🎉 Initial commit

Author: nwmqpa

README.md

@@ -1,2 +1,23 @@
 # terraform-aws-react_app
+
 Terraform private module for installing a React App using S3, CloudFront, and Route53
+
+## Module Installation
+
+### Setting up a provider and registering the module
+
+This is outside the scope of this README. For more information, go visit [the relevant documentation](https://www.terraform.io/docs/cloud/registry/publish.html)
+
+### Using the module
+
+In your terraform configuration, you can then use the module this way
+
+```hcl
+module "react_app" {
+  source  = "app.terraform.io/YOUR_ORGANIZATION/react_app/aws"
+  version = "1.0.0"
+  # insert required variables here
+}
+```
+
+And use outputs value as you would with a normal terraform resource

main.tf

@@ -0,0 +1,155 @@
+provider "aws" {
+  alias  = "us_east_1"
+  region = "us-east-1"
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "${var.bucket_name_prefix}-app"
+  acl    = "public-read"
+
+  policy = <<EOF
+{
+  "Id": "${var.bucket_name_prefix}-app",
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "${var.bucket_name_prefix}-app-main",
+      "Action": [
+        "s3:GetObject"
+      ],
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::${var.bucket_name_prefix}-app/*",
+      "Principal": "*"
+    }
+  ]
+}
+EOF
+
+  website {
+    index_document = "index.html"
+    error_document = "index.html"
+  }
+
+  force_destroy = true
+}
+
+locals {
+  s3_origin_id = "${var.bucket_name_prefix}-origin"
+}
+
+resource "aws_cloudfront_origin_access_identity" "this" {
+  comment = "S3 Bucket Origin"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+
+    s3_origin_config {
+      origin_access_identity = aws_cloudfront_origin_access_identity.this.cloudfront_access_identity_path
+    }
+  }
+
+  enabled             = true
+  is_ipv6_enabled     = true
+  default_root_object = "index.html"
+
+  aliases = concat(
+    ["${var.service_name}.${var.zone}"],
+    var.aliases
+  )
+
+  default_cache_behavior {
+    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "redirect-to-https"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+
+  price_class = "PriceClass_200"
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+
+  custom_error_response {
+    error_caching_min_ttl = 10
+    error_code            = 404
+    response_code         = 200
+    response_page_path    = "/index.html"
+  }
+
+  viewer_certificate {
+    acm_certificate_arn = aws_acm_certificate_validation.this.certificate_arn
+    ssl_support_method  = "sni-only"
+  }
+}
+
+resource "aws_acm_certificate" "this" {
+  provider                  = aws.us_east_1
+  domain_name               = "${var.service_name}.${var.zone}"
+  validation_method         = "DNS"
+  subject_alternative_names = var.aliases
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+data "aws_route53_zone" "this" {
+  name         = var.zone
+  private_zone = false
+}
+
+resource "aws_route53_record" "certificate_validation" {
+  for_each = {
+    for dvo in aws_acm_certificate.this.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    }
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 60
+  type            = each.value.type
+  zone_id         = data.aws_route53_zone.this.zone_id
+}
+
+resource "aws_acm_certificate_validation" "this" {
+  provider                = aws.us_east_1
+  certificate_arn         = aws_acm_certificate.this.arn
+  validation_record_fqdns = [for record in aws_route53_record.certificate_validation : record.fqdn]
+}
+
+resource "aws_route53_record" "this" {
+  for_each = toset(concat(["${var.service_name}.${var.zone}"], var.aliases))
+
+  zone_id         = data.aws_route53_zone.this.zone_id
+  name            = each.value
+  type            = "A"
+  allow_overwrite = true
+
+  alias {
+    name                   = aws_cloudfront_distribution.this.domain_name
+    zone_id                = aws_cloudfront_distribution.this.hosted_zone_id
+    evaluate_target_health = false
+  }
+}

outputs.tf

@@ -0,0 +1,11 @@
+output "domain" {
+  value = aws_s3_bucket.this.website_domain
+}
+
+output "endpoint" {
+  value = aws_s3_bucket.this.website_endpoint
+}
+
+output "bucket" {
+  value = aws_s3_bucket.this.bucket
+}

variables.tf

@@ -0,0 +1,21 @@
+
+variable "bucket_name_prefix" {
+  type        = string
+  description = "Prefix of the bucket used to store the react files"
+}
+
+variable "service_name" {
+  type        = string
+  description = "Name of the service prefixed to the zone to form the base URl"
+}
+
+variable "zone" {
+  type        = string
+  description = "Name of the zone appended to the service name to form the base URL"
+}
+
+variable "aliases" {
+  default     = []
+  type        = list(string)
+  description = "List of aliases in the zone to access the react app with"
+}