infra: change s3 bucket name per compatibility issues

author: clarkzjw <[email protected]> 2022-12-11 16:28:25 -0800
committer: clarkzjw <[email protected]> 2022-12-11 16:28:25 -0800
commit: eb52fbed996d90ca43391336f0dbbb89f5743eef (patch)
tree: 1df284118040c7ee768d30acfac74a9ca0a85892
parent: 90564c7d34006223bf2874b729a9af6e1c87c542 (diff)
download: jinwei.me-eb52fbed996d90ca43391336f0dbbb89f5743eef.tar.gz
3 files changed, 17 insertions, 16 deletions
diff --git a/jinwei.me/infra/cloudfront.tf b/jinwei.me/infra/cloudfront.tf
index 2566584..607cb29 100644
--- a/jinwei.me/infra/cloudfront.tf
+++ b/jinwei.me/infra/cloudfront.tf
@@ -8,7 +8,7 @@ resource "aws_cloudfront_distribution" "main" {
  wait_for_deployment = false
  default_cache_behavior {
-    target_origin_id = aws_s3_bucket.main.bucket_regional_domain_name
+    target_origin_id = aws_s3_bucket.static.bucket_regional_domain_name
    compress                 = true
    viewer_protocol_policy   = "redirect-to-https"
@@ -19,8 +19,8 @@ resource "aws_cloudfront_distribution" "main" {
  }
  origin {
-    origin_id                = aws_s3_bucket.main.bucket_regional_domain_name
+    origin_id                = aws_s3_bucket.static.bucket_regional_domain_name
-    domain_name              = aws_s3_bucket.main.bucket_regional_domain_name
+    domain_name              = aws_s3_bucket.static.bucket_regional_domain_name
    origin_access_control_id = aws_cloudfront_origin_access_control.main.id
  }
diff --git a/jinwei.me/infra/outputs.tf b/jinwei.me/infra/outputs.tf
index 08d8d73..1e58892 100644
--- a/jinwei.me/infra/outputs.tf
+++ b/jinwei.me/infra/outputs.tf
@@ -31,8 +31,7 @@ output "instance" {
 output "s3" {
  description = "S3 bucket for wordpress"
  value = {
-    bucket_domain_name = aws_s3_bucket.main.bucket_regional_domain_name
+    bucket_domain_name = aws_s3_bucket.static.bucket_regional_domain_name
-    policy             = aws_s3_bucket_policy.main.policy
  }
 }
diff --git a/jinwei.me/infra/s3.tf b/jinwei.me/infra/s3.tf
index 49f8e10..6c39e4c 100644
--- a/jinwei.me/infra/s3.tf
+++ b/jinwei.me/infra/s3.tf
@@ -2,12 +2,13 @@ resource "random_id" "s3_bucket_suffix" {
  byte_length = 4
 }
-resource "aws_s3_bucket" "main" {
+resource "aws_s3_bucket" "static" {
-  bucket = "static.jinwei.me"
+  # https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html#:~:text=For%20best%20compatibility,in%20their%20names
+  bucket = "${var.name}-${random_id.s3_bucket_suffix.hex}"
 }
-resource "aws_s3_bucket_public_access_block" "main" {
+resource "aws_s3_bucket_public_access_block" "static" {
-  bucket = aws_s3_bucket.main.id
+  bucket = aws_s3_bucket.static.id
  # https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html
  block_public_acls       = false
@@ -16,12 +17,13 @@ resource "aws_s3_bucket_public_access_block" "main" {
  restrict_public_buckets = true
 }
-resource "aws_s3_bucket_policy" "main" {
+resource "aws_s3_bucket_policy" "static" {
-  bucket = aws_s3_bucket.main.id
+  bucket = aws_s3_bucket.static.id
-  policy = data.aws_iam_policy_document.bucket_policy.json
+  policy = data.aws_iam_policy_document.static_bucket_policy.json
 }
-data "aws_iam_policy_document" "bucket_policy" {
+data "aws_iam_policy_document" "static_bucket_policy" {
  # Allow Cloudfront to read from the bucket
  statement {
    principals {
@@ -34,7 +36,7 @@ data "aws_iam_policy_document" "bucket_policy" {
      "s3:GetObject"
    ]
    resources = [
-      "${aws_s3_bucket.main.arn}/*",
+      "${aws_s3_bucket.static.arn}/*",
    ]
    condition {
      test     = "StringEquals"
@@ -44,8 +46,8 @@ data "aws_iam_policy_document" "bucket_policy" {
  }
 }
-resource "aws_s3_object" "healthcheck" {
+resource "aws_s3_object" "check" {
-  bucket       = aws_s3_bucket.main.id
+  bucket       = aws_s3_bucket.static.id
  key          = "healthcheck"
  content      = "OK"
  content_type = "text/plain"
author	clarkzjw <[email protected]>	2022-12-11 16:28:25 -0800
committer	clarkzjw <[email protected]>	2022-12-11 16:28:25 -0800
commit	eb52fbed996d90ca43391336f0dbbb89f5743eef (patch)
tree	1df284118040c7ee768d30acfac74a9ca0a85892
parent	90564c7d34006223bf2874b729a9af6e1c87c542 (diff)
download	jinwei.me-eb52fbed996d90ca43391336f0dbbb89f5743eef.tar.gz

