diff --git a/terraform/README.md b/terraform/README.md
index 7dc09ce..d40f6fd 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -6,28 +6,42 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.8.2 |
-| [archive](#requirement\_archive) | 2.5.0 |
-| [aws](#requirement\_aws) | 5.64.0 |
+| [archive](#requirement\_archive) | 2.6.0 |
+| [aws](#requirement\_aws) | 5.69.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.64.0 |
+| [aws](#provider\_aws) | 5.69.0 |
+| [aws.global](#provider\_aws.global) | 5.69.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [kitten\_science\_website](#module\_kitten\_science\_website) | ./modules/kitten-science-website | n/a |
+| [kitten\_science\_website\_beta8](#module\_kitten\_science\_website\_beta8) | ./modules/kitten-science-website | n/a |
## Resources
| Name | Type |
|------|------|
-| [aws_route53_record.github_validation](https://registry.terraform.io/providers/hashicorp/aws/5.64.0/docs/resources/route53_record) | resource |
-| [aws_route53_record.google_validation](https://registry.terraform.io/providers/hashicorp/aws/5.64.0/docs/resources/route53_record) | resource |
-| [aws_route53_zone.kitten_science](https://registry.terraform.io/providers/hashicorp/aws/5.64.0/docs/data-sources/route53_zone) | data source |
+| [aws_cloudfront_response_headers_policy.this](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/cloudfront_response_headers_policy) | resource |
+| [aws_iam_policy.maintainer](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/iam_policy) | resource |
+| [aws_iam_role.maintainer](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy_attachment.maintainer](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_route53_record.github_validation](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/route53_record) | resource |
+| [aws_route53_record.google_validation](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/route53_record) | resource |
+| [aws_s3_bucket.this](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_ownership_controls.this](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/s3_bucket_ownership_controls) | resource |
+| [aws_s3_bucket_policy.this](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/s3_bucket_policy) | resource |
+| [aws_s3_bucket_public_access_block.this](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_s3_bucket_website_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/resources/s3_bucket_website_configuration) | resource |
+| [aws_iam_policy_document.maintainer](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.maintainer_assume_role](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.s3_public_read](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_route53_zone.kitten_science](https://registry.terraform.io/providers/hashicorp/aws/5.69.0/docs/data-sources/route53_zone) | data source |
## Inputs
diff --git a/terraform/modules/kitten-science-website/iam.tf b/terraform/iam.tf
similarity index 85%
rename from terraform/modules/kitten-science-website/iam.tf
rename to terraform/iam.tf
index 38f589e..9769560 100644
--- a/terraform/modules/kitten-science-website/iam.tf
+++ b/terraform/iam.tf
@@ -30,7 +30,7 @@ data "aws_iam_policy_document" "maintainer_assume_role" {
}
}
resource "aws_iam_role" "maintainer" {
- name = "${var.bucket_name}-maintainer"
+ name = "${local.bucket_name}-maintainer"
assume_role_policy = data.aws_iam_policy_document.maintainer_assume_role.json
}
@@ -47,13 +47,13 @@ data "aws_iam_policy_document" "maintainer" {
effect = "Allow"
actions = ["cloudfront:*"]
resources = [
- aws_cloudfront_distribution.schema.arn,
- aws_cloudfront_distribution.this.arn
+ module.kitten_science_website.cloudfront_distribution_arn,
+ module.kitten_science_website_beta8.cloudfront_distribution_arn,
]
}
}
resource "aws_iam_policy" "maintainer" {
- name = "${var.bucket_name}-maintainer"
+ name = "${local.bucket_name}-maintainer"
description = "Allows changing the Kitten Science website."
