blob: 735f30a7086b865696003381a0f8a4aaedebc998 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
terraform {
backend "s3" {
bucket = "terraform.grimoire"
key = "bliki.tfstate"
region = "ca-central-1"
}
}
provider "aws" {
region = "ca-central-1"
}
# CloudFront needs certificates in us-east-1.
provider "aws" {
alias = "cloudfront"
region = "us-east-1"
}
resource "aws_s3_bucket" "bliki" {
bucket = "grimoire.ca"
tags = {
Project = "bliki"
}
}
resource "aws_s3_bucket_website_configuration" "bliki" {
bucket = aws_s3_bucket.bliki.id
index_document {
suffix = "index.html"
}
}
resource "aws_s3_bucket_policy" "bliki" {
bucket = aws_s3_bucket.bliki.id
policy = <<POLICY
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal": "*",
"Action": ["s3:GetObject"],
"Resource": ["${aws_s3_bucket.bliki.arn}/*"]
}
]
}
POLICY
}
resource "aws_acm_certificate" "bliki" {
provider = aws.cloudfront
# There's a circular dependency between the zone, the distribution, and the
# cert here. Rather than trying to figure out how to make Terraform solve it,
# hard-code the domain name.
domain_name = "grimoire.ca"
validation_method = "DNS"
tags = {
Project = "bliki"
}
}
resource "aws_route53_record" "bliki_validation" {
for_each = {
for dvo in aws_acm_certificate.bliki.domain_validation_options :
dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
zone_id = data.aws_route53_zone.grimoire_ca.zone_id
ttl = 60
name = each.value.name
type = each.value.type
records = [
each.value.record,
]
}
data "aws_route53_zone" "grimoire_ca" {
name = "grimoire.ca"
}
|
