[aws/artifacts] Add S3 bucket for storage (#54)

osterman · web-flow · commit df3613501e7c · 2019-01-07T20:53:37.000-08:00
* artifact storage

* Update aws/artifacts/variables.tf

Co-Authored-By: osterman &lt;erik@cloudposse.com&gt;

* add description

* Use CDN

* format

* Add output descriptions

* add descriptions
diff --git a/aws/artifacts/Makefile b/aws/artifacts/Makefile
@@ -0,0 +1,8 @@
+plan:
+	@tfenv terraform $@
+
+apply:
+	@tfenv terraform $@
+
+destroy:
+	@tfenv terraform $@
diff --git a/aws/artifacts/main.tf b/aws/artifacts/main.tf
@@ -0,0 +1,88 @@
+terraform {
+  required_version = ">= 0.11.2"
+
+  backend "s3" {}
+}
+
+provider "aws" {
+  alias  = "virginia"
+  region = "us-east-1"
+
+  assume_role {
+    role_arn = "${var.aws_assume_role_arn}"
+  }
+}
+
+# https://www.terraform.io/artifacts/providers/aws/d/acm_certificate.html
+data "aws_acm_certificate" "acm_cloudfront_certificate" {
+  provider = "aws.virginia"
+  domain   = "${var.domain_name}"
+  statuses = ["ISSUED"]
+  types    = ["AMAZON_ISSUED"]
+}
+
+locals {
+  name               = "artifacts"
+  cdn_domain         = "artifacts.${var.domain_name}"
+  artifacts_user_arn = "arn:aws:iam::${var.aws_account_id}:user/${var.namespace}-${var.stage}-${local.name}"
+}
+
+module "artifacts_user" {
+  source    = "git::https://github.com/cloudposse/terraform-aws-iam-system-user.git?ref=tags/0.2.2"
+  namespace = "${var.namespace}"
+  stage     = "${var.stage}"
+  name      = "${local.name}"
+}
+
+module "origin" {
+  source               = "git::https://github.com/cloudposse/terraform-aws-s3-website.git?ref=tags/0.5.2"
+  namespace            = "${var.namespace}"
+  stage                = "${var.stage}"
+  name                 = "${local.name}"
+  hostname             = "${local.cdn_domain}"
+  parent_zone_name     = "${var.domain_name}"
+  region               = "${var.region}"
+  cors_allowed_headers = ["*"]
+  cors_allowed_methods = ["GET"]
+  cors_allowed_origins = ["*"]
+  cors_max_age_seconds = "3600"
+  cors_expose_headers  = ["ETag"]
+  index_document       = "index.html"
+  error_document       = "404.html"
+
+  deployment_arns = {
+    "${local.artifacts_user_arn}" = [""]
+  }
+
+  deployment_actions = [
+    "s3:PutObjectAcl",
+    "s3:PutObject",
+    "s3:GetObject",
+    "s3:DeleteObject",
+    "s3:AbortMultipartUpload",
+  ]
+}
+
+# CloudFront CDN fronting origin
+module "cdn" {
+  source                 = "git::https://github.com/cloudposse/terraform-aws-cloudfront-cdn.git?ref=tags/0.5.7"
+  namespace              = "${var.namespace}"
+  stage                  = "${var.stage}"
+  name                   = "${local.name}"
+  aliases                = ["${local.cdn_domain}", "artifacts.cloudposse.com"]
+  origin_domain_name     = "${module.origin.s3_bucket_website_endpoint}"
+  origin_protocol_policy = "http-only"
+  viewer_protocol_policy = "redirect-to-https"
+  parent_zone_name       = "${var.domain_name}"
+  forward_cookies        = "none"
+  forward_headers        = ["Origin", "Access-Control-Request-Headers", "Access-Control-Request-Method"]
+  default_ttl            = 60
+  min_ttl                = 0
+  max_ttl                = 86400
+  compress               = "true"
+  cached_methods         = ["GET", "HEAD"]
+  allowed_methods        = ["GET", "HEAD", "OPTIONS"]
+  price_class            = "PriceClass_All"
+  default_root_object    = "index.html"
+  acm_certificate_arn    = "${data.aws_acm_certificate.acm_cloudfront_certificate.arn}"
+}
diff --git a/aws/artifacts/outputs.tf b/aws/artifacts/outputs.tf
@@ -0,0 +1,94 @@
+output "artifacts_user_name" {
+  value       = "${module.artifacts_user.user_name}"
+  description = "Normalized IAM user name"
+}
+
+output "artifacts_user_arn" {
+  value       = "${module.artifacts_user.user_arn}"
+  description = "The ARN assigned by AWS for the user"