policy = data.aws_iam_policy_document.maintainer.json
}
diff --git a/terraform/locals.tf b/terraform/locals.tf
index ed00520..c4156f1 100644
--- a/terraform/locals.tf
+++ b/terraform/locals.tf
@@ -1,4 +1,5 @@
locals {
+ bucket_name = "kitten-science-us0"
domain_name = "kitten-science.com"
tags = {
"ks:group" = "base"
diff --git a/terraform/main.tf b/terraform/main.tf
index 456953e..be83eab 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -1,8 +1,31 @@
module "kitten_science_website" {
source = "./modules/kitten-science-website"
bucket_name = "kitten-science-us0"
+ comment = "Kitten Science Main"
domain_name = local.domain_name
+ origin_domain_name = aws_s3_bucket_website_configuration.this.website_endpoint
+ origin_id = aws_s3_bucket.this.bucket
+ response_headers_policy_id = aws_cloudfront_response_headers_policy.this.id
+
+ providers = {
+ aws = aws
+ aws.global = aws.global
+ }
+}
+module "kitten_science_website_beta8" {
+ source = "./modules/kitten-science-website"
+ bucket_name = "kitten-science-us0"
+ comment = "Kitten Science v2.0.0-beta.8"
+ domain_name = local.domain_name
+ lambda_function_name = "redirect-releases-beta8"
+ site_name = "beta8"
+
+ origin_domain_name = aws_s3_bucket_website_configuration.this.website_endpoint
+ origin_id = aws_s3_bucket.this.bucket
+ origin_path = "/v2.0.0-beta.8"
+ response_headers_policy_id = aws_cloudfront_response_headers_policy.this.id
+
providers = {
aws = aws
aws.global = aws.global
diff --git a/terraform/modules/kitten-science-website/README.md b/terraform/modules/kitten-science-website/README.md
index 461177f..71866fd 100644
--- a/terraform/modules/kitten-science-website/README.md
+++ b/terraform/modules/kitten-science-website/README.md
@@ -27,48 +27,40 @@ No modules.
|------|------|
| [aws_acm_certificate.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate) | resource |
| [aws_acm_certificate_validation.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate_validation) | resource |
-| [aws_cloudfront_distribution.schema](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
| [aws_cloudfront_distribution.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
-| [aws_cloudfront_response_headers_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_response_headers_policy) | resource |
| [aws_iam_policy.lambda_logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy.maintainer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_role.maintainer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role.redirect](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.aws_xray_write_only_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.lambda_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_iam_role_policy_attachment.maintainer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_lambda_function.redirect](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
| [aws_lambda_permission.edgelambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
-| [aws_route53_record.schema](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
-| [aws_route53_record.validation_kitten_science](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
-| [aws_route53_record.validation_rm_rf](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
-| [aws_s3_bucket.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
-| [aws_s3_bucket_ownership_controls.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource |
-| [aws_s3_bucket_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
-| [aws_s3_bucket_public_access_block.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
-| [aws_s3_bucket_website_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_website_configuration) | resource |
+| [aws_route53_record.validation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [archive_file.redirect](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
| [aws_cloudfront_cache_policy.uncached](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudfront_cache_policy) | data source |
| [aws_cloudfront_origin_request_policy.cors](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudfront_origin_request_policy) | data source |
| [aws_iam_policy.aws_xray_write_only_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
| [aws_iam_policy_document.lambda_logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.maintainer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.maintainer_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.redirect_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.s3_public_read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_route53_zone.kitten_science](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
-| [aws_route53_zone.rm_rf](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
+| [aws_route53_zone.domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [bucket\_name](#input\_bucket\_name) | The name of the S3 bucket to create for the website. | `string` | n/a | yes |
+| [comment](#input\_comment) | The comment for the CloudFront distribution | `string` | n/a | yes |
| [domain\_name](#input\_domain\_name) | The name of the Route53 domain to use. | `string` | n/a | yes |
| [lambda\_function\_name](#input\_lambda\_function\_name) | n/a | `string` | `"redirect-releases"` | no |
+| [origin\_domain\_name](#input\_origin\_domain\_name) | n/a | `string` | n/a | yes |
+| [origin\_id](#input\_origin\_id) | n/a | `string` | n/a | yes |
+| [origin\_path](#input\_origin\_path) | The path in the S3 bucket that should be served on the website. | `string` | `"/main"` | no |
+| [response\_headers\_policy\_id](#input\_response\_headers\_policy\_id) | n/a | `string` | n/a | yes |
+| [site\_name](#input\_site\_name) | n/a | `string` | `null` | no |
## Outputs
-No outputs.
