Add support for website config on origin (#61)

dmattia · aknysh · commit 2ec1ef6ceb2b · 2020-01-14T22:33:34.000-05:00
This code is heavily inspired by https://github.com/cloudposse/terraform-aws-s3-website This is in response to #14
diff --git a/README.md b/README.md
@@ -163,13 +163,15 @@ Available targets:
 | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no |
 | enabled | Select Enabled if you want CloudFront to begin processing requests as soon as the distribution is created, or select Disabled if you do not want CloudFront to begin processing requests after the distribution is created. | bool | `true` | no |
 | encryption_enabled | When set to 'true' the resource will have aes256 encryption enabled by default | bool | `false` | no |
+| error_document | An absolute path to the document to return in case of a 4XX error | string | `` | no |
 | extra_logs_attributes | Additional attributes to put onto the log bucket label | list(string) | `<list>` | no |
 | extra_origin_attributes | Additional attributes to put onto the origin label | list(string) | `<list>` | no |
 | forward_cookies | Time in seconds that browser can cache the response for S3 bucket | string | `none` | no |
 | forward_header_values | A list of whitelisted header values to forward to the origin | list(string) | `<list>` | no |
 | forward_query_string | Forward query strings to the origin that is associated with this cache behavior | bool | `false` | no |
 | geo_restriction_locations | List of country codes for which  CloudFront either to distribute content (whitelist) or not distribute your content (blacklist) | list(string) | `<list>` | no |
 | geo_restriction_type | Method that use to restrict distribution of your content by country: `none`, `whitelist`, or `blacklist` | string | `none` | no |
+| index_document | Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders | string | `` | no |
 | is_ipv6_enabled | State of CloudFront IPv6 | bool | `true` | no |
 | lambda_function_association | A config block that triggers a lambda function with specific actions | object | `<list>` | no |
 | log_expiration_days | Number of days after which to expunge the objects | string | `90` | no |
@@ -189,6 +191,8 @@ Available targets:
 | parent_zone_id | ID of the hosted zone to contain this record  (or specify `parent_zone_name`) | string | `` | no |
 | parent_zone_name | Name of the hosted zone to contain this record (or specify `parent_zone_id`) | string | `` | no |
 | price_class | Price class for this distribution: `PriceClass_All`, `PriceClass_200`, `PriceClass_100` | string | `PriceClass_100` | no |
+| redirect_all_requests_to | A hostname to redirect all website requests for this distribution to. If this is set, it overrides other website settings | string | `` | no |
+| routing_rules | A json array containing routing rules describing redirect behavior and when redirects are applied | string | `` | no |
 | stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no |
 | static_s3_bucket | aws-cli is a bucket owned by amazon that will perminantly exist. It allows for the data source to be called during the destruction process without failing. It doesn't get used for anything else, this is a safe workaround for handling the fact that if a data source like the one `aws_s3_bucket.selected` gets an error, you can't continue the terraform process which also includes the 'destroy' command, where is doesn't even need this data source! Don't change this bucket name, it's a variable so that we can provide this description. And this works around a problem that is an edge case. | string | `aws-cli` | no |
 | tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`) | map(string) | `<map>` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
@@ -22,13 +22,15 @@
 | delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no |
 | enabled | Select Enabled if you want CloudFront to begin processing requests as soon as the distribution is created, or select Disabled if you do not want CloudFront to begin processing requests after the distribution is created. | bool | `true` | no |
 | encryption_enabled | When set to 'true' the resource will have aes256 encryption enabled by default | bool | `false` | no |
+| error_document | An absolute path to the document to return in case of a 4XX error | string | `` | no |
 | extra_logs_attributes | Additional attributes to put onto the log bucket label | list(string) | `<list>` | no |
 | extra_origin_attributes | Additional attributes to put onto the origin label | list(string) | `<list>` | no |
 | forward_cookies | Time in seconds that browser can cache the response for S3 bucket | string | `none` | no |
 | forward_header_values | A list of whitelisted header values to forward to the origin | list(string) | `<list>` | no |
