Automated update of generated boilerplate by goldstack.party

Author: mxro

.pnp.cjs

@@ -37,5 +37,6 @@
   "editor.codeActionsOnSave": {
     "source.fixAll.biome": "explicit",
     "source.organizeImports.biome": "explicit"
-  }
+  },
+  "open-in-external-terminal.additionalArgs": ["-w goldstack"]
 }

.vscode/settings.json

@@ -2,8 +2,8 @@
   "remoteState": [
     {
       "user": "goldstack-dev",
-      "terraformStateBucket": "goldstack-tfstate-16524ba4adeb583108e73ff7acd7ac07fcf27788",
-      "terraformStateDynamoDBTable": "goldstack-tfstate-16524ba4adeb583108e73ff7acd7ac07fcf27788-lock"
+      "terraformStateBucket": "goldstack-tfstate-03b90ca07e220fc6042dd32d2efd2215565320a4",
+      "terraformStateDynamoDBTable": "goldstack-tfstate-03b90ca07e220fc6042dd32d2efd2215565320a4-lock"
     }
   ]
 }

config/infra/aws/terraform.json

@@ -11,10 +11,10 @@
       "awsRegion": "us-west-2",
       "configuration": {
         "hostedZoneDomain": "dev.goldstack.party",
-        "websiteDomain": "nextjsbootstrap-1769230720001.tests.dev.goldstack.party",
+        "websiteDomain": "nextjsbootstrap-1769314078965.tests.dev.goldstack.party",
         "defaultCacheDuration": 10
       },
-      "tfStateKey": "app-nextjs-bootstrap-1-prod-687cda9e062752ab7d0b.tfstate"
+      "tfStateKey": "app-nextjs-bootstrap-1-prod-3183a0de70d060196e5a.tfstate"
     }
   ]
 }

packages/app-nextjs-bootstrap-1/goldstack.json

@@ -1,101 +0,0 @@
-resource "aws_iam_role" "lambda_exec" {
-  name               = "${var.website_domain}-edge"
-  assume_role_policy = <<-EOF
-  {
-    "Version": "2012-10-17",
-    "Statement": [
-      {
-        "Action": "sts:AssumeRole",
-        "Principal": {
-          "Service": [
-            "lambda.amazonaws.com",
-            "edgelambda.amazonaws.com"
-          ]
-        },
-        "Effect": "Allow",
-        "Sid": ""
-      }
-    ]
-  }
-  EOF
-
-  # tags = {
-  #   ManagedBy = "terraform"
-  #   Changed   = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp())
-  # }
-
-  # lifecycle {
-  #   ignore_changes = [tags]
-  # }
-}
-
-data "archive_file" "empty_lambda" {
-  type = "zip"
-  output_path = "${path.module}/empty_lambda.zip"
-
-  source {
-    content = "exports.handler = function() { };"
-    filename = "lambda.js"
-  }
-}
-
-resource "aws_cloudwatch_log_group" "edge" {
-  provider          = aws.us-east-1
-  name              = "/aws/lambda/${replace(var.website_domain, ".", "-")}-edge"
-  retention_in_days = 30
-}
-
-resource "aws_lambda_function" "edge" {
-  provider         = aws.us-east-1
-  function_name    =  "${replace(var.website_domain, ".", "-")}-edge"
-  description      = "Edge Lambda for CloudFront Routing"
-  filename         = data.archive_file.empty_lambda.output_path
-  handler          = "lambda.handler"
-  runtime          = "nodejs20.x"
-  role             = aws_iam_role.lambda_exec.arn
-  timeout          = 30
-  memory_size      = 512
-  publish          = true
-
-  logging_config {
-    log_format = "Text"
-    log_group = aws_cloudwatch_log_group.edge.name
-  }
-
-  lifecycle {
-    ignore_changes = [
-       filename,
-    ]
-  }
-}
-
-# Explicit roles to allow logging for Lambda. Not strictly required here due to the full admin access
-# granted in the lambda_admin_role_attach above. But added here to make it easier to fine-tune permissions
-# in the above at a later point. 
-resource "aws_iam_policy" "lambda_logging" {
-  name        = "${var.website_domain}-edge-lambda-logging-role"
-  path        = "/"
-  description = "IAM policy for logging from a lambda"
-
-  policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": [
-        "logs:CreateLogGroup",
-        "logs:CreateLogStream",
-        "logs:PutLogEvents"
-      ],
-      "Resource": "arn:aws:logs:*:*:*",
-      "Effect": "Allow"
-    }
-  ]
-}
-EOF
-}
-
-resource "aws_iam_role_policy_attachment" "edge_lambda_logs" {
-  role       = aws_iam_role.lambda_exec.name
-  policy_arn = aws_iam_policy.lambda_logging.arn
-}

