seperated root and www

akbaralihussain · akbaralihussain · commit d1a5961344a3 · 2024-02-29T17:17:46.000-08:00
diff --git a/README.md b/README.md
@@ -5,3 +5,14 @@ This Terraform Module will create all required AWS resources to host a Static We
 
 - [Documentation](https://cloudpedia.ai/terraform-module/aws-static-website/)
 - [Terraform module](https://registry.terraform.io/modules/cloudpediaai/static-website/aws/latest)
+- [GitHub Repo](https://github.com/CloudPediaAI/terraform-aws-static-website)
+
+
+## Related Terraform Modules from CloudPedia.AI
+
+### AWS Website Redirect
+This Terraform Module will create all required AWS resources to establish a permanent redirect from your Source Website (eg. example.net) to a Target Website (example.com).  
+
+- [Documentation](https://cloudpedia.ai/terraform-module/aws-website-redirect/)
+- [Terraform Module](https://registry.terraform.io/modules/cloudpediaai/website-redirect/aws/latest)
+- [GitHub Repo](https://github.com/CloudPediaAI/terraform-aws-website-redirect)
diff --git a/acm-root.tf b/acm-root.tf
@@ -1,8 +1,8 @@
-resource "aws_acm_certificate" "ssl" {
+resource "aws_acm_certificate" "root" {
   provider                  = aws.us-east-1
   domain_name               = local.domain_name
   validation_method         = "DNS"
-  subject_alternative_names = [local.www_domain_name]
+  # subject_alternative_names = [local.www_domain_name]
 
   tags = var.tags
 
@@ -11,9 +11,9 @@ resource "aws_acm_certificate" "ssl" {
   }
 }
 
-resource "aws_route53_record" "validation" {
+resource "aws_route53_record" "root_validation" {
   for_each = {
-    for dvo in aws_acm_certificate.ssl.domain_validation_options : dvo.domain_name => {
+    for dvo in aws_acm_certificate.root.domain_validation_options : dvo.domain_name => {
       name   = dvo.resource_record_name
       record = dvo.resource_record_value
       type   = dvo.resource_record_type
@@ -28,8 +28,8 @@ resource "aws_route53_record" "validation" {
   zone_id         = (var.hosted_zone_id != null) ? data.aws_route53_zone.by_id[0].zone_id : data.aws_route53_zone.by_name[0].zone_id
 }
 
-resource "aws_acm_certificate_validation" "ssl" {
+resource "aws_acm_certificate_validation" "root" {
   provider                = aws.us-east-1
-  certificate_arn         = aws_acm_certificate.ssl.arn
-  validation_record_fqdns = [for record in aws_route53_record.validation : record.fqdn]
+  certificate_arn         = aws_acm_certificate.root.arn
+  validation_record_fqdns = [for record in aws_route53_record.root_validation : record.fqdn]
 }
diff --git a/acm-www.tf b/acm-www.tf
@@ -0,0 +1,38 @@
+resource "aws_acm_certificate" "www" {
+  count = (var.need_www_redirect) ? 1 : 0
+
+  provider          = aws.us-east-1
+  domain_name       = local.www_domain_name
+  validation_method = "DNS"
+
+  tags = var.tags
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_route53_record" "www_validation" {
+  for_each = (var.need_www_redirect) ? tomap({
+    for dvo in aws_acm_certificate.www[0].domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    }
+  }) : {}
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 60
+  type            = each.value.type
+  zone_id         = (var.hosted_zone_id != null) ? data.aws_route53_zone.by_id[0].zone_id : data.aws_route53_zone.by_name[0].zone_id
+}
+
+resource "aws_acm_certificate_validation" "www" {
+  count = (var.need_www_redirect) ? 1 : 0
+
+  provider                = aws.us-east-1
+  certificate_arn         = aws_acm_certificate.www[0].arn
+  validation_record_fqdns = [for record in aws_route53_record.www_validation : record.fqdn]
+}
diff --git a/cloudfront-root.tf b/cloudfront-root.tf
@@ -21,7 +21,7 @@ resource "aws_cloudfront_distribution" "public" {
   count = (local.origin_access == "public") ? 1 : 0
 