+| Name | Description |
+|------|-------------|
+| [cloudfront\_distribution\_arn](#output\_cloudfront\_distribution\_arn) | n/a |
diff --git a/terraform/modules/kitten-science-website/cloudfront.tf b/terraform/modules/kitten-science-website/cloudfront.tf
index 249ab3b..c82d0bc 100644
--- a/terraform/modules/kitten-science-website/cloudfront.tf
+++ b/terraform/modules/kitten-science-website/cloudfront.tf
@@ -1,45 +1,22 @@
# Certificate
resource "aws_acm_certificate" "this" {
- domain_name = var.domain_name
+ domain_name = local.fqdn
key_algorithm = "EC_prime256v1"
validation_method = "DNS"
- subject_alternative_names = [
- "schema.${var.domain_name}",
- "ks.rm-rf.link"
- ]
-
lifecycle {
create_before_destroy = true
}
provider = aws.global
}
-resource "aws_route53_record" "validation_kitten_science" {
- for_each = {
- for dvo in aws_acm_certificate.this.domain_validation_options : dvo.domain_name => {
- name = dvo.resource_record_name
- record = dvo.resource_record_value
- type = dvo.resource_record_type
- } if endswith(dvo.domain_name, data.aws_route53_zone.kitten_science.name)
- }
-
- allow_overwrite = true
- name = each.value.name
- records = [each.value.record]
- ttl = 60
- type = each.value.type
- zone_id = data.aws_route53_zone.kitten_science.zone_id
-
- provider = aws.global
-}
-resource "aws_route53_record" "validation_rm_rf" {
+resource "aws_route53_record" "validation" {
for_each = {
for dvo in aws_acm_certificate.this.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
- } if endswith(dvo.domain_name, "rm-rf.link")
+ } if endswith(dvo.domain_name, data.aws_route53_zone.domain.name)
}
allow_overwrite = true
@@ -47,16 +24,13 @@ resource "aws_route53_record" "validation_rm_rf" {
records = [each.value.record]
ttl = 60
type = each.value.type
- zone_id = data.aws_route53_zone.rm_rf.id
+ zone_id = data.aws_route53_zone.domain.zone_id
provider = aws.global
}
resource "aws_acm_certificate_validation" "this" {
- certificate_arn = aws_acm_certificate.this.arn
- validation_record_fqdns = concat(
- [for record in aws_route53_record.validation_kitten_science : record.fqdn],
- [for record in aws_route53_record.validation_rm_rf : record.fqdn]
- )
+ certificate_arn = aws_acm_certificate.this.arn
+ validation_record_fqdns = [for record in aws_route53_record.validation : record.fqdn]
provider = aws.global
}
@@ -73,17 +47,22 @@ resource "aws_cloudfront_distribution" "this" {
depends_on = [aws_acm_certificate_validation.this]
aliases = [
- var.domain_name,
- "ks.rm-rf.link"
+ local.fqdn
]
- comment = "Kitten Science"
+ comment = var.comment
enabled = true
+ http_version = "http2and3"
is_ipv6_enabled = true
+ web_acl_id = "arn:aws:wafv2:us-east-1:022327457572:global/webacl/CreatedByCloudFront-04e49c94-b220-44e4-9240-3da00e9602aa/d0878d05-aca4-4611-820d-26bbf1fd3ede"
+
+ retain_on_delete = true
+ wait_for_deployment = false
origin {
- domain_name = aws_s3_bucket_website_configuration.this.website_endpoint
- origin_id = aws_s3_bucket.this.bucket
+ domain_name = var.origin_domain_name
+ origin_id = var.origin_id
+ origin_path = var.origin_path
custom_origin_config {
http_port = 80
https_port = 443
@@ -97,8 +76,8 @@ resource "aws_cloudfront_distribution" "this" {
cached_methods = ["GET", "HEAD", "OPTIONS"]
cache_policy_id = data.aws_cloudfront_cache_policy.uncached.id
origin_request_policy_id = data.aws_cloudfront_origin_request_policy.cors.id
- response_headers_policy_id = aws_cloudfront_response_headers_policy.this.id
- target_origin_id = aws_s3_bucket.this.bucket