diff --git a/jinwei.me/infra/cloudfront.tf b/jinwei.me/infra/cloudfront.tf index 2566584..607cb29 100644 --- a/jinwei.me/infra/cloudfront.tf +++ b/jinwei.me/infra/cloudfront.tf
@@ -8,7 +8,7 @@ resource "aws_cloudfront_distribution" "main" {
8	wait_for_deployment = false	8	wait_for_deployment = false
9		9
10	default_cache_behavior {	10	default_cache_behavior {
11	target_origin_id = aws_s3_bucket.main.bucket_regional_domain_name	11	target_origin_id = aws_s3_bucket.static.bucket_regional_domain_name
12		12
13	compress = true	13	compress = true
14	viewer_protocol_policy = "redirect-to-https"	14	viewer_protocol_policy = "redirect-to-https"
@@ -19,8 +19,8 @@ resource "aws_cloudfront_distribution" "main" {
19	}	19	}
20		20
21	origin {	21	origin {
22	origin_id = aws_s3_bucket.main.bucket_regional_domain_name	22	origin_id = aws_s3_bucket.static.bucket_regional_domain_name
23	domain_name = aws_s3_bucket.main.bucket_regional_domain_name	23	domain_name = aws_s3_bucket.static.bucket_regional_domain_name
24	origin_access_control_id = aws_cloudfront_origin_access_control.main.id	24	origin_access_control_id = aws_cloudfront_origin_access_control.main.id
25	}	25	}
26		26


diff --git a/jinwei.me/infra/outputs.tf b/jinwei.me/infra/outputs.tf index 08d8d73..1e58892 100644 --- a/jinwei.me/infra/outputs.tf +++ b/jinwei.me/infra/outputs.tf
@@ -31,8 +31,7 @@ output "instance" {
31	output "s3" {	31	output "s3" {
32	description = "S3 bucket for wordpress"	32	description = "S3 bucket for wordpress"
33	value = {	33	value = {
34	bucket_domain_name = aws_s3_bucket.main.bucket_regional_domain_name	34	bucket_domain_name = aws_s3_bucket.static.bucket_regional_domain_name
35	policy = aws_s3_bucket_policy.main.policy
36	}	35	}
37	}	36	}
38		37


diff --git a/jinwei.me/infra/s3.tf b/jinwei.me/infra/s3.tf index 49f8e10..6c39e4c 100644 --- a/jinwei.me/infra/s3.tf +++ b/jinwei.me/infra/s3.tf
@@ -2,12 +2,13 @@ resource "random_id" "s3_bucket_suffix" {
2	byte_length = 4	2	byte_length = 4
3	}	3	}
4		4
5	resource "aws_s3_bucket" "main" {	5	resource "aws_s3_bucket" "static" {
6	bucket = "static.jinwei.me"	6	# https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html#:~:text=For%20best%20compatibility,in%20their%20names
		7	bucket = "${var.name}-${random_id.s3_bucket_suffix.hex}"
7	}	8	}
8		9
9	resource "aws_s3_bucket_public_access_block" "main" {	10	resource "aws_s3_bucket_public_access_block" "static" {
10	bucket = aws_s3_bucket.main.id	11	bucket = aws_s3_bucket.static.id
11		12
12	# https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html	13	# https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html
13	block_public_acls = false	14	block_public_acls = false
@@ -16,12 +17,13 @@ resource "aws_s3_bucket_public_access_block" "main" {
16	restrict_public_buckets = true	17	restrict_public_buckets = true
17	}	18	}
18		19
19	resource "aws_s3_bucket_policy" "main" {	20	resource "aws_s3_bucket_policy" "static" {
20	bucket = aws_s3_bucket.main.id	21	bucket = aws_s3_bucket.static.id
21	policy = data.aws_iam_policy_document.bucket_policy.json	22	policy = data.aws_iam_policy_document.static_bucket_policy.json
22	}	23	}
23		24
24	data "aws_iam_policy_document" "bucket_policy" {	25
		26	data "aws_iam_policy_document" "static_bucket_policy" {
25	# Allow Cloudfront to read from the bucket	27	# Allow Cloudfront to read from the bucket
26	statement {	28	statement {
27	principals {	29	principals {
@@ -34,7 +36,7 @@ data "aws_iam_policy_document" "bucket_policy" {
34	"s3:GetObject"	36	"s3:GetObject"
35	]	37	]
36	resources = [	38	resources = [
37	"${aws_s3_bucket.main.arn}/*",	39	"${aws_s3_bucket.static.arn}/*",
38	]	40	]
39	condition {	41	condition {
40	test = "StringEquals"	42	test = "StringEquals"
@@ -44,8 +46,8 @@ data "aws_iam_policy_document" "bucket_policy" {
44	}	46	}
45	}	47	}
46		48
47	resource "aws_s3_object" "healthcheck" {	49	resource "aws_s3_object" "check" {
48	bucket = aws_s3_bucket.main.id	50	bucket = aws_s3_bucket.static.id
49	key = "healthcheck"	51	key = "healthcheck"
50	content = "OK"	52	content = "OK"
51	content_type = "text/plain"	53	content_type = "text/plain"