   origin {
-    domain_name = aws_s3_bucket_website_configuration.web_portal_webConfig.website_endpoint
+    domain_name = aws_s3_bucket_website_configuration.root.website_endpoint
     origin_id   = "S3-${local.bucket_name}"
     custom_origin_config {
       http_port              = 80
@@ -82,7 +82,7 @@ resource "aws_cloudfront_distribution" "public" {
   }
 
   viewer_certificate {
-    acm_certificate_arn      = aws_acm_certificate.ssl.arn
+    acm_certificate_arn      = aws_acm_certificate.root.arn
     ssl_support_method       = "sni-only"
     minimum_protocol_version = "TLSv1.2_2021"
   }
@@ -94,7 +94,7 @@ resource "aws_cloudfront_distribution" "oac" {
   count = (local.origin_access == "oac") ? 1 : 0
 
   origin {
-    domain_name              = aws_s3_bucket.web_portal.bucket_regional_domain_name
+    domain_name              = aws_s3_bucket.root.bucket_regional_domain_name
     origin_id                = "S3-${local.bucket_name}"
     origin_access_control_id = aws_cloudfront_origin_access_control.oac[0].id
   }
@@ -146,7 +146,7 @@ resource "aws_cloudfront_distribution" "oac" {
   }
 
   viewer_certificate {
-    acm_certificate_arn      = aws_acm_certificate.ssl.arn
+    acm_certificate_arn      = aws_acm_certificate.root.arn
     ssl_support_method       = "sni-only"
     minimum_protocol_version = "TLSv1.2_2021"
   }
@@ -159,7 +159,7 @@ resource "aws_cloudfront_distribution" "oai" {
   count = (local.origin_access == "oai") ? 1 : 0
 
   origin {
-    domain_name = aws_s3_bucket.web_portal.bucket_regional_domain_name
+    domain_name = aws_s3_bucket.root.bucket_regional_domain_name
     origin_id   = "S3-${local.bucket_name}"
     s3_origin_config {
       origin_access_identity = aws_cloudfront_origin_access_identity.oai[0].cloudfront_access_identity_path
@@ -213,7 +213,7 @@ resource "aws_cloudfront_distribution" "oai" {
   }
 
   viewer_certificate {
-    acm_certificate_arn      = aws_acm_certificate.ssl.arn
+    acm_certificate_arn      = aws_acm_certificate.root.arn
     ssl_support_method       = "sni-only"
     minimum_protocol_version = "TLSv1.2_2021"
   }
diff --git a/cloudfront-www.tf b/cloudfront-www.tf
@@ -3,7 +3,7 @@ resource "aws_cloudfront_distribution" "public_www" {
   count = (var.need_www_redirect) ? 1 : 0
 
   origin {
-    domain_name = aws_s3_bucket_website_configuration.web_portal_redirect_config[0].website_endpoint
+    domain_name = aws_s3_bucket_website_configuration.www[0].website_endpoint
     origin_id   = "S3-${local.www_bucket_name}"
     custom_origin_config {
       http_port              = 80
@@ -63,7 +63,7 @@ resource "aws_cloudfront_distribution" "public_www" {
   }
 
   viewer_certificate {
-    acm_certificate_arn      = aws_acm_certificate.ssl.arn
+    acm_certificate_arn      = aws_acm_certificate.www[0].arn
     ssl_support_method       = "sni-only"
     minimum_protocol_version = "TLSv1.2_2021"
   }
diff --git a/output.tf b/output.tf
@@ -1,5 +1,5 @@
 output "bucket" {
-  value = aws_s3_bucket.web_portal
+  value = aws_s3_bucket.root
   description = "S3 Bucket created for the Static Website"
 }
 
diff --git a/route53.tf b/route53.tf
@@ -11,7 +11,7 @@ data "aws_route53_zone" "by_name" {
 }
 
