region = var.region
***REMOVED***
-# Using default AWS values for Network
+# Default VPC
data "aws_vpc" "default" {
default = true
***REMOVED***
+# Default subnet in us-east-1a
resource "aws_default_subnet" "a" {
availability_zone = "us-east-1a"
***REMOVED***
-# Attach IGW as the default route to the subnet
+# Internet Gateway for default VPC
resource "aws_internet_gateway" "igw" {
vpc_id = data.aws_vpc.default.id
***REMOVED***
-# Ubuntu linux AMI version
+# Public route table (0.0.0.0/0 -> IGW)
+resource "aws_route_table" "public" {
+ vpc_id = data.aws_vpc.default.id
+
+ route {
+ cidr_block = "0.0.0.0/0"
+ gateway_id = aws_internet_gateway.igw.id
+ ***REMOVED***
+
+ tags = {
+ Name = "${var.project_name***REMOVED***-rt-public"
+ ***REMOVED***
+***REMOVED***
+
+# Associate route table to subnet
+resource "aws_route_table_association" "a" {
+ subnet_id = aws_default_subnet.a.id
+ route_table_id = aws_route_table.public.id
+***REMOVED***
+
+# Ubuntu AMI
data "aws_ami" "ubuntu" {
most_recent = true
- owners = ["099720109477"] # Offical Canonical ID
+ owners = ["099720109477"]
filter {
name = "name"
***REMOVED***
***REMOVED***
-# CloudFront with restrict origin access
+# CloudFront origin-facing managed prefix list
data "aws_ec2_managed_prefix_list" "cloudfront_origin" {
name = "com.amazonaws.global.cloudfront.origin-facing"
***REMOVED***
-# Security group
+# SG
resource "aws_security_group" "gitweb" {
name = "${var.project_name***REMOVED***-sg"
description = "SSH from my IP; HTTP only from CloudFront origin-facing"
***REMOVED***
egress {
- description = "Allow outbound for updates"
+ description = "Allow outbound"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
***REMOVED***
-
- tags = {
- Name = "${var.project_name***REMOVED***-sg"
- ***REMOVED***
***REMOVED***
-# EC2 instance
+# EC2
resource "aws_instance" "gitweb" {
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
***REMOVED***
***REMOVED***
-# Elastic IP for stability (because of CloudFront)
-
+# EIP
resource "aws_eip" "gitweb" {
domain = "vpc"
instance = aws_instance.gitweb.id
***REMOVED***
***REMOVED***
-# CloudFront distribuition
+# CloudFront distribution
resource "aws_cloudfront_distribution" "gitweb" {
enabled = true
is_ipv6_enabled = true
comment = "GitWeb behind CloudFront (origin restricted)"
origin {
- # Using the public DNS of the instance just to be simple,
- # because it has also a EIP
+ # Use CloudFront dns
domain_name = aws_eip.gitweb.public_dns
origin_id = "${var.project_name***REMOVED***-origin"
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
- # GitWeb relies on query strings
forwarded_values {
query_string = true
- headers = []
- cookies {
- forward = "none"
- ***REMOVED***
+ cookies { forward = "none" ***REMOVED***
***REMOVED***
- # Caching the often GitWeb content change
min_ttl = 0
default_ttl = 0
max_ttl = 60
***REMOVED***
restrictions {
- geo_restriction {
- restriction_type = "none"
- ***REMOVED***
+ geo_restriction { restriction_type = "none" ***REMOVED***
***REMOVED***
- # Default CloudFront certificate (HTTPS on CF domain)
viewer_certificate {
cloudfront_default_certificate = true
***REMOVED***
-
- tags = {
- Name = "${var.project_name***REMOVED***-cf"
- ***REMOVED***
***REMOVED***
projects / host-gitweb.git / commitdiff