add CloudFrontFullAccess to IAM user to documentation and adding nuss…

…ubg aliases
ameyrupji-com · Nov 7, 2020 · 1eaafb2 · 1eaafb2
1 parent dd9994b
commit 1eaafb2
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 48 deletions.
diff --git a/README.md b/README.md
@@ -4,46 +4,49 @@
 
 This GitHub repository contains the code to create the infrastructure necessary to host my website across multiple cloud providers (AWS, Google). I am using Terraform to create the required infrastructure to enable feature deployment and easy testability of the website.
 
-This code demonstrates my ability to work with multiple cloud providers using terraform to build, change, and version infrastructure safely and efficiently. I am using CircleCI to build and deploy my infrastructure using enterprise style deployment pattern by using feature branch deployment. 
+This code demonstrates my ability to work with multiple cloud providers using terraform to build, change, and version infrastructure safely and efficiently. I am using CircleCI to build and deploy my infrastructure using enterprise style deployment pattern by using feature branch deployment.
 
-Please feel free to use any part of this repository. If you find this useful please Star or Folk this repository. If there is any suggestion for improvement within this code feel free to shoot me an email or create an issue.  
+Please feel free to use any part of this repository. If you find this useful please Star or Folk this repository. If there is any suggestion for improvement within this code feel free to shoot me an email or create an issue.
 
+A web representation of the Infrastructure created can be found at [http://infrastructure.ameyrupji.com](http://infrastructure.ameyrupji.com)
 
 ### Daigram
+
 ![Infrastructure Diagram](/images/ameyrupji.com-blueprint.png)
 
 Link:
 https://cloudcraft.co/view/a84a92f3-0147-42eb-be3e-bc849d99d6d6?key=7EtAxVRr-L84VOa7CFUsWA&embed=true
 
 ## Prerequisites
 
-### Installed Software 
+### Installed Software
 
 - Web browser
 
-### Editors 
+### Editors
 
-- Visual Sudio Code or Atom or any other text exitor of your choice 
+- Visual Sudio Code or Atom or any other text exitor of your choice
 
-### AWS Setup 
+### AWS Setup
 
 This needs to be done manually before you can run the terraform code below:
 
 - Buy/Register ameyrupji.com domain through Route53 Service using the portal.
 - Create the following S3 Buckets using the portal
-    - ameyrupji.com-iac - Stores the terraform state files.
-    - ameyrupji.com-assets, beta.ameyrupji.com-assets - Stores the assets for each environment
+  - ameyrupji.com-iac - Stores the terraform state files.
+  - ameyrupji.com-assets, beta.ameyrupji.com-assets - Stores the assets for each environment
 - Hosted zones should automatically created while registering domain.
-- Create a certificate for *.ameyrupji.com (for prod) and *.beta.ameyrupji.com (for beta) through ACM Servie using the web portal.
+- Create a certificate for _.ameyrupji.com (for prod) and _.beta.ameyrupji.com (for beta) through ACM Servie using the web portal.
 - User for programatic AdminAccess (cli-user)
 - S3 Bucket created to store state (ameyrupji.com-iac) and artifacts (ameyrupji.com-artifacts).
 - IAM User to run terrafrom scripts (cirlce-ci-iac). The following policies need to be attached:
-    - AmazonS3FullAccess
-    - AmazonRoute53DomainsFullAccess
-    - AWSAPIGatewayAdmin
-    - AWSLambdaFullAccess
-    - AWSIAMFullAccess
-    - AWSCertificateManagerReadOnly
+  - AmazonS3FullAccess
+  - AmazonRoute53DomainsFullAccess
+  - AWSAPIGatewayAdmin
+  - AWSLambdaFullAccess
+  - AWSIAMFullAccess
+  - AWSCertificateManagerReadOnly
+  - CloudFrontFullAccess
 - Update Environment Variables (AWS_ACCESS_KEY_ID, AWS_REGION, AWS_SECRET_ACCESS_KEY) for CircleCI Build to be able to communicate with AWS.
 
