New website bucket

2023-10-01 19:17:38 -07:00 · 2023-10-01 19:17:38 -07:00 · 8bc18dcf99
commit 8bc18dcf99
parent 8f6175c0d2
2 changed files with 63 additions and 0 deletions
--- a/infra/readme
+++ b/infra/readme
@ -0,0 +1,7 @@
+Resources Defined Here
+
+* Route53 Zone
+* ACM Certificate
+* S3 bucket for website & Terraform state
+
+
--- a/infra/s3.tf
+++ b/infra/s3.tf
@ -0,0 +1,56 @@
+resource "aws_s3_bucket" "website" {
+  bucket = "temper.tv"
+
+  tags = {
+    Name = "temper.tv"
+    Description = "Static content for temper.tv"
+  }
+}
+
+###############################################################
+# Below are the acl components for the bucket to make it public
+###############################################################
+
+# Enables website configuration
+resource "aws_s3_bucket_website_configuration" "site" {
+  bucket = aws_s3_bucket.website.bucket
+  index_document {
+    suffix = "index.html"
+  }
+
+  error_document {
+    key = "404.html"
+  }
+}
+
+# Set block public access to false
+resource "aws_s3_bucket_public_access_block" "site" {
+  bucket = aws_s3_bucket.website.bucket
+
+  block_public_acls   = false
+  block_public_policy = false
+  ignore_public_acls  = false
+  restrict_public_buckets = false
+}
+
+
+# Set a policy on the bucket to allow reads from anywhere
+resource "aws_s3_bucket_policy" "site" {
+  bucket = aws_s3_bucket.website.bucket
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Sid = "PublicReadGetObject"
+        Effect = "Allow"
+        Principal = "*"
+        Action = "s3:GetObject"
+        Resource = [
+          "arn:aws:s3:::${aws_s3_bucket.website.bucket}",
+          "arn:aws:s3:::${aws_s3_bucket.website.bucket}/*",
+        ]
+      }
+    ]
+  })
+}
+