1 files changed, 13 insertions, 11 deletions
diff --git a/jinwei.me/infra/s3.tf b/jinwei.me/infra/s3.tf
index 49f8e10..6c39e4c 100644
--- a/jinwei.me/infra/s3.tf
+++ b/jinwei.me/infra/s3.tf
@@ -2,12 +2,13 @@ resource "random_id" "s3_bucket_suffix" {
  byte_length = 4
 }
-resource "aws_s3_bucket" "main" {
+resource "aws_s3_bucket" "static" {
-  bucket = "static.jinwei.me"
+  # https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html#:~:text=For%20best%20compatibility,in%20their%20names
+  bucket = "${var.name}-${random_id.s3_bucket_suffix.hex}"
 }
-resource "aws_s3_bucket_public_access_block" "main" {
+resource "aws_s3_bucket_public_access_block" "static" {
-  bucket = aws_s3_bucket.main.id
+  bucket = aws_s3_bucket.static.id
  # https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html
  block_public_acls       = false
@@ -16,12 +17,13 @@ resource "aws_s3_bucket_public_access_block" "main" {
  restrict_public_buckets = true
 }
-resource "aws_s3_bucket_policy" "main" {
+resource "aws_s3_bucket_policy" "static" {
-  bucket = aws_s3_bucket.main.id
+  bucket = aws_s3_bucket.static.id
-  policy = data.aws_iam_policy_document.bucket_policy.json
+  policy = data.aws_iam_policy_document.static_bucket_policy.json
 }
-data "aws_iam_policy_document" "bucket_policy" {
+data "aws_iam_policy_document" "static_bucket_policy" {
  # Allow Cloudfront to read from the bucket
  statement {
    principals {
@@ -34,7 +36,7 @@ data "aws_iam_policy_document" "bucket_policy" {
      "s3:GetObject"
    ]
    resources = [
-      "${aws_s3_bucket.main.arn}/*",
+      "${aws_s3_bucket.static.arn}/*",
    ]
    condition {
      test     = "StringEquals"
@@ -44,8 +46,8 @@ data "aws_iam_policy_document" "bucket_policy" {
  }
 }
-resource "aws_s3_object" "healthcheck" {
+resource "aws_s3_object" "check" {
-  bucket       = aws_s3_bucket.main.id
+  bucket       = aws_s3_bucket.static.id
  key          = "healthcheck"
  content      = "OK"
  content_type = "text/plain"

diff --git a/jinwei.me/infra/s3.tf b/jinwei.me/infra/s3.tf index 49f8e10..6c39e4c 100644 --- a/jinwei.me/infra/s3.tf +++ b/jinwei.me/infra/s3.tf
@@ -2,12 +2,13 @@ resource "random_id" "s3_bucket_suffix" {
2	byte_length = 4	2	byte_length = 4
3	}	3	}
4		4
5	resource "aws_s3_bucket" "main" {	5	resource "aws_s3_bucket" "static" {
6	bucket = "static.jinwei.me"	6	# https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html#:~:text=For%20best%20compatibility,in%20their%20names
		7	bucket = "${var.name}-${random_id.s3_bucket_suffix.hex}"
7	}	8	}
8		9
9	resource "aws_s3_bucket_public_access_block" "main" {	10	resource "aws_s3_bucket_public_access_block" "static" {
10	bucket = aws_s3_bucket.main.id	11	bucket = aws_s3_bucket.static.id
11		12
12	# https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html	13	# https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html
13	block_public_acls = false	14	block_public_acls = false
@@ -16,12 +17,13 @@ resource "aws_s3_bucket_public_access_block" "main" {
16	restrict_public_buckets = true	17	restrict_public_buckets = true
17	}	18	}
18		19
19	resource "aws_s3_bucket_policy" "main" {	20	resource "aws_s3_bucket_policy" "static" {
20	bucket = aws_s3_bucket.main.id	21	bucket = aws_s3_bucket.static.id
21	policy = data.aws_iam_policy_document.bucket_policy.json	22	policy = data.aws_iam_policy_document.static_bucket_policy.json
22	}	23	}
23		24
24	data "aws_iam_policy_document" "bucket_policy" {	25
		26	data "aws_iam_policy_document" "static_bucket_policy" {
25	# Allow Cloudfront to read from the bucket	27	# Allow Cloudfront to read from the bucket
26	statement {	28	statement {
27	principals {	29	principals {
@@ -34,7 +36,7 @@ data "aws_iam_policy_document" "bucket_policy" {
34	"s3:GetObject"	36	"s3:GetObject"
35	]	37	]
36	resources = [	38	resources = [
37	"${aws_s3_bucket.main.arn}/*",	39	"${aws_s3_bucket.static.arn}/*",
38	]	40	]
39	condition {	41	condition {
40	test = "StringEquals"	42	test = "StringEquals"
@@ -44,8 +46,8 @@ data "aws_iam_policy_document" "bucket_policy" {
44	}	46	}
45	}	47	}
46		48
47	resource "aws_s3_object" "healthcheck" {	49	resource "aws_s3_object" "check" {
48	bucket = aws_s3_bucket.main.id	50	bucket = aws_s3_bucket.static.id
49	key = "healthcheck"	51	key = "healthcheck"
50	content = "OK"	52	content = "OK"
51	content_type = "text/plain"	53	content_type = "text/plain"