 | forward_query_string | Forward query strings to the origin that is associated with this cache behavior | bool | `false` | no |
 | geo_restriction_locations | List of country codes for which  CloudFront either to distribute content (whitelist) or not distribute your content (blacklist) | list(string) | `<list>` | no |
 | geo_restriction_type | Method that use to restrict distribution of your content by country: `none`, `whitelist`, or `blacklist` | string | `none` | no |
+| index_document | Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders | string | `` | no |
 | is_ipv6_enabled | State of CloudFront IPv6 | bool | `true` | no |
 | lambda_function_association | A config block that triggers a lambda function with specific actions | object | `<list>` | no |
 | log_expiration_days | Number of days after which to expunge the objects | string | `90` | no |
@@ -48,6 +50,8 @@
 | parent_zone_id | ID of the hosted zone to contain this record  (or specify `parent_zone_name`) | string | `` | no |
 | parent_zone_name | Name of the hosted zone to contain this record (or specify `parent_zone_id`) | string | `` | no |
 | price_class | Price class for this distribution: `PriceClass_All`, `PriceClass_200`, `PriceClass_100` | string | `PriceClass_100` | no |
+| redirect_all_requests_to | A hostname to redirect all website requests for this distribution to. If this is set, it overrides other website settings | string | `` | no |
+| routing_rules | A json array containing routing rules describing redirect behavior and when redirects are applied | string | `` | no |
 | stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no |
 | static_s3_bucket | aws-cli is a bucket owned by amazon that will perminantly exist. It allows for the data source to be called during the destruction process without failing. It doesn't get used for anything else, this is a safe workaround for handling the fact that if a data source like the one `aws_s3_bucket.selected` gets an error, you can't continue the terraform process which also includes the 'destroy' command, where is doesn't even need this data source! Don't change this bucket name, it's a variable so that we can provide this description. And this works around a problem that is an edge case. | string | `aws-cli` | no |
 | tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`) | map(string) | `<map>` | no |
diff --git a/main.tf b/main.tf
@@ -1,3 +1,21 @@
+locals {
+  website_enabled = var.redirect_all_requests_to != "" || var.index_document != "" || var.error_document != "" || var.routing_rules != ""
+  website_config = {
+    redirect_all = [
+      {
+        redirect_all_requests_to = var.redirect_all_requests_to
+      }
+    ]
+    default = [
+      {
+        index_document = var.index_document
+        error_document = var.error_document
+        routing_rules  = var.routing_rules
+      }
+    ]
+  }
+}
+
 module "origin_label" {
   source     = "git::https://github.com/cloudposse/terraform-terraform-label.git?ref=tags/0.4.0"
   namespace  = var.namespace
@@ -78,6 +96,16 @@ resource "aws_s3_bucket" "origin" {
     }
   }
 
+  dynamic "website" {
+    for_each = local.website_enabled ? local.website_config[var.redirect_all_requests_to == "" ? "default" : "redirect_all"] : []
+    content {
+      error_document           = lookup(website.value, "error_document", null)
+      index_document           = lookup(website.value, "index_document", null)
+      redirect_all_requests_to = lookup(website.value, "redirect_all_requests_to", null)
+      routing_rules            = lookup(website.value, "routing_rules", null)
+    }
+  }
+
   cors_rule {
     allowed_headers = var.cors_allowed_headers
     allowed_methods = var.cors_allowed_methods
diff --git a/variables.tf b/variables.tf
@@ -337,4 +337,28 @@ variable "encryption_enabled" {
   type        = bool
   default     = false
   description = "When set to 'true' the resource will have aes256 encryption enabled by default"
+}
+
+variable "index_document" {
+  type        = string
+  default     = ""
+  description = "Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders"
+}
+
+variable "redirect_all_requests_to" {
+  type        = string
+  default     = ""
+  description = "A hostname to redirect all website requests for this distribution to. If this is set, it overrides other website settings"
+}
+
+variable "error_document" {
+  type        = string
+  default     = ""
+  description = "An absolute path to the document to return in case of a 4XX error"
+}
+
+variable "routing_rules" {
+  type        = string
+  default     = ""
+  description = "A json array containing routing rules describing redirect behavior and when redirects are applied"
 }