packages/app-nextjs-bootstrap-1/infra/aws/.terraform.lock.hcl

@@ -3,7 +3,7 @@ output "website_cdn_root_id" {
   value       = aws_cloudfront_distribution.website_cdn_root.id
 }
 
-output "edge_function_name" {
-  description = "Lambda@Edge name for routing"
-  value       = aws_lambda_function.edge.function_name 
-}
+output "routing_function_name" {
+  description = "CloudFront Function name for routing"
+  value       = aws_cloudfront_function.routing.name
+}

packages/app-nextjs-bootstrap-1/infra/aws/edge.tf

@@ -1,17 +1,13 @@
 
 # Creates bucket for forward domain
 resource "aws_s3_bucket" "website_redirect" {
-  count  = var.website_domain_redirect != null ? 1 : 0
+  count = var.website_domain_redirect != null ? 1 : 0
 
   bucket = "${var.website_domain}-redirect"
 
   # Remove this line if you want to prevent accidential deletion of bucket
   force_destroy = true
 
-  website {
-    redirect_all_requests_to = "https://${var.website_domain}"
-  }
-
   tags = {
     ManagedBy = "terraform"
     Changed   = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp())
@@ -22,8 +18,19 @@ resource "aws_s3_bucket" "website_redirect" {
   }
 }
 
+resource "aws_s3_bucket_website_configuration" "website_redirect" {
+  count = var.website_domain_redirect != null ? 1 : 0
+
+  bucket = aws_s3_bucket.website_redirect[0].id
+
+  redirect_all_requests_to {
+    host_name = var.website_domain
+    protocol  = "https"
+  }
+}
+
 resource "aws_s3_bucket_public_access_block" "website_redirect" {
-  count  = var.website_domain_redirect != null ? 1 : 0
+  count = var.website_domain_redirect != null ? 1 : 0
 
   bucket = aws_s3_bucket.website_redirect[0].id
 
@@ -34,7 +41,7 @@ resource "aws_s3_bucket_public_access_block" "website_redirect" {
 }
 
 resource "aws_s3_bucket_ownership_controls" "website_redirect" {
-  count  = var.website_domain_redirect != null ? 1 : 0
+  count = var.website_domain_redirect != null ? 1 : 0
 
   bucket = aws_s3_bucket.website_redirect[0].id
   rule {
@@ -43,11 +50,11 @@ resource "aws_s3_bucket_ownership_controls" "website_redirect" {
 }
 
 resource "aws_s3_bucket_acl" "website_redirect" {
-  count  = var.website_domain_redirect != null ? 1 : 0
+  count = var.website_domain_redirect != null ? 1 : 0
 
   depends_on = [
-	  aws_s3_bucket_public_access_block.website_redirect,
-	  aws_s3_bucket_ownership_controls.website_redirect,
+    aws_s3_bucket_public_access_block.website_redirect,
+    aws_s3_bucket_ownership_controls.website_redirect,
   ]
 
   bucket = aws_s3_bucket.website_redirect[0].id
@@ -56,11 +63,11 @@ resource "aws_s3_bucket_acl" "website_redirect" {
 }
 
