This Terraform deploys resources for a public static website using AWS S3 and Cloudfront with TLS and a public DNS entry together with a suitable ACM certificate and validation. The apex domain is aliased to the www subdomain. This is a useful base from which to deploy website content with e.g. Hugo. Optionally a sample webpage with text and an image may be deployed to demonstrate that the website is working. This code presumes that a hosted zone already exists in the same account for the domain in question - this is automatically provisioned for public domain names registered via Route53 as opposed to transferred from another provider. There are a bewilderment of options available for Cloudfront and S3. It simply isn't practical to include all possible options here. The choices made are appropriate for a personal website.
By default 404 and 403 errors are redirected to /index.html but this is configurable and custom error responses may be specified as demonstrated in the accompanying examples/custom-error-response-and-bucket
This module is also published to the Terraform community module registry
| Name | Version |
|---|---|
| terraform | >= 1.2.8 |
| aws | >= 4.29.0 |
| Name | Version |
|---|---|
| aws | >= 4.29.0 |
| aws.us-east-1 | >= 4.29.0 |
No modules.
| Name | Type |
|---|---|
| aws_acm_certificate.this | resource |
| aws_acm_certificate_validation.this | resource |
| aws_cloudfront_distribution.this | resource |
| aws_cloudfront_origin_access_control.this | resource |
| aws_route53_record.domain_name | resource |
| aws_route53_record.validation | resource |
| aws_route53_record.www_domain_name | resource |
| aws_s3_bucket.this | resource |
| aws_s3_bucket_policy.this | resource |
| aws_s3_bucket_public_access_block.this | resource |
| aws_s3_bucket_versioning.this | resource |
| aws_s3_object.sample_image | resource |
| aws_s3_object.sample_index_html | resource |
| aws_iam_policy_document.this | data source |
| aws_route53_zone.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cloudfront_custom_error_responses | See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GeneratingCustomErrorResponses.html | list(object({ |
[ |
no |
| cloudfront_default_root_object | Default root object for cloudfront. Need to also provide custom error response if changing from default | string |
"index.html" |
no |
| cloudfront_default_ttl | The default TTL for the cloudfront cache | number |
86400 |
no |
| cloudfront_max_ttl | The maximum TTL for the cloudfront cache | number |
31536000 |
no |
| cloudfront_min_ttl | The minimum TTL for the cloudfront cache | number |
0 |
no |
| cloudfront_minimum_protocol_version | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. | string |
"TLSv1.2_2019" |
no |
| cloudfront_price_class | CloudFront distribution price class | string |
"PriceClass_100" |
no |
| deploy_sample_content | Deploy sample content to show website working? | bool |
false |
no |
| domain_name | Domain name for website, used for all resources | string |
n/a | yes |
| s3_bucket_custom_name | Any non-empty string here will replace default name of bucket var.domain_name |
string |
"" |
no |
| s3_bucket_public_access_block | Apply public access block to S3 bucket? | bool |
true |
no |
| s3_bucket_versioning | Apply versioning to S3 bucket? | bool |
false |
no |
| Name | Description |
|---|---|
| acm_certificate_id | n/a |
| cloudfront_distribution_id | n/a |
| cloudfront_domain_name | n/a |
| s3_bucket_arn | n/a |
| s3_bucket_id | n/a |
| s3_bucket_name | deprecated and will be removed - use s3_bucket_id |