Created terraform configuration to manage AWS infrastructure.

2019-09-24 22:40:08 -05:00
parent a4b798cec4
commit 0a8f701c3c
11 changed files with 994 additions and 0 deletions
--- a/operations/terraform/deployed_env/main.tf
+++ b/operations/terraform/deployed_env/main.tf
@ -0,0 +1,102 @@
+data "aws_iam_policy_document" "bucket_access_policy" {
+  statement {
+    actions   = [ "s3:GetObject" ]
+    effect    = "Allow"
+    resources = [ "${var.artifact_bucket.arn}/${var.environment}/webroot/*" ]
+
+    principals {
+      type        = "AWS"
+      identifiers = [ "${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}" ]
+    }
+  }
+
+  statement {
+    actions   = [ "s3:ListBucket" ]
+    effect    = "Allow"
+    resources = [ "${var.artifact_bucket.arn}" ]
+
+    principals {
+      type        = "AWS"
+      identifiers = [ "${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}" ]
+    }
+  }
+}
+
+output "oai_access_policy" {
+ value = data.aws_iam_policy_document.bucket_access_policy
+}
+
+locals {
+  env_domain_name = "pm${var.environment == "prod" ? "" : "-${var.environment}"}.jdb-labs.com"
+}
+
+resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
+  comment = "OAI for Personal Measure {$var.environment} environment."
+}
+
+resource "aws_cloudfront_distribution" "s3_distribution" {
+  origin {
+    domain_name = "${var.artifact_bucket.bucket_regional_domain_name}"
+    origin_id   = "S3-PersonalMeasure-${var.environment}"
+    origin_path = "/${var.environment}/webroot"
+
+    s3_origin_config {
+      origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
+    }
+  }
+
+  enabled             = true
+  is_ipv6_enabled     = true
+  comment             = "Personal Measure ${var.environment} distribution."
+  default_root_object = "/index.html"
+
+  logging_config {
+    include_cookies = false
+    bucket          = "${var.artifact_bucket.bucket_domain_name}"
+    prefix          = "${var.environment}/logs/cloudfront"
+  }
+
+  aliases = ["${local.env_domain_name}"]
+
+  default_cache_behavior {
+    allowed_methods   = ["GET", "HEAD", "OPTIONS"]
+    cached_methods    = ["GET", "HEAD", "OPTIONS"]
+    target_origin_id  = "S3-PersonalMeasure-${var.environment}"
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    min_ttl                 = 0
+    default_ttl             = 60 * 60 * 24 * 365  # cache for a year
+    max_ttl                 = 60 * 60 * 24 * 365  # cache for a year
+    compress                = true
+    viewer_protocol_policy  = "redirect-to-https"
+  }
+
+  custom_error_response {
+    error_code          = 404
+    response_code       = 200
+    response_page_path  = "/index.html"
+  }
+
+  price_class = "PriceClass_100" # US and Canada only
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+  tags = {
+    Environment = "${var.environment}"
+  }
+
+  viewer_certificate {
+    acm_certificate_arn = "${var.cloudfront_ssl_certificate_arn}"
+    ssl_support_method  = "sni-only"
+  }
+}
--- a/operations/terraform/deployed_env/variables.tf
+++ b/operations/terraform/deployed_env/variables.tf
@ -0,0 +1,13 @@
+### Variables
+
+variable "environment" {
+  description = "The short name of this deployed environment. For example: 'dev' or 'prod'. This short name will be used to name resources (CloudFront distributions, etc.)"
+}
+
+variable "artifact_bucket" {
+  description = "The aws_s3_bucket object representing the artifact bucket where deployed artifacts, logs, etc. live."
+}
+
+variable "cloudfront_ssl_certificate_arn" {
+  description = "ARN of the managed SSL certificate to use for this environment."
+}