A generic Terraform configuration for deploying static websites on AWS using S3, CloudFront, and Route53.
This configuration creates a complete static website hosting infrastructure on AWS:
- S3 Bucket: Stores your static website files
- CloudFront: Global CDN for fast content delivery
- Route53: DNS management for custom domains
- SSL/TLS: Automatic HTTPS with AWS Certificate Manager
aws-static-site-terraform/
βββ main.tf # Provider and backend configuration
βββ variables.tf # Input variables
βββ static-site.tf # S3 and CloudFront resources
βββ acm.tf # SSL certificate management
βββ route53.tf # DNS records
βββ outputs.tf # Output values
βββ setup.sh # Interactive setup script
βββ quick-start.sh # Quick setup with defaults
βββ bootstrap-backend.sh # Backend setup script
βββ deploy-sample.sh # Complete demo deployment script
βββ terraform.tfvars.example # Configuration template
βββ backend.tf.example # Backend configuration template
βββ sample-website/ # Sample website files
β βββ index.html # Homepage
β βββ about.html # About page
β βββ contact.html # Contact page
βββ Makefile # Convenient commands
βββ README.md # This file
- AWS CLI configured with appropriate credentials
- Terraform >= 1.0
- A registered domain name with Route53 hosted zone
- (Optional) SSL certificate issued by AWS Certificate Manager (auto-created by default)
# One-command setup with defaults (includes backend setup)
./quick-start.sh my-project example.com
# Then deploy
terraform init && terraform plan && terraform applyThis will:
- Auto-detect AWS credentials and region
- Create terraform.tfvars with sensible defaults
- Optionally create S3 bucket and DynamoDB table for state management
- Generate backend.tf configuration
-
Configure AWS credentials
aws configure --profile your-profile export AWS_PROFILE=your-profile aws sts get-caller-identity # Verify credentials
-
Run the interactive setup script
./setup.sh
The script will:
- Auto-detect your AWS account ID, region, and profile
- List your Route53 hosted zones
- Guide you through all configuration options
- Optionally setup Terraform backend (S3 + DynamoDB)
- Generate
terraform.tfvarsandbackend.tfautomatically
-
Initialize and deploy
terraform init terraform plan terraform apply
-
Configure AWS credentials (same as above)
-
Create configuration file manually
cp terraform.tfvars.example terraform.tfvars # Edit terraform.tfvars with your actual values -
Initialize and deploy (same as above)
If you only want to setup the Terraform backend:
./bootstrap-backend.shThis creates:
- S3 bucket for Terraform state storage
- DynamoDB table for state locking
- backend.tf configuration file
- Upload your website
# Get the S3 bucket name from output terraform output s3_bucket_name # Upload your static files aws s3 sync ./your-website-files/ s3://$(terraform output -raw s3_bucket_name)/ # Invalidate CloudFront cache aws cloudfront create-invalidation --distribution-id $(terraform output -raw cloudfront_distribution_id) --paths "/*"
setup.sh (Interactive Setup):
- Auto-detection of AWS credentials and settings
- Route53 hosted zone listing
- Input validation and smart defaults
- Backend setup integration
- Colorized output and error handling
quick-start.sh (Minimal Setup):
- Two-parameter setup (project name + domain)
- Automatic backend creation
- Sensible defaults for rapid deployment
bootstrap-backend.sh (Backend Only):
- Creates S3 bucket with encryption and versioning
- Creates DynamoDB table for state locking
- Generates backend.tf configuration
- Handles existing resources gracefully
| Variable | Description | Example |
|---|---|---|
aws_account_id |
AWS Account ID | 123456789012 |
project_name |
Project name (lowercase, alphanumeric with hyphens) | my-website |
domain_name |
Your registered domain | example.com |
- Domain Setup: Choose between subdomain (
app.example.com) or apex domain (example.com) - SSL Certificate: Auto-create ACM certificate with DNS validation, or use existing one
- SPA Support: Enable Single Page Application routing
- Caching: Configure CloudFront TTL settings
- Security: SSL/TLS versions, geo-restrictions
- Storage: S3 versioning and encryption options
- HTTPS Only: Automatic redirect from HTTP to HTTPS
- Origin Access Control: S3 bucket accessible only through CloudFront
- S3 Security: Public access blocked, server-side encryption enabled
- SSL/TLS: Modern TLS versions with SNI support
- Access Control: Optional geo-restrictions
- Versioning: Optional S3 object versioning for rollback capability
- State Security: Terraform state stored in encrypted S3 bucket with versioning
- State Locking: DynamoDB table prevents concurrent modifications
# Format code
terraform fmt
# Validate configuration
terraform validate
# Plan changes
terraform plan
# Apply changes
terraform apply
# Destroy infrastructure
terraform destroyThis configuration is designed to be easily customizable:
- Fork or clone this repository
- Modify variables in
terraform.tfvars - Extend functionality by adding resources to
static-site.tf - Add modules for complex setups
- Certificate validation timeout: Ensure your Route53 hosted zone is properly configured and DNS propagation is complete
- Domain validation: Verify your Route53 hosted zone matches your domain name exactly
- Permission denied: Check AWS credentials and IAM policies (ACM, Route53, CloudFront, S3, DynamoDB permissions needed)
- Resource conflicts: Ensure resource names are unique across your AWS account
- Certificate region: ACM certificates for CloudFront must be created in
us-east-1region (handled automatically) - Backend migration: When running
terraform initwith a new backend, answer 'yes' to migrate existing state - State bucket exists: If the state bucket already exists, ensure you have access and it's in the correct region
# Re-run interactive setup
./setup.sh
# Setup backend only
./bootstrap-backend.sh
# Quick start with defaults
./quick-start.sh project-name domain.com
# Check certificate status
aws acm list-certificates --region us-east-1
# Verify domain in Route53
aws route53 list-hosted-zones
# Test website deployment
curl -I https://your-domain.com
# View current configuration
cat terraform.tfvars
cat backend.tfThis project is open source and available under the MIT License.
Contributions are welcome! Please feel free to submit a Pull Request.
Want to see it in action? Deploy the included sample website:
# Deploy sample site to sample.example.com
./deploy-sample.shThis will:
- β Create terraform.tfvars with sample configuration
- β Setup Terraform backend (S3 + DynamoDB)
- β Deploy infrastructure (S3, CloudFront, ACM, Route53)
- β Upload sample website files
- β Invalidate CloudFront cache
- π Result: Live site at https://sample.example.com
The included sample website demonstrates:
- π± Responsive Design: Works on all devices
- β‘ Fast Loading: Optimized with modern CSS
- π¨ Modern UI: Glassmorphism design with gradients
- π Multi-page: Index, About, Contact pages
- π Analytics Ready: Console logging and deployment info
# Remove all created resources
terraform destroy
# Clean local files
make clean- Domain: sample.example.com
- AWS Account: [Auto-detected]
- Profile: [Auto-detected from environment]
- Region: us-east-1
- Certificate: Auto-created with DNS validation
- Backend: S3 bucket with DynamoDB locking
After successful deployment:
π Deployment Complete!
β¨ Your sample website is now live!
π Site URL: https://sample.example.com
πͺ£ S3 Bucket: sample-site-demo-static-site
π CloudFront Distribution: E1234567890ABC
π Certificate: arn:aws:acm:us-east-1:123456789012:certificate/...