+ response_headers_policy_id = var.response_headers_policy_id
+ target_origin_id = var.origin_id
lambda_function_association {
event_type = "origin-request"
@@ -113,68 +92,6 @@ resource "aws_cloudfront_distribution" "this" {
max_ttl = 0
}
- #logging_config {
- # bucket = aws_s3_bucket.this.bucket_domain_name
- # prefix = "cloudfront-logs/"
- #}
-
- restrictions {
- geo_restriction {
- restriction_type = "none"
- }
- }
-
- viewer_certificate {
- acm_certificate_arn = aws_acm_certificate.this.arn
- minimum_protocol_version = "TLSv1.2_2021"
- ssl_support_method = "sni-only"
- }
-
- provider = aws.global
-}
-resource "aws_cloudfront_distribution" "schema" {
- depends_on = [aws_acm_certificate_validation.this]
-
- aliases = ["schema.${var.domain_name}"]
- comment = "Kitten Science Schemas"
-
- enabled = true
- is_ipv6_enabled = true
-
- origin {
- domain_name = aws_s3_bucket_website_configuration.this.website_endpoint
- origin_id = aws_s3_bucket.this.bucket
- origin_path = "/schemas"
- custom_origin_config {
- http_port = 80
- https_port = 443
- origin_protocol_policy = "http-only"
- origin_ssl_protocols = ["TLSv1.2"]
- }
- }
-
- default_cache_behavior {
- allowed_methods = ["GET", "HEAD", "OPTIONS"]
- cached_methods = ["GET", "HEAD", "OPTIONS"]
- response_headers_policy_id = aws_cloudfront_response_headers_policy.this.id
- target_origin_id = aws_s3_bucket.this.bucket
-
- compress = true
-
- forwarded_values {
- query_string = false
-
- cookies {
- forward = "none"
- }
- }
-
- viewer_protocol_policy = "redirect-to-https"
- min_ttl = 0
- default_ttl = 86400
- max_ttl = 31536000
- }
-
restrictions {
geo_restriction {
restriction_type = "none"
@@ -189,31 +106,3 @@ resource "aws_cloudfront_distribution" "schema" {
provider = aws.global
}
-
-resource "aws_cloudfront_response_headers_policy" "this" {
- name = var.bucket_name
-
- cors_config {
- access_control_allow_credentials = false
-
- access_control_allow_headers {
- items = [
- "Accept",
- "Accept-Language",
- "Content-Language",
- "Content-Type",
- "Range"
- ]
- }
-
- access_control_allow_methods {
- items = ["GET", "HEAD"]
- }
-
- access_control_allow_origins {
- items = ["*"]
- }
-
- origin_override = true
- }
-}
diff --git a/terraform/modules/kitten-science-website/data.tf b/terraform/modules/kitten-science-website/data.tf
index b63fe14..6faed2f 100644
--- a/terraform/modules/kitten-science-website/data.tf
+++ b/terraform/modules/kitten-science-website/data.tf
@@ -1,6 +1,3 @@
-data "aws_route53_zone" "kitten_science" {
+data "aws_route53_zone" "domain" {
name = var.domain_name
}
-data "aws_route53_zone" "rm_rf" {
- name = "rm-rf.link"
-}
diff --git a/terraform/modules/kitten-science-website/lambda-edge.tf b/terraform/modules/kitten-science-website/lambda-edge.tf
index a186441..d6021b6 100644
--- a/terraform/modules/kitten-science-website/lambda-edge.tf
+++ b/terraform/modules/kitten-science-website/lambda-edge.tf
@@ -36,7 +36,7 @@ data "aws_iam_policy_document" "lambda_logging" {
}
resource "aws_iam_policy" "lambda_logging" {
- name = "lambda-redirect-logging"
+ name_prefix = "lambda-redirect-logging"
path = "/"
description = "IAM policy for logging from a Lambda"
policy = data.aws_iam_policy_document.lambda_logging.json
@@ -52,7 +52,7 @@ resource "aws_iam_role_policy_attachment" "aws_xray_write_only_access" {
}
resource "aws_iam_role" "redirect" {
- name = "lambda-${var.lambda_function_name}"
+ name_prefix = "lambda-${var.lambda_function_name}"
assume_role_policy = data.aws_iam_policy_document.redirect_assume.json
provider = aws.global
