + { + "bucket": "pm.jdb-labs.com.s3.amazonaws.com", + "include_cookies": false, + "prefix": "dev/logs/cloudfront" + } + ], + "ordered_cache_behavior": [], + "origin": [ + { + "custom_header": [], + "custom_origin_config": [], + "domain_name": "pm.jdb-labs.com.s3.us-west-2.amazonaws.com", + "origin_id": "S3-PersonalMeasure-dev", + "origin_path": "/dev/webroot", + "s3_origin_config": [ + { + "origin_access_identity": "origin-access-identity/cloudfront/ENADNQSO0I1JY" + } + ] + } + ], + "origin_group": [], + "price_class": "PriceClass_100", + "restrictions": [ + { + "geo_restriction": [ + { + "locations": null, + "restriction_type": "none" + } + ] + } + ], + "retain_on_delete": false, + "status": "Deployed", + "tags": { + "Environment": "dev" + }, + "viewer_certificate": [ + { + "acm_certificate_arn": "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c", + "cloudfront_default_certificate": false, + "iam_certificate_id": "", + "minimum_protocol_version": "TLSv1", + "ssl_support_method": "sni-only" + } + ], + "wait_for_deployment": true, + "web_acl_id": "" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "depends_on": [ + "aws_cloudfront_origin_access_identity.origin_access_identity" + ] + } + ] + }, + { + "module": "module.prod_env", + "mode": "managed", + "type": "aws_cloudfront_origin_access_identity", + "name": "origin_access_identity", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "caller_reference": "terraform-20190924170615555500000002", + "cloudfront_access_identity_path": "origin-access-identity/cloudfront/EV7VQF8SH3HMM", + "comment": "OAI for Personal Measure {$var.environment} environment.", + "etag": "E1XJOGSBHHRD9K", + "iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM", + "id": "EV7VQF8SH3HMM", + "s3_canonical_user_id": "3a882d18f05e2fa5a3cabc208bcb8c0e2143166b56c0b8442f5b8b405c203859a3f525afcabc2e52dd1c9799d883a166" + }, + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.dev_env", + "mode": "managed", + "type": "aws_cloudfront_origin_access_identity", + "name": "origin_access_identity", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "caller_reference": "terraform-20190924170615555100000001", + "cloudfront_access_identity_path": "origin-access-identity/cloudfront/ENADNQSO0I1JY", + "comment": "OAI for Personal Measure {$var.environment} environment.", + "etag": "E1K0T63S2F5CYR", + "iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY", + "id": "ENADNQSO0I1JY", + "s3_canonical_user_id": "6e965a9a0e9034badac65e1ac223e048b6d1b934d146abd32c49634489959a5ee1252e34fb643cd222dde425f2abfcd4" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket", + "name": "personal_measure", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "acceleration_status": "", + "acl": "log-delivery-write", + "arn": "arn:aws:s3:::pm.jdb-labs.com", + "bucket": "pm.jdb-labs.com", + "bucket_domain_name": "pm.jdb-labs.com.s3.amazonaws.com", + "bucket_prefix": null, + "bucket_regional_domain_name": "pm.jdb-labs.com.s3.us-west-2.amazonaws.com", + "cors_rule": [], + "force_destroy": false, + "hosted_zone_id": "Z3BJ6K6RIION7M", + "id": "pm.jdb-labs.com", + "lifecycle_rule": [], + "logging": [], + "object_lock_configuration": [], + "policy": null, + "region": "us-west-2", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [], + "tags": {}, + "versioning": [ + { + "enabled": false, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_policy", + "name": "personal_measure", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "pm.jdb-labs.com", + "id": "pm.jdb-labs.com", + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM\"\n }\n }\n ]\n}" + }, + "private": "bnVsbA==", + "depends_on": [ + "aws_s3_bucket.personal_measure", + "data.aws_iam_policy_document.cloudfront_access_policy" + ] + } + ] + } + ] +} diff --git a/operations/terraform/terraform.tfstate.backup b/operations/terraform/terraform.tfstate.backup new file mode 100644 index 0000000..7e966ae --- /dev/null +++ b/operations/terraform/terraform.tfstate.backup @@ -0,0 +1,279 @@ +{ + "version": 4, + "terraform_version": "0.12.9", + "serial": 9, + "lineage": "07ea4679-dcfc-ec03-69c0-9f3b3df53386", + "outputs": {}, + "resources": [ + { + "module": "module.prod_env", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "bucket_access_policy", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "1727217411", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n }\n ]\n}", + "override_json": null, + "policy_id": null, + "source_json": null, + "statement": [ + { + "actions": [ + "s3:GetObject" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM" + ], + "type": "AWS" + } + ], + "resources": [ + "arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*" + ], + "sid": "" + }, + { + "actions": [ + "s3:ListBucket" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM" + ], + "type": "AWS" + } + ], + "resources": [ + "arn:aws:s3:::pm.jdb-labs.com" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "depends_on": [ + "aws_cloudfront_origin_access_identity.origin_access_identity" + ] + } + ] + }, + { + "module": "module.dev_env", + "mode": "data", + "type": "aws_iam_policy_document", + "name": "bucket_access_policy", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "3067586518", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n }\n ]\n}", + "override_json": null, + "policy_id": null, + "source_json": null, + "statement": [ + { + "actions": [ + "s3:GetObject" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY" + ], + "type": "AWS" + } + ], + "resources": [ + "arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*" + ], + "sid": "" + }, + { + "actions": [ + "s3:ListBucket" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY" + ], + "type": "AWS" + } + ], + "resources": [ + "arn:aws:s3:::pm.jdb-labs.com" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "depends_on": [ + "aws_cloudfront_origin_access_identity.origin_access_identity" + ] + } + ] + }, + { + "mode": "data", + "type": "aws_iam_policy_document", + "name": "cloudfront_access_policy", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "754132408", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n }\n ]\n}", + "override_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n }\n ]\n}", + "policy_id": null, + "source_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n }\n ]\n}", + "statement": null, + "version": "2012-10-17" + }, + "depends_on": [ + "module.dev_env", + "module.prod_env" + ] + } + ] + }, + { + "module": "module.prod_env", + "mode": "managed", + "type": "aws_cloudfront_origin_access_identity", + "name": "origin_access_identity", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "caller_reference": "terraform-20190924170615555500000002", + "cloudfront_access_identity_path": "origin-access-identity/cloudfront/EV7VQF8SH3HMM", + "comment": "OAI for Personal Measure {$var.environment} environment.", + "etag": "E1XJOGSBHHRD9K", + "iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EV7VQF8SH3HMM", + "id": "EV7VQF8SH3HMM", + "s3_canonical_user_id": "3a882d18f05e2fa5a3cabc208bcb8c0e2143166b56c0b8442f5b8b405c203859a3f525afcabc2e52dd1c9799d883a166" + }, + "private": "bnVsbA==" + } + ] + }, + { + "module": "module.dev_env", + "mode": "managed", + "type": "aws_cloudfront_origin_access_identity", + "name": "origin_access_identity", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "caller_reference": "terraform-20190924170615555100000001", + "cloudfront_access_identity_path": "origin-access-identity/cloudfront/ENADNQSO0I1JY", + "comment": "OAI for Personal Measure {$var.environment} environment.", + "etag": "E1K0T63S2F5CYR", + "iam_arn": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ENADNQSO0I1JY", + "id": "ENADNQSO0I1JY", + "s3_canonical_user_id": "6e965a9a0e9034badac65e1ac223e048b6d1b934d146abd32c49634489959a5ee1252e34fb643cd222dde425f2abfcd4" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket", + "name": "personal_measure", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "acceleration_status": "", + "acl": "log-delivery-write", + "arn": "arn:aws:s3:::pm.jdb-labs.com", + "bucket": "pm.jdb-labs.com", + "bucket_domain_name": "pm.jdb-labs.com.s3.amazonaws.com", + "bucket_prefix": null, + "bucket_regional_domain_name": "pm.jdb-labs.com.s3.us-west-2.amazonaws.com", + "cors_rule": [], + "force_destroy": false, + "hosted_zone_id": "Z3BJ6K6RIION7M", + "id": "pm.jdb-labs.com", + "lifecycle_rule": [], + "logging": [], + "object_lock_configuration": [], + "policy": null, + "region": "us-west-2", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [], + "tags": {}, + "versioning": [ + { + "enabled": false, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_policy", + "name": "personal_measure", + "provider": "provider.aws", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "pm.jdb-labs.com", + "id": "pm.jdb-labs.com", + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/dev/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_ENADNQSO0I1JY\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com/prod/webroot/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::pm.jdb-labs.com\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront_Origin_Access_Identity_EV7VQF8SH3HMM\"\n }\n }\n ]\n}" + }, + "private": "bnVsbA==", + "depends_on": [ + "aws_s3_bucket.personal_measure", + "data.aws_iam_policy_document.cloudfront_access_policy" + ] + } + ] + } + ] +}