From eb52fbed996d90ca43391336f0dbbb89f5743eef Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Sun, 11 Dec 2022 16:28:25 -0800 Subject: infra: change s3 bucket name per compatibility issues --- jinwei.me/infra/cloudfront.tf | 6 +++--- jinwei.me/infra/outputs.tf | 3 +-- jinwei.me/infra/s3.tf | 24 +++++++++++++----------- 3 files changed, 17 insertions(+), 16 deletions(-) diff --git a/jinwei.me/infra/cloudfront.tf b/jinwei.me/infra/cloudfront.tf index 2566584..607cb29 100644 --- a/jinwei.me/infra/cloudfront.tf +++ b/jinwei.me/infra/cloudfront.tf @@ -8,7 +8,7 @@ resource "aws_cloudfront_distribution" "main" { wait_for_deployment = false default_cache_behavior { - target_origin_id = aws_s3_bucket.main.bucket_regional_domain_name + target_origin_id = aws_s3_bucket.static.bucket_regional_domain_name compress = true viewer_protocol_policy = "redirect-to-https" @@ -19,8 +19,8 @@ resource "aws_cloudfront_distribution" "main" { } origin { - origin_id = aws_s3_bucket.main.bucket_regional_domain_name - domain_name = aws_s3_bucket.main.bucket_regional_domain_name + origin_id = aws_s3_bucket.static.bucket_regional_domain_name + domain_name = aws_s3_bucket.static.bucket_regional_domain_name origin_access_control_id = aws_cloudfront_origin_access_control.main.id } diff --git a/jinwei.me/infra/outputs.tf b/jinwei.me/infra/outputs.tf index 08d8d73..1e58892 100644 --- a/jinwei.me/infra/outputs.tf +++ b/jinwei.me/infra/outputs.tf @@ -31,8 +31,7 @@ output "instance" { output "s3" { description = "S3 bucket for wordpress" value = { - bucket_domain_name = aws_s3_bucket.main.bucket_regional_domain_name - policy = aws_s3_bucket_policy.main.policy + bucket_domain_name = aws_s3_bucket.static.bucket_regional_domain_name } } diff --git a/jinwei.me/infra/s3.tf b/jinwei.me/infra/s3.tf index 49f8e10..6c39e4c 100644 --- a/jinwei.me/infra/s3.tf +++ b/jinwei.me/infra/s3.tf @@ -2,12 +2,13 @@ resource "random_id" "s3_bucket_suffix" { byte_length = 4 } -resource "aws_s3_bucket" "main" { - bucket = "static.jinwei.me" +resource "aws_s3_bucket" "static" { + # https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html#:~:text=For%20best%20compatibility,in%20their%20names + bucket = "${var.name}-${random_id.s3_bucket_suffix.hex}" } -resource "aws_s3_bucket_public_access_block" "main" { - bucket = aws_s3_bucket.main.id +resource "aws_s3_bucket_public_access_block" "static" { + bucket = aws_s3_bucket.static.id # https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html block_public_acls = false @@ -16,12 +17,13 @@ resource "aws_s3_bucket_public_access_block" "main" { restrict_public_buckets = true } -resource "aws_s3_bucket_policy" "main" { - bucket = aws_s3_bucket.main.id - policy = data.aws_iam_policy_document.bucket_policy.json +resource "aws_s3_bucket_policy" "static" { + bucket = aws_s3_bucket.static.id + policy = data.aws_iam_policy_document.static_bucket_policy.json } -data "aws_iam_policy_document" "bucket_policy" { + +data "aws_iam_policy_document" "static_bucket_policy" { # Allow Cloudfront to read from the bucket statement { principals { @@ -34,7 +36,7 @@ data "aws_iam_policy_document" "bucket_policy" { "s3:GetObject" ] resources = [ - "${aws_s3_bucket.main.arn}/*", + "${aws_s3_bucket.static.arn}/*", ] condition { test = "StringEquals" @@ -44,8 +46,8 @@ data "aws_iam_policy_document" "bucket_policy" { } } -resource "aws_s3_object" "healthcheck" { - bucket = aws_s3_bucket.main.id +resource "aws_s3_object" "check" { + bucket = aws_s3_bucket.static.id key = "healthcheck" content = "OK" content_type = "text/plain" -- cgit v1.2.3