 # creating A records in Route 53 to route traffic to the website
-resource "aws_route53_record" "root-a" {
+resource "aws_route53_record" "a_record_root" {
   zone_id = (var.hosted_zone_id != null) ? data.aws_route53_zone.by_id[0].zone_id : data.aws_route53_zone.by_name[0].zone_id
   name    = local.domain_name
   type    = "A"
@@ -23,7 +23,7 @@ resource "aws_route53_record" "root-a" {
   }
 }
 
-resource "aws_route53_record" "www-a" {
+resource "aws_route53_record" "a_record_www" {
   count = (var.need_www_redirect) ? 1 : 0
 
   zone_id = (var.hosted_zone_id != null) ? data.aws_route53_zone.by_id[0].zone_id : data.aws_route53_zone.by_name[0].zone_id
diff --git a/s3-obj-source.tf b/s3-obj-source.tf
@@ -0,0 +1,89 @@
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types
+locals {
+  mime_types = {
+    aac    = "audio/aac"
+    abw    = "application/x-abiword"
+    apng   = "image/apng"
+    arc    = "application/x-freearc"
+    avif   = "image/avif"
+    avi    = "video/x-msvideo"
+    azw    = "application/vnd.amazon.ebook"
+    bin    = "application/octet-stream"
+    bmp    = "image/bmp"
+    bz     = "application/x-bzip"
+    bz2    = "application/x-bzip2"
+    cda    = "application/x-cdf"
+    csh    = "application/x-csh"
+    css    = "text/css"
+    csv    = "text/csv"
+    doc    = "application/msword"
+    docx   = "application/vnd.openxmlformats-officedocument.wordprocessingml.document"
+    eot    = "application/vnd.ms-fontobject"
+    epub   = "application/epub+zip"
+    gz     = "application/gzip"
+    gif    = "image/gif"
+    htm    = "text/html"
+    html   = "text/html"
+    ico    = "image/vnd.microsoft.icon"
+    ics    = "text/calendar"
+    jar    = "application/java-archive"
+    jpeg   = "image/jpeg"
+    jpg    = "image/jpeg"
+    js     = "application/javascript"
+    json   = "application/json"
+    jsonld = "application/ld+json"
+    map    = "application/json"
+    mid    = "audio/midi, audio/x-midi"
+    midi   = "audio/midi, audio/x-midi"
+    mjs    = "text/javascript"
+    mp3    = "audio/mpeg"
+    mp4    = "video/mp4"
+    mpeg   = "video/mpeg"
+    mpkg   = "application/vnd.apple.installer+xml"
+    odp    = "application/vnd.oasis.opendocument.presentation"
+    ods    = "application/vnd.oasis.opendocument.spreadsheet"
+    odt    = "application/vnd.oasis.opendocument.text"
+    oga    = "audio/ogg"
+    ogv    = "video/ogg"
+    ogx    = "application/ogg"
+    opus   = "audio/opus"
+    otf    = "font/otf"
+    png    = "image/png"
+    pdf    = "application/pdf"
+    php    = "application/x-httpd-php"
+    ppt    = "application/vnd.ms-powerpoint"
+    pptx   = "application/vnd.openxmlformats-officedocument.presentationml.presentation"
+    rar    = "application/vnd.rar"
+    rtf    = "application/rtf"
+    sh     = "application/x-sh"
+    svg    = "image/svg+xml"
+    tar    = "application/x-tar"
+    tif    = "image/tiff"
+    tiff   = "image/tiff"
+    ts     = "video/mp2t"
+    ttf    = "font/ttf"
+    txt    = "text/plain"
+    vsd    = "application/vnd.visio"
+    wav    = "audio/wav"
+    weba   = "audio/webm"
+    webm   = "video/webm"
+    webp   = "image/webp"
+    woff   = "font/woff"
+    woff2  = "font/woff2"
+    xhtml  = "application/xhtml+xml"
+    xls    = "application/vnd.ms-excel"
+    xlsx   = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
+    xml    = "application/xml"
+    xul    = "application/vnd.mozilla.xul+xml"
+    zip    = "application/zip"
+  }
+}
+
+resource "aws_s3_object" "website_source" {
+  for_each     = (var.website_source_folder != null) ? fileset(var.website_source_folder, "**") : []
+  bucket       = local.bucket_name
+  key          = each.value
+  source       = "${var.website_source_folder}/${each.value}"
+  content_type = lookup(local.mime_types, split(".", each.value)[length(split(".", each.value)) - 1], "text/html")
+  etag         = filemd5("${var.website_source_folder}/${each.value}")
+}
diff --git a/s3-obj-template.tf b/s3-obj-template.tf
@@ -1,7 +1,7 @@
 resource "aws_s3_object" "index_html" {
   count = (var.website_source_folder == null) ? 1 : 0
 
