Skip to content

chris-qa-org/terraform-aws-publii-hosting

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

96 Commits
.github/workflows
.github/workflows
 
 
cloudfront-functions
cloudfront-functions
 
 
examples
examples
 
 
lambdas/cloudfront-invalidation
lambdas/cloudfront-invalidation
 
 
policies
policies
 
 
.gitignore
.gitignore
 
 
.terraform-docs.yml
.terraform-docs.yml
 
 
.terraform-version
.terraform-version
 
 
.terraform.lock.hcl
.terraform.lock.hcl
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
certificates.tf
certificates.tf
 
 
cloudfront-frontend-viewer-request-function.tf
cloudfront-frontend-viewer-request-function.tf
 
 
cloudfront-frontend-www-redirect.tf
cloudfront-frontend-www-redirect.tf
 
 
cloudfront-frontend.tf
cloudfront-frontend.tf
 
 
cloudfront-waf.tf
cloudfront-waf.tf
 
 
data.tf
data.tf
 
 
helpers.tf
helpers.tf
 
 
kms.tf
kms.tf
 
 
lambda-cloudfront-invalidation-frontend.tf
lambda-cloudfront-invalidation-frontend.tf
 
 
locals.tf
locals.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
provider.tf.validate-fix
provider.tf.validate-fix
 
 
renovate.json
renovate.json
 
 
route53.tf
route53.tf
 
 
s3-frontend-www-redirect.tf
s3-frontend-www-redirect.tf
 
 
s3-frontend.tf
s3-frontend.tf
 
 
s3-logs.tf
s3-logs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

terraform-aws-publii-hosting

Terraform module to host a static site generated by Publii

Terraform CI GitHub release

This module launches static hosting resources (eg. S3 bucket, Cloudfront) specifically for sites generated by the Static Site Generator Publii

It can in most cases be used to host any static site, however this module adds some configurations for the features of Publii

Key features:

  • Creates an S3 bucket along with an IAM user which has the minimum required permissions to sync from Publii
  • Creates a CloudFront endpoint (And optionally ACM certificates and Route53 records in an existing Hosted Zone)
  • Creates a Lambda function to run a Cloudfront Invalidation when sitemap.xml is created/updated (This file is updated on every sync)
  • Optionally have CloudFront do the right thing when 'Pretty URLs' are enabled (This is achieved via a CloudFront function which adds index.html to the URI if there is no extention)
  • Optionally redirect from the apex domain (eg. example.com) to www (www.example.com). If this is enabled (var.cloudfront_enable_apex_to_www_redirect), the 'Website Url' within 'Server' options should be set to www.yourdomain.com - Publii S3 Server Settings docs (point 26)
  • Optionally enable WAF
  • Optionally add custom origins and cache behaviours