diff --git a/terraform/modules/kitten-science-website/locals.tf b/terraform/modules/kitten-science-website/locals.tf
new file mode 100644
index 0000000..bf3c3d9
--- /dev/null
+++ b/terraform/modules/kitten-science-website/locals.tf
@@ -0,0 +1,3 @@
+locals {
+ fqdn = var.site_name != null ? "${var.site_name}.${var.domain_name}" : var.domain_name
+}
diff --git a/terraform/modules/kitten-science-website/output.tf b/terraform/modules/kitten-science-website/output.tf
new file mode 100644
index 0000000..2f2c3a4
--- /dev/null
+++ b/terraform/modules/kitten-science-website/output.tf
@@ -0,0 +1,3 @@
+output "cloudfront_distribution_arn" {
+ value = aws_cloudfront_distribution.this.arn
+}
diff --git a/terraform/modules/kitten-science-website/route53.tf b/terraform/modules/kitten-science-website/route53.tf
index 4fa38a7..99d75e4 100644
--- a/terraform/modules/kitten-science-website/route53.tf
+++ b/terraform/modules/kitten-science-website/route53.tf
@@ -7,21 +7,7 @@ resource "aws_route53_record" "this" {
zone_id = aws_cloudfront_distribution.this.hosted_zone_id
}
- name = var.domain_name
+ name = local.fqdn
type = each.key
- zone_id = data.aws_route53_zone.kitten_science.zone_id
-}
-
-resource "aws_route53_record" "schema" {
- for_each = toset(["A", "AAAA"])
-
- alias {
- evaluate_target_health = true
- name = aws_cloudfront_distribution.schema.domain_name
- zone_id = aws_cloudfront_distribution.schema.hosted_zone_id
- }
-
- name = "schema.${var.domain_name}"
- type = each.key
- zone_id = data.aws_route53_zone.kitten_science.zone_id
+ zone_id = data.aws_route53_zone.domain.zone_id
}
diff --git a/terraform/modules/kitten-science-website/variables.tf b/terraform/modules/kitten-science-website/variables.tf
index 60c5c1e..513e65b 100644
--- a/terraform/modules/kitten-science-website/variables.tf
+++ b/terraform/modules/kitten-science-website/variables.tf
@@ -3,11 +3,37 @@ variable "bucket_name" {
type = string
}
+variable "comment" {
+ description = "The comment for the CloudFront distribution"
+ type = string
+}
+
variable "domain_name" {
description = "The name of the Route53 domain to use."
type = string
}
+variable "origin_path" {
+ default = "/main"
+ description = "The path in the S3 bucket that should be served on the website."
+ type = string
+}
+variable "origin_domain_name" {
+ type = string
+}
+variable "origin_id" {
+ type = string
+}
+variable "response_headers_policy_id" {
+ type = string
+}
+
+variable "site_name" {
+ default = null
+ nullable = true
+ type = string
+}
+
variable "lambda_function_name" {
default = "redirect-releases"
type = string
diff --git a/terraform/modules/kitten-science-website/s3.tf b/terraform/s3.tf
similarity index 69%
rename from terraform/modules/kitten-science-website/s3.tf
rename to terraform/s3.tf
index d8f3760..3e98f7d 100644
--- a/terraform/modules/kitten-science-website/s3.tf
+++ b/terraform/s3.tf
@@ -1,5 +1,5 @@
resource "aws_s3_bucket" "this" {
- bucket = var.bucket_name
+ bucket = local.bucket_name
force_destroy = true
provider = aws.global
@@ -64,3 +64,31 @@ resource "aws_s3_bucket_website_configuration" "this" {
provider = aws.global
}
+
+resource "aws_cloudfront_response_headers_policy" "this" {
+ name = local.bucket_name
+
+ cors_config {
+ access_control_allow_credentials = false
+
+ access_control_allow_headers {
+ items = [
+ "Accept",
+ "Accept-Language",
+ "Content-Language",
+ "Content-Type",
+ "Range"
+ ]
+ }
+
+ access_control_allow_methods {
+ items = ["GET", "HEAD"]
+ }
+
+ access_control_allow_origins {
+ items = ["*"]
+ }
+
+ origin_override = true
+ }
+}