shockrah/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Moving remaining s3 configuration to its own folder

Browse Source
This commit is contained in:
shockrah 2023-10-05 22:43:35 -07:00
parent 9bd6cbd3e3
commit da379f20cb
9 changed files with 50 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
infra/Makefile
View File

@ -1,24 +0,0 @@
plan=out.plan
SHELL := /bin/bash
$(plan): *.tf
source secrets/set-env.sh && terraform plan -input=false -out $(plan)
push: build
source secrets/set-env.sh && terraform apply $(plan)
refresh:
source secrets/set-env.sh && terraform apply -refresh-only
test:
terraform validate
rip:
source secrets/set-env.sh && terraform destroy
clean:
rm -f $(plan)
.PHONY: test build clean push rip

12
infra/data.tf
View File

@ -1,12 +0,0 @@
data "aws_vpc" "athens" {
id = var.vpc_id
}
data "aws_subnet" "delphi" {
id = "subnet-0a1943f26e4338cf6"
}
data "aws_subnet" "crete" {
id = "subnet-09302319a6678643f"
}

13
infra/local.tf
View File

@ -1,13 +0,0 @@
locals {
# ECR
repos = [
"reverse-proxy",
]
buckets = [
"shockrah.xyz",
"resume.shockrah.xyz"
]
nginx_name = "${var.athens_prefix}-nginx-static-content"
nginx_hp_check_interval = 300
}

24
infra/s3/Makefile Normal file
View File

@ -0,0 +1,24 @@
plan=out.plan
SHELL := /bin/bash
$(plan): *.tf
source ../secrets/set-env.sh && terraform plan -input=false -out $(plan)
push: build
source ../secrets/set-env.sh && terraform apply $(plan)
refresh:
source ../secrets/set-env.sh && terraform apply -refresh-only
test:
terraform validate
rip:
source ../secrets/set-env.sh && terraform destroy
clean:
rm -f $(plan)
.PHONY: test build clean push rip

2
infra/backend.tf → infra/s3/backend.tf
View File

@ -2,7 +2,7 @@ terraform {
required_version = ">= 0.13" required_version = ">= 0.13"
backend "s3" { backend "s3" {
bucket = "project-athens" bucket = "project-athens"
key = "infra/state/build.tfstate" key = "infra/s3/state/build.tfstate"
region = "us-west-1" region = "us-west-1"
encrypt = true encrypt = true
} }

0
infra/input-vars.tf → infra/s3/input-vars.tf
View File

7
infra/s3/local.tf Normal file
View File

@ -0,0 +1,7 @@
locals {
buckets = [
"shockrah.xyz",
"resume.shockrah.xyz"
]
}

17
infra/s3/s3.tf Normal file
View File

@ -0,0 +1,17 @@
resource "aws_s3_bucket" "static-content" {
for_each = {
for idx, record in local.buckets:
idx => record
}
bucket = each.value
tags = {
Name = each.value
Description = "Static content"
}
}

17
infra/s3.tf → infra/s3/website-config.tf
View File

@ -1,17 +1,3 @@
resource "aws_s3_bucket" "static-content" {
for_each = {
for idx, record in local.buckets:
idx => record
}
bucket = each.value
tags = {
Name = each.value
Description = "Static content"
}
}
################################################################## ##################################################################
# Below are the acl components for each bucket to make them public # Below are the acl components for each bucket to make them public
################################################################## ##################################################################
@ -42,8 +28,6 @@ resource "aws_s3_bucket_public_access_block" "site" {
ignore_public_acls = false ignore_public_acls = false
restrict_public_buckets = false restrict_public_buckets = false
} }
# Set a policy on the bucket to allow reads from anywhere # Set a policy on the bucket to allow reads from anywhere
resource "aws_s3_bucket_policy" "site" { resource "aws_s3_bucket_policy" "site" {
for_each = toset(local.buckets) for_each = toset(local.buckets)
@ -66,3 +50,4 @@ resource "aws_s3_bucket_policy" "site" {
} }