+}
+
+output "artifacts_user_unique_id" {
+  value       = "${module.artifacts_user.user_unique_id}"
+  description = "The user unique ID assigned by AWS"
+}
+
+output "artifacts_user_access_key_id" {
+  value       = "${module.artifacts_user.access_key_id}"
+  description = "The access key ID"
+}
+
+output "artifacts_user_secret_access_key" {
+  value       = "${module.artifacts_user.secret_access_key}"
+  description = "The secret access key. This will be written to the state file in plain-text"
+}
+
+output "artifacts_s3_bucket_name" {
+  value       = "${module.origin.s3_bucket_name}"
+  description = "The S3 bucket which serves as the origin for the CDN and S3 website"
+}
+
+output "artifacts_s3_bucket_domain_name" {
+  value       = "${module.origin.s3_bucket_domain_name}"
+  description = "The bucket domain name. Will be of format bucketname.s3.amazonaws.com."
+}
+
+output "artifacts_s3_bucket_arn" {
+  value       = "${module.origin.s3_bucket_arn}"
+  description = "The ARN of the bucket. Will be of format arn:aws:s3:::bucketname."
+}
+
+output "artifacts_s3_bucket_website_endpoint" {
+  value       = "${module.origin.s3_bucket_website_endpoint}"
+  description = "The website endpoint, if the bucket is configured with a website. If not, this will be an empty string."
+}
+
+output "artifacts_s3_bucket_website_domain" {
+  value       = "${module.origin.s3_bucket_website_domain}"
+  description = "The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records."
+}
+
+output "artifacts_s3_bucket_hosted_zone_id" {
+  value       = "${module.origin.s3_bucket_hosted_zone_id}"
+  description = "The Route 53 Hosted Zone ID for this bucket's region."
+}
+
+output "artifacts_cloudfront_id" {
+  value       = "${module.cdn.cf_id}"
+  description = "The identifier for the distribution. For example: EDFDVBD632BHDS5."
+}
+
+output "artifacts_cloudfront_arn" {
+  value       = "${module.cdn.cf_arn}"
+  description = "The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID."
+}
+
+output "artifacts_cloudfront_aliases" {
+  value       = "${module.cdn.cf_aliases}"
+  description = "Extra CNAMEs (alternate domain names), if any, for this distribution."
+}
+
+output "artifacts_cloudfront_status" {
+  value       = "${module.cdn.cf_status}"
+  description = "The current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system."
+}
+
+output "artifacts_cloudfront_domain_name" {
+  value       = "${module.cdn.cf_domain_name}"
+  description = "The domain name corresponding to the distribution. For example: d604721fxaaqy9.cloudfront.net."
+}
+
+output "artifacts_cloudfront_etag" {
+  value       = "${module.cdn.cf_etag}"
+  description = "The current version of the distribution's information. For example: E2QWRUHAPOMQZL."
+}
+
+output "artifacts_cloudfront_hosted_zone_id" {
+  value       = "${module.cdn.cf_hosted_zone_id}"
+  description = "The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2."
+}
+
+output "artifacts_cloudfront_origin_access_identity_path" {
+  value       = "${module.cdn.cf_origin_access_identity}"
+  description = "The CloudFront origin access identity to associate with the origin."
+}
diff --git a/aws/artifacts/variables.tf b/aws/artifacts/variables.tf
@@ -0,0 +1,28 @@
+variable "aws_assume_role_arn" {
+  type        = "string"
+  description = "The ARN of the role to assume"
+}
+
+variable "domain_name" {
+  type = "string"
+}
+
+variable "namespace" {
+  type        = "string"
+  description = "Namespace (e.g. `cp` or `cloudposse`)"
+}
+
+variable "stage" {
+  type        = "string"
+  description = "Stage (e.g. `prod`, `dev`, `staging`)"
+}
+
+variable "region" {
+  type        = "string"
+  description = "AWS region"
+}
+
+variable "aws_account_id" {
+  type        = "string"
+  description = "AWS account ID"
+}