-  depends_on   = [aws_s3_bucket.web_portal]
+  depends_on   = [aws_s3_bucket.root]
   bucket       = local.bucket_name
   key          = "index.html"
   content      = "<!DOCTYPE html><html lang='en'><head><meta charset='UTF-8'><meta name='viewport' content='width=device-width,initial-scale=1.0'><title>Coming Soon</title><style>body{font-family:sans-serif;margin:0;padding:0;background-color:#84c98a} .container{max-width:800px;margin:0 auto;padding:20px} .header{text-align:center;color:#f1eaea;font-size:2em;margin-bottom:20px} .content{color:#025b6b;line-height:1.5} .footer{text-align:center;color:#3b3a3a;margin-top:20px}</style></head><body><div class='container'><div class='header'><h1>Something amazing is coming soon!</h1></div><div class='content'><p>Get ready for something brand new and exciting.  We are working hard to bring you a breaking through experience.  Stay tuned for more updates!</p></div><div class='footer'><p>Template created by CloudPedia.AI</p></div></div></body></html>"
@@ -11,7 +11,7 @@ resource "aws_s3_object" "index_html" {
 resource "aws_s3_object" "error_html" {
   count = (var.website_source_folder == null) ? 1 : 0
 
-  depends_on   = [aws_s3_bucket.web_portal]
+  depends_on   = [aws_s3_bucket.root]
   bucket       = local.bucket_name
   key          = "error.html"
   content      = "<!DOCTYPEhtml><html lang='en'><head><meta charset='UTF-8'><meta name='viewport' content='width=device-width,initial-scale=1.0'><title>Oops! Page Not Found</title><style>body{font-family:sans-serif;margin:0;padding:0;background-color:#ff7c7c} .container{max-width:800px;margin:0 auto;padding:20px;text-align:center} .header{text-align:center;color:#f1eaea;font-size:2em;margin-bottom:20px} .error-message{margin-bottom:20px} .error-message p{font-size:1.2em;color:#666} .navigation{margin-top:20px} .navigation ul{list-style:none;padding:0} .navigation li{margin-bottom:10px} .navigation a{text-decoration:none;color:#333} .navigation a:hover{text-decoration:underline} .footer{text-align:center;color:#3b3a3a;margin-top:20px}</style></head><body><div class='container'><div class='header'><h1>404: Page Not Found</h1></div><div class='error-message'><p>The page you are looking for does not seem exist anymore.</p></div><div class='navigation'><h2>Let's get you back on track!</h2><ul><li><a href='/'>Goto the homepage</a></li></ul></div><div class='footer'><p>Template cre ated by CloudPedia.AI</p></div></div></body></html>"
diff --git a/s3-policy-root.tf b/s3-policy-root.tf
@@ -1,4 +1,3 @@
-
 data "aws_iam_policy_document" "root_access_public" {
   count = (local.origin_access == "public") ? 1 : 0
 