 ## Infrastructure
@@ -54,56 +57,54 @@ Two different environments are maintained **prod** and **beta**. For each of the
 
 - S3 Buckets
 
-Use | Prod Bucket Name | Beta Bucket Name
---- | --- | --- 
-Main Subdomain | ameyrupji.com | beta.ameyrupji.com
-Alternate Subdomain | www.ameyrupji.com | www.beta.ameyrupji.com
-Blog Subdomain | blog.ameyrupji.com | blog.beta.ameyrupji.com
-Code Subdomain | code.ameyrupji.com | code.beta.ameyrupji.com
-IaC Subdomain | iac.ameyrupji.com | iac.beta.ameyrupji.com
-Images Subdomain | images.ameyrupji.com | images.beta.ameyrupji.com
-Old  Subdomain | old.ameyrupji.com | old.beta.ameyrupji.com
-Style Guide Subdomain | styleguide.ameyrupji.com | styleguide.beta.ameyrupji.com
+| Use                   | Prod Bucket Name         | Beta Bucket Name              |
+| --------------------- | ------------------------ | ----------------------------- |
+| Main Subdomain        | ameyrupji.com            | beta.ameyrupji.com            |
+| Alternate Subdomain   | www.ameyrupji.com        | www.beta.ameyrupji.com        |
+| Blog Subdomain        | blog.ameyrupji.com       | blog.beta.ameyrupji.com       |
+| Code Subdomain        | code.ameyrupji.com       | code.beta.ameyrupji.com       |
+| IaC Subdomain         | iac.ameyrupji.com        | iac.beta.ameyrupji.com        |
+| Images Subdomain      | images.ameyrupji.com     | images.beta.ameyrupji.com     |
+| Old Subdomain         | old.ameyrupji.com        | old.beta.ameyrupji.com        |
+| Style Guide Subdomain | styleguide.ameyrupji.com | styleguide.beta.ameyrupji.com |
 
 - Hosted Zones Record Sets
 
-Use | Prod Record Set Name | Beta Record Set Name
---- | --- | --- 
-Main Subdomain |  | beta
-Alternate Subdomain | www | www.beta
-Blog Subdomain | blog | blog.beta
-Code Subdomain | code | code.beta
-IaC Subdomain | iac | iac.beta
-Images Subdomain | images | images.beta
-Old Subdomain | old | old.beta
-Style Guide Subdomain | styleguide | styleguide.beta
+| Use                   | Prod Record Set Name | Beta Record Set Name |
+| --------------------- | -------------------- | -------------------- |
+| Main Subdomain        |                      | beta                 |
+| Alternate Subdomain   | www                  | www.beta             |
+| Blog Subdomain        | blog                 | blog.beta            |
+| Code Subdomain        | code                 | code.beta            |
+| IaC Subdomain         | iac                  | iac.beta             |
+| Images Subdomain      | images               | images.beta          |
+| Old Subdomain         | old                  | old.beta             |
+| Style Guide Subdomain | styleguide           | styleguide.beta      |
 
 - API Gateway
 
-Url | Description
---- | --- 
-api.ameyrupji.com | API gateway for main domain 
-beta.api.ameyrupji.com | API gateway for beta domain
+| Url                    | Description                 |
+| ---------------------- | --------------------------- |
+| api.ameyrupji.com      | API gateway for main domain |
+| beta.api.ameyrupji.com | API gateway for beta domain |
 
 The following endpoints are implemented:
 
-Url | Method | Description
---- | --- | --- 
-/ | OPTIONS | Used to enable CORS for _/ (root)_ resource.
-/ | GET | Sample Hello world at the root of the website served through the lambda.
-/email | OPTIONS | Used to enable CORS for _/email_ resource.
-/email | POST | Endpoint to send email to me.
-
+| Url    | Method  | Description                                                              |
+| ------ | ------- | ------------------------------------------------------------------------ |
+| /      | OPTIONS | Used to enable CORS for _/ (root)_ resource.                             |
+| /      | GET     | Sample Hello world at the root of the website served through the lambda. |
+| /email | OPTIONS | Used to enable CORS for _/email_ resource.                               |
+| /email | POST    | Endpoint to send email to me.                                            |
 
 ## Useful links to dependant repositories
 
 - Website Code: https://github.com/ameyrupji-com/ameyrupji.com
 
-
 #### TODOs:
 
 - [x] Api Gateway with domain (api) for sending emails as POST request through the UI.
 - [ ] Testing IaC (https://github.com/gruntwork-io/terratest)
 - [ ] Lambda code as Git Submodule + Build changes.
 - [ ] Cloud Front CDN for ameyrupji.com.
-- [ ] Upgrade state to store in DynamoDB table to Terraform State.
+- [ ] Upgrade state to store in DynamoDB table to Terraform State.
diff --git a/terraform/src/modules/s3_secure_web_hosting/cloudfront.tf b/terraform/src/modules/s3_secure_web_hosting/cloudfront.tf
@@ -14,6 +14,8 @@ resource "aws_cloudfront_distribution" "secure_web_cloudfront_distribution" {
 
   #   aliases = ["${compact(concat(list(var.domain), var.aliases))}"]
 
+  aliases = ["${var.domain}"]
+
   viewer_certificate {
     acm_certificate_arn      = "${data.aws_acm_certificate.domain_certificate.arn}"
     minimum_protocol_version = "TLSv1"