provider "aws" {
region = var.region
-***REMOVED***
+}
# Default VPC
data "aws_vpc" "default" {
default = true
-***REMOVED***
+}
# Default subnet in us-east-1a
resource "aws_default_subnet" "a" {
availability_zone = "us-east-1a"
-***REMOVED***
+}
# Internet Gateway for default VPC
resource "aws_internet_gateway" "igw" {
vpc_id = data.aws_vpc.default.id
-***REMOVED***
+}
# Public route table (0.0.0.0/0 -> IGW)
resource "aws_route_table" "public" {
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw.id
- ***REMOVED***
+ }
tags = {
- Name = "${var.project_name***REMOVED***-rt-public"
- ***REMOVED***
-***REMOVED***
+ Name = "${var.project_name}-rt-public"
+ }
+}
# Associate route table to subnet
resource "aws_route_table_association" "a" {
subnet_id = aws_default_subnet.a.id
route_table_id = aws_route_table.public.id
-***REMOVED***
+}
# Ubuntu AMI
data "aws_ami" "ubuntu" {
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
- ***REMOVED***
-***REMOVED***
+ }
+}
# CloudFront origin-facing managed prefix list
data "aws_ec2_managed_prefix_list" "cloudfront_origin" {
name = "com.amazonaws.global.cloudfront.origin-facing"
-***REMOVED***
+}
# SG
resource "aws_security_group" "gitweb" {
- name = "${var.project_name***REMOVED***-sg"
+ name = "${var.project_name}-sg"
description = "SSH from my IP; HTTP only from CloudFront origin-facing"
vpc_id = data.aws_vpc.default.id
to_port = 22
protocol = "tcp"
cidr_blocks = [var.my_ip_cidr]
- ***REMOVED***
+ }
ingress {
description = "HTTP only from CloudFront origin-facing"
to_port = 80
protocol = "tcp"
prefix_list_ids = [data.aws_ec2_managed_prefix_list.cloudfront_origin.id]
- ***REMOVED***
+ }
egress {
description = "Allow outbound"
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
- ***REMOVED***
-***REMOVED***
+ }
+}
# EC2
resource "aws_instance" "gitweb" {
vpc_security_group_ids = [aws_security_group.gitweb.id]
key_name = var.key_name
- user_data = file("${path.module***REMOVED***/user_data_config.sh")
+ user_data = file("${path.module}/user_data_config.sh")
tags = {
- Name = "${var.project_name***REMOVED***-ec2"
- ***REMOVED***
-***REMOVED***
+ Name = "${var.project_name}-ec2"
+ }
+}
# EIP
resource "aws_eip" "gitweb" {
instance = aws_instance.gitweb.id
tags = {
- Name = "${var.project_name***REMOVED***-eip"
- ***REMOVED***
-***REMOVED***
+ Name = "${var.project_name}-eip"
+ }
+}
# CloudFront distribution
resource "aws_cloudfront_distribution" "gitweb" {
comment = "GitWeb behind CloudFront (origin restricted)"
origin {
- # Use CloudFront dns
- domain_name = aws_eip.gitweb.public_dns
- origin_id = "${var.project_name***REMOVED***-origin"
+ domain_name = aws_eip.gitweb.public_dns
+ origin_id = "${var.project_name}-origin"
custom_origin_config {
http_port = 80
https_port = 443
origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1.2"]
- ***REMOVED***
- ***REMOVED***
+ }
+ }
default_cache_behavior {
- target_origin_id = "${var.project_name***REMOVED***-origin"
+ target_origin_id = "${var.project_name}-origin"
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["GET", "HEAD"]
forwarded_values {
query_string = true
- cookies { forward = "none" ***REMOVED***
- ***REMOVED***
+ cookies { forward = "none" }
+ }
min_ttl = 0
default_ttl = 0
max_ttl = 60
- ***REMOVED***
+ }
restrictions {
- geo_restriction { restriction_type = "none" ***REMOVED***
- ***REMOVED***
+ geo_restriction { restriction_type = "none" }
+ }
viewer_certificate {
cloudfront_default_certificate = true
- ***REMOVED***
-***REMOVED***
+ }
+}
projects / host-gitweb.git / commitdiff