@@ -16,8 +15,8 @@ data "aws_iam_policy_document" "root_access_public" {
     ]
 
     resources = [
-      aws_s3_bucket.web_portal.arn,
-      "${aws_s3_bucket.web_portal.arn}/*"
+      aws_s3_bucket.root.arn,
+      "${aws_s3_bucket.root.arn}/*"
     ]
 
   }
@@ -37,8 +36,8 @@ data "aws_iam_policy_document" "root_access_oac" {
     }
 
     resources = [
-      aws_s3_bucket.web_portal.arn,
-      "${aws_s3_bucket.web_portal.arn}/*"
+      aws_s3_bucket.root.arn,
+      "${aws_s3_bucket.root.arn}/*"
     ]
 
     condition {
@@ -63,7 +62,7 @@ data "aws_iam_policy_document" "root_access_oac" {
     ]
 
     resources = [
-      "${aws_s3_bucket.web_portal.arn}/*"
+      "${aws_s3_bucket.root.arn}/*"
     ]
 
     condition {
@@ -88,8 +87,8 @@ data "aws_iam_policy_document" "root_access_oai" {
     }
 
     resources = [
-      aws_s3_bucket.web_portal.arn,
-      "${aws_s3_bucket.web_portal.arn}/*"
+      aws_s3_bucket.root.arn,
+      "${aws_s3_bucket.root.arn}/*"
     ]
 
     condition {
@@ -110,37 +109,7 @@ data "aws_iam_policy_document" "root_access_oai" {
     }
 
     resources = [
-      "${aws_s3_bucket.web_portal.arn}/*"
+      "${aws_s3_bucket.root.arn}/*"
     ]
   }
 }
-
-
-data "aws_iam_policy_document" "www_access_public" {
-  count = (var.need_www_redirect) ? 1 : 0
-
-  statement {
-    sid = "allowReqFromCloudFrontOnly"
-    effect = "Allow"
-
-    principals {
-      type        = "Service"
-      identifiers = ["cloudfront.amazonaws.com"]
-    }
-
-
-    actions = [
-      "s3:GetObject"
-    ]
-
-    resources = [
-      "${aws_s3_bucket.web_portal_redirect[0].arn}/*"
-    ]
-
-    condition {
-      test     = "StringEquals"
-      variable = "AWS:SourceArn"
-      values   = [format("arn:aws:cloudfront::%s:distribution/%s", data.aws_caller_identity.current.account_id, aws_cloudfront_distribution.public_www[0].id)]
-    }
-  }
-}
diff --git a/s3-policy-www.tf b/s3-policy-www.tf
diff --git a/s3-root.tf b/s3-root.tf
diff --git a/s3-www.tf b/s3-www.tf

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`output "bucket" {`
`2`		`- value = aws_s3_bucket.web_portal`
	`2`	`+ value = aws_s3_bucket.root`
`3`	`3`	`description = "S3 Bucket created for the Static Website"`
`4`	`4`	`}`
`5`	`5`
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ data "aws_route53_zone" "by_name" {`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`# creating A records in Route 53 to route traffic to the website`
`14`		`-resource "aws_route53_record" "root-a" {`
	`14`	`+resource "aws_route53_record" "a_record_root" {`
`15`	`15`	`zone_id = (var.hosted_zone_id != null) ? data.aws_route53_zone.by_id[0].zone_id : data.aws_route53_zone.by_name[0].zone_id`
`16`	`16`	`name = local.domain_name`
`17`	`17`	`type = "A"`
`@@ -23,7 +23,7 @@ resource "aws_route53_record" "root-a" {`
`23`	`23`	`}`
`24`	`24`	`}`
`25`	`25`
`26`		`-resource "aws_route53_record" "www-a" {`
	`26`	`+resource "aws_route53_record" "a_record_www" {`
`27`	`27`	`count = (var.need_www_redirect) ? 1 : 0`
`28`	`28`
`29`	`29`	`zone_id = (var.hosted_zone_id != null) ? data.aws_route53_zone.by_id[0].zone_id : data.aws_route53_zone.by_name[0].zone_id`