Usage

Requirements

Name Version
terraform >= 1.8.1
aws >= 5.46.0

Providers

Name Version
aws 5.46.0
aws.useast1 5.46.0
random 3.6.1
template 2.2.0

Resources

Name Type
aws_acm_certificate.cloudfront_frontend resource
aws_acm_certificate_validation.cloudfront_frontend resource
aws_cloudfront_distribution.frontend resource
aws_cloudfront_distribution.frontend_www_redirect resource
aws_cloudfront_function.frontend_viewer_request resource
aws_cloudfront_origin_access_identity.frontend resource
aws_cloudfront_origin_access_identity.frontend_www_redirect resource
aws_iam_policy.publii_s3_frontend resource
aws_iam_user.publii_s3_frontend resource
aws_iam_user_policy_attachment.publii_s3_frontend resource
aws_kms_key.s3_bucket_frontend_www_redirect resource
aws_lambda_permission.cloudfront_invalidation_frontend_alllow_s3 resource
aws_route53_record.cloudfront_frontend_tls_certificate_dns_validation resource
aws_route53_record.frontend resource
aws_route53_record.frontend_www_redirect resource
aws_s3_bucket.frontend resource
aws_s3_bucket.frontend_www_redirect resource
aws_s3_bucket.logs resource
aws_s3_bucket_acl.frontend resource
aws_s3_bucket_acl.frontend_www_redirect resource
aws_s3_bucket_acl.logs resource
aws_s3_bucket_logging.frontend resource
aws_s3_bucket_logging.frontend_www_redirect resource
aws_s3_bucket_notification.frontend_cloudfront_invalidation resource
aws_s3_bucket_policy.frontend resource
aws_s3_bucket_policy.frontend_www_redirect resource
aws_s3_bucket_policy.logs resource
aws_s3_bucket_public_access_block.frontend resource
aws_s3_bucket_public_access_block.frontend_www_redirect resource
aws_s3_bucket_public_access_block.logs resource
aws_s3_bucket_server_side_encryption_configuration.frontend resource
aws_s3_bucket_server_side_encryption_configuration.frontend_www_redirect resource
aws_s3_bucket_server_side_encryption_configuration.logs resource
aws_s3_bucket_versioning.frontend resource
aws_s3_bucket_versioning.frontend_www_redirect resource
aws_s3_bucket_versioning.logs resource
aws_s3_bucket_website_configuration.frontend resource
aws_s3_bucket_website_configuration.frontend_www_redirect resource
aws_wafv2_web_acl.cloudfront_waf resource
random_id.project resource
aws_caller_identity.current data source
aws_route53_zone.default data source
template_file.cloudfront_frontend_viewer_request_function data source
template_file.frontend_bucket_cloudfront_read data source
template_file.frontend_bucket_enforce_tls_statement data source
template_file.frontend_bucket_policy data source
template_file.frontend_www_redirect_bucket_cloudfront_read data source
template_file.frontend_www_redirect_bucket_enforce_tls_statement data source
template_file.frontend_www_redirect_bucket_policy data source
template_file.lambda_cloudfront_invalidation_frontend_policy data source
template_file.logs_bucket_enforce_tls_statement data source
template_file.logs_bucket_log_delivery_access_statement data source
template_file.logs_bucket_policy data source
template_file.publii_s3_frontend_policy data source

Inputs

Name Description Type Default Required
cloudfront_enable_apex_to_www_redirect Enable CloudFront apex to www redirect bool true no
cloudfront_enable_ipv6 Enable IPv6 on CloudFront bool true no
cloudfront_enable_waf Enable CloudFront WAF bool true no
cloudfront_ordered_cache_behaviors List of ordered_cache_behavior objects. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#cache-behavior-arguments any [] no
cloudfront_origins List of origin objects. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#origin-arguments any [] no
cloudfront_tls_certificate_arn CloudFront TLS certificate ARN (must be created in us-east-1 region) string "" no
enable_publii_pretty_urls If you hae enabled 'Pretty URLs' in Publii, set this to true bool false no
route53_hosted_zone_options If you have a Route53 zone, the required DNS records can be created automatically. 
object({
    id                                        = string
    create_certificate_dns_validation_records = bool
    create_site_url_dns_records               = bool
  })
 
{
  "create_certificate_dns_validation_records": false,
  "create_site_url_dns_records": false,
  "id": ""
}
 no
s3_bucket_acl S3 bucket ACL string "private" no
site_url The desired site URL string n/a yes

Outputs

Name Description
aws_acm_certificate_cloudfront_frontend CloudFront frontend's ACM TLS certificate attributes
aws_cloudfront_distribution_frontend CloudFront distribution frontend attributes
aws_cloudfront_distribution_frontend_www_redirect CloudFront distribution frontend www redirect attributes
aws_cloudfront_origin_access_identity_frontend CloudFront frontend's associated origin access identity
iam_user_publii_s3_frontend IAM User attributes for Publii S3 bucket
project_name Project name. Generated from the site_url and project_random_id
project_random_id The random ID generated to ensure unique resource names
s3_bucket_frontend S3 bucket frontend attributes

About

Terraform module to host a static site generated by Publii

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 8

v1.2.2 Latest
Apr 23, 2024
+ 7 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages