This Terraform module provides the required infrastructure to host a static website on S3.
Check versions for this module on:
- Github Releases: https://github.com/cn-terraform/terraform-aws-s3-static-website/releases
- Terraform Module Registry: https://registry.terraform.io/modules/cn-terraform/s3-static-website/aws
Run this command right after cloning the repository.
pre-commit install
For that you may need to install the following tools:
In order to run all checks at any point run the following command:
pre-commit run --all-files
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | >= 3.50.0 |
| Name | Version |
|---|---|
| aws.acm_provider | 3.50.0 |
| aws.main | 3.50.0 |
| template | 2.2.0 |
No modules.
| Name | Type |
|---|---|
| aws_acm_certificate.cert | resource |
| aws_acm_certificate_validation.cert_validation | resource |
| aws_cloudfront_distribution.website | resource |
| aws_cloudfront_origin_access_identity.cf_oai | resource |
| aws_route53_record.acm_certificate_validation_records | resource |
| aws_route53_record.website_cloudfront_record | resource |
| aws_route53_record.www_website_record | resource |
| aws_route53_zone.hosted_zone | resource |
| aws_s3_bucket.log_bucket | resource |
| aws_s3_bucket.website | resource |
| aws_s3_bucket_policy.log_bucket_access_policy | resource |
| aws_s3_bucket_public_access_block.log_bucket_public_access_block | resource |
| aws_s3_bucket_public_access_block.website_bucket_public_access_block | resource |
| aws_iam_policy_document.log_bucket_access_policy | data source |
| template_file.website_bucket_policy | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| acm_certificate_arn_to_use | ACM Certificate ARN to use in case you disable automatic certificate creation. Certificate must be in us-east-1 region. | string |
"" |
no |
| aws_accounts_with_read_view_log_bucket | List of AWS accounts with read permissions to log bucket | list(string) |
[] |
no |
| cloudfront_allowed_cached_methods | (Optional) Specifies which methods are allowed and cached by CloudFront. Can be GET, PUT, POST, DELETE or HEAD. Defaults to GET and HEAD | list(string) |
[ |
no |
| cloudfront_default_root_object | (Optional) - The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. Defaults to index.html | string |
"index.html" |
no |
| cloudfront_geo_restriction_locations | (Optional) - The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist). Defaults to [] | list(string) |
[] |
no |
| cloudfront_geo_restriction_type | The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist. Defaults to none | string |
"none" |
no |
| cloudfront_http_version | (Optional) - The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2. | string |
"http2" |
no |
| cloudfront_price_class | (Optional) - The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100. Defaults to PriceClass_100 | string |
"PriceClass_100" |
no |
| cloudfront_viewer_protocol_policy | Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https. Defautls to redirect-to-https | string |
"redirect-to-https" |
no |
| cloudfront_website_retain_on_delete | (Optional) - Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. Defaults to false. | bool |
false |
no |
| cloudfront_website_wait_for_deployment | (Optional) - If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Defaults to true. | bool |
true |
no |
| comment_for_cloudfront_website | Comment for the Website CloudFront Distribution | string |
"" |
no |
| create_acm_certificate | Enable or disable automatic ACM certificate creation. If set to false, the variable acm_certificate_arn_to_use is required. Defaults to true | bool |
true |
no |
| create_route53_hosted_zone | Enable or disable Route 53 hosted zone creation. If set to false, the variable route53_hosted_zone_id is required. Defaults to true | bool |
true |
no |
| is_ipv6_enabled | (Optional) - Whether the IPv6 is enabled for the distribution. Defaults to true | bool |
true |
no |
| log_bucket_versioning_enabled | (Optional) Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. Defaults to true | bool |
true |
no |
| log_bucket_versioning_mfa_delete | (Optional) Enable MFA delete for either change the versioning state of your bucket or permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS. | bool |
false |
no |
| name_prefix | Name prefix for resources on AWS | any |
n/a | yes |
| route53_hosted_zone_id | The Route 53 hosted zone ID to use if create_route53_hosted_zone is false | string |
"" |
no |
| tags | Resource tags | map(string) |
{} |
no |
| website_bucket_acl | (Optional) The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. | string |
"private" |
no |
| website_bucket_force_destroy | (Optional, Default:false) A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | bool |
false |
no |
| website_cors_additional_allowed_origins | (Optional) Specifies which origins are allowed besides the domain name specified | list(string) |
[] |
no |
| website_cors_allowed_headers | (Optional) Specifies which headers are allowed. Defaults to Authorization and Content-Length | list(string) |
[ |
no |
| website_cors_allowed_methods | (Optional) Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD. Defaults to GET and POST | list(string) |
[ |
no |
| website_cors_expose_headers | (Optional) Specifies expose header in the response. | list(string) |
[] |
no |
| website_cors_max_age_seconds | (Optional) Specifies time in seconds that browser can cache the response for a preflight request. Defaults to 3600 | number |
3600 |
no |
| website_domain_name | The domain name to use for the website | string |
n/a | yes |
| website_error_document | (Optional) An absolute path to the document to return in case of a 4XX error. Defaults to 404.html | string |
"404.html" |
no |
| website_index_document | Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders. Defaults to index.html | string |
"index.html" |
no |
| website_versioning_enabled | (Optional) Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. Defaults to true | bool |
true |
no |
| website_versioning_mfa_delete | (Optional) Enable MFA delete for either change the versioning state of your bucket or permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS. | bool |
false |
no |
| www_website_bucket_acl | (Optional) The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. | string |
"private" |
no |
| www_website_bucket_force_destroy | (Optional, Default:false) A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | bool |
false |
no |
| www_website_versioning_enabled | (Optional) Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. Defaults to true | bool |
true |
no |
| www_website_versioning_mfa_delete | (Optional) Enable MFA delete for either change the versioning state of your bucket or permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS. | bool |
false |
no |
| Name | Description |
|---|---|
| acm_certificate_arn | The ARN of the certificate |
| acm_certificate_domain_name | The domain name for which the certificate is issued |
| acm_certificate_domain_validation_options | Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g. if SANs are defined. |
| acm_certificate_id | The ARN of the certificate |
| acm_certificate_status | Status of the certificate. |
| acm_certificate_tags_all | A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block. |
| cert_validation_certificate_arn | The ARN of the certificate that is being validated. |
| cert_validation_id | The time at which the certificate was issued |
| cert_validation_validation_record_fqdns | List of FQDNs that implement the validation. |
| cloudfront_website_arn | The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID. |
| cloudfront_website_caller_reference | Internal value used by CloudFront to allow future updates to the distribution configuration. |
| cloudfront_website_domain_name | The domain name corresponding to the distribution. For example: d604721fxaaqy9.cloudfront.net. |
| cloudfront_website_etag | The current version of the distribution's information. For example: E2QWRUHAPOMQZL. |
| cloudfront_website_hosted_zone_id | The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2. |
| cloudfront_website_id | The identifier for the distribution. For example: EDFDVBD632BHDS5. |
| cloudfront_website_in_progress_validation_batches | The number of invalidation batches currently in progress. |
| cloudfront_website_last_modified_time | The date and time the distribution was last modified. |
| cloudfront_website_status | The current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system. |
| cloudfront_website_tags_all | A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block. |
| cloudfront_website_trusted_key_groups | List of nested attributes for active trusted key groups, if the distribution is set up to serve private content with signed URLs |
| cloudfront_website_trusted_signers | List of nested attributes for active trusted signers, if the distribution is set up to serve private content with signed URLs |
| hosted_zone_id | The Hosted Zone ID. This can be referenced by zone records. |
| hosted_zone_name_servers | A list of name servers in the associated (or default) delegation set. Find more about delegation sets in AWS docs. |
| hosted_zone_tags_all | A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block. |
| route_53_record_website_fqdn | FQDN built using the zone domain and name. |
| route_53_record_website_name | The name of the record. |
| route_53_record_www_website_fqdn | FQDN built using the zone domain and name. |
| route_53_record_www_website_name | The name of the record. |
| website_bucket_arn | The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. |
| website_bucket_domain_name | The bucket domain name. Will be of format bucketname.s3.amazonaws.com. |
| website_bucket_hosted_zone_id | The Route 53 Hosted Zone ID for this bucket's region. |
| website_bucket_id | The name of the bucket. |
| website_bucket_region | The AWS region this bucket resides in. |
| website_bucket_regional_domain_name | The bucket region-specific domain name. The bucket domain name including the region name, please refer to https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoints when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL. |
| website_bucket_tags_all | A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block. |
| website_bucket_website_domain | The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records. |
| website_bucket_website_endpoint | The website endpoint, if the bucket is configured with a website. If not, this will be an empty string. |