 resource "aws_s3_bucket_policy" "website_redirect" {
-  count  = var.website_domain_redirect != null ? 1 : 0
+  count = var.website_domain_redirect != null ? 1 : 0
 
   depends_on = [
-	  aws_s3_bucket_public_access_block.website_redirect,
-	  aws_s3_bucket_ownership_controls.website_redirect,
+    aws_s3_bucket_public_access_block.website_redirect,
+    aws_s3_bucket_ownership_controls.website_redirect,
   ]
 
   bucket = aws_s3_bucket.website_redirect[0].id
@@ -78,31 +85,29 @@ data "aws_iam_policy_document" "website_redirect" {
       "s3:GetObject",
     ]
 
-    resources = [ 
+    resources = [
       "arn:aws:s3:::${var.website_domain}-redirect/*"
     ]
   }
 }
 
 
-resource "aws_s3_bucket_object" "redirect_file" {
-  count  = var.website_domain_redirect != null ? 1 : 0
+resource "aws_s3_object" "redirect_file" {
+  count = var.website_domain_redirect != null ? 1 : 0
 
   key     = "index.html"
   bucket  = aws_s3_bucket.website_redirect[0].bucket
   content = "Redirect placeholder."
 
-  content_type = "text/html"
+  content_type     = "text/html"
   website_redirect = "https://${var.website_domain}/"
 
   force_destroy = true
 }
 
-
-
 # CloudFront for redirect (to support https://)
 resource "aws_cloudfront_distribution" "website_cdn_redirect" {
-  count  = var.website_domain_redirect != null ? 1 : 0
+  count = var.website_domain_redirect != null ? 1 : 0
 
   depends_on = [
   ]
@@ -113,33 +118,25 @@ resource "aws_cloudfront_distribution" "website_cdn_redirect" {
 
   origin {
     origin_id   = "origin-bucket-${aws_s3_bucket.website_redirect[0].id}"
-    domain_name = aws_s3_bucket.website_redirect[0].website_endpoint
+    domain_name = aws_s3_bucket_website_configuration.website_redirect[0].website_endpoint
 
     custom_origin_config {
-      http_port = 80
-      https_port = 443
+      http_port              = 80
+      https_port             = 443
       origin_protocol_policy = "http-only"
-      origin_ssl_protocols = ["TLSv1.2"]
+      origin_ssl_protocols   = ["TLSv1.2"]
     }
   }
 
   default_cache_behavior {
     allowed_methods  = ["GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT", "DELETE"]
     cached_methods   = ["GET", "HEAD"]
     target_origin_id = "origin-bucket-${aws_s3_bucket.website_redirect[0].id}"
-    min_ttl          = "0"
-    default_ttl      = tostring(var.default_cache_duration)
-    max_ttl          = "1200"
-
-    viewer_protocol_policy = "redirect-to-https" # Redirects any HTTP request to HTTPS
-    compress               = true
-
-    forwarded_values {
-      query_string = false
-      cookies {
-        forward = "none"
-      }
-    }
+
+    viewer_protocol_policy   = "redirect-to-https" # Redirects any HTTP request to HTTPS
+    compress                 = true
+    cache_policy_id          = "4135ea2d-6df8-44a3-9df3-4b5a84be39ad" # CachingDisabled
+    origin_request_policy_id = "88a5eaf4-2fd4-4709-b84d-a0c0ba98654c" # CORS-S3Origin
 
   }
 
@@ -169,7 +166,7 @@ resource "aws_cloudfront_distribution" "website_cdn_redirect" {
 
 # Creates record to point to redirect CloudFront distribution
 resource "aws_route53_record" "website_cdn_redirect_record" {
-  count  = var.website_domain_redirect != null ? 1 : 0
+  count = var.website_domain_redirect != null ? 1 : 0
 
   zone_id = data.aws_route53_zone.main.zone_id
   name    = var.website_domain_redirect
@@ -181,4 +178,3 @@ resource "aws_route53_record" "website_cdn_redirect_record" {
     evaluate_target_health = false
   }
 }
-