iporaitech.com/terraform/main.tf at main · hisapy/iporaitech.com · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# AWS infra for iporaitech.com static website (CloudFront+S3)

provider "aws" {
  region = var.aws_region

  default_tags {
    tags = {
      Project     = var.project
      Environment = var.env
    }
  }
}

resource "aws_route53_zone" "this" {
  name    = var.root_domain
  comment = "Hosted zone for ${var.project}"

  lifecycle {
    prevent_destroy = true
  }
}

module "dns_cert" {
  source = "git::https://github.com/hisapy/terraform-aws-acm-route53-cert.git?ref=v0.0.1"

  route53_zone_id = aws_route53_zone.this.zone_id
  root_domain     = var.root_domain
  subdomains      = ["www"]
}

resource "aws_cloudfront_function" "request_handler" {
  name    = "static_web_request_handler"
  runtime = "cloudfront-js-2.0"
  comment = "Redirect root domain requests to www and handle /es requests"
  code    = file("${path.module}/cdn_request_handler.js")
}

module "static_website" {
  source = "git::https://github.com/hisapy/terraform-aws-cloudfront-s3-hosting.git?ref=v0.0.4"

  project = var.project
  env     = var.env

  cdn_aliases     = module.dns_cert.names
  acm_cert_arn    = module.dns_cert.acm_cert_arn
  route53_zone_id = aws_route53_zone.this.zone_id

  function_association = [{
    event_type   = "viewer-request"
    function_arn = aws_cloudfront_function.request_handler.arn
  }]
}

## Route53 records
### MX
resource "aws_route53_record" "mx" {
  zone_id = aws_route53_zone.this.zone_id
  name    = var.root_domain
  type    = "MX"
  records = var.dns_mx_records
  ttl     = var.dns_mx_ttl
}

### Google Site Verification and SPF (Sender Policy Framework)
### NOTICE this is how to create records with the same name
resource "aws_route53_record" "gsv_spf" {
  zone_id = aws_route53_zone.this.zone_id
  name    = ""
  type    = "TXT"
  ttl     = 300
  records = [
    var.dns_google_site_verification_txt,
    var.dns_spf_txt
  ]
}

## DKIM (DomainKeys Identified Mail)
locals {
  // A string in a TXT record can be up to 255 characters long
  // To address this constraint, split into 255-character chunks
  dns_dkim_chunks = [
    for i in range(0, length(var.dns_dkim_txt), 255) :
    substr(var.dns_dkim_txt, i, 255)
  ]
  // Join the chunks using the string delimiter \"\"
  dns_dkim_txt_split = join("\"\"", [for chunk in local.dns_dkim_chunks : chunk])
}
resource "aws_route53_record" "dkim" {
  zone_id = aws_route53_zone.this.zone_id
  name    = "${var.dns_dkim_selector}._domainkey.${var.root_domain}"
  type    = "TXT"
  records = [local.dns_dkim_txt_split]
  ttl     = var.dns_dkim_ttl
}