aws_static_website/main.tf at main · cob16/aws_static_website · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
terraform {
  required_version = "~> 1.14.5"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 6.32.0"
    }
    pagerduty = {
      source  = "pagerduty/pagerduty"
      version = "~> 3.30.9"
    }
  }

  backend "s3" {}
}

provider "aws" {
  default_tags {
    tags = module.label.tags
  }
}

provider "aws" {
  region = "us-east-1"
  alias  = "us_east_1"
  default_tags {
    tags = module.label.tags
  }
}

provider "pagerduty" {
  token = var.pagerduty_token
}

module "label" {
  source  = "cloudposse/label/null"
  version = "0.24.1"

  namespace = var.namespace
  stage     = "prod"
  name      = "personal-website"
  delimiter = "-"

  tags = {
    "environment-name" = terraform.workspace
  }
}

module "static_website" {
  source = "./modules/static_website"

  providers = {
    aws           = aws
    aws.us_east_1 = aws.us_east_1
  }

  prefix = module.label.id

  namespace           = var.namespace
  website_name        = var.website_name
  dns_ttl             = var.dns_ttl
  email_mx_records    = var.email_mx_records
  main_txt_records    = var.main_txt_records
  extra_a_records     = var.extra_a_records
  extra_aaaa_records  = var.extra_aaaa_records
  extra_txt_records   = var.extra_txt_records
  extra_cname_records = var.extra_cname_records
}

data "aws_caller_identity" "current" {}

module "general_alarms_sns" {
  source = "./modules/cloudwatch_alarm_sns_topic"

  providers = {
    aws = aws.us_east_1
  }

  name       = "${module.label.id}-general-alarms"
  account_id = data.aws_caller_identity.current.account_id
}

module "website_monitoring" {
  source = "./modules/website_monitoring"

  providers = {
    aws = aws.us_east_1
  }

  prefix                  = module.label.id
  billing_alarm_threshold = var.billing_alarm_threshold

  account_id                       = data.aws_caller_identity.current.account_id
  distribution_id                  = module.static_website.distribution_id
  cloudwatch_general_alarm_sns_arn = module.general_alarms_sns.arn
}

module "pagerduty" {
  source = "./modules/pagerduty"

  providers = {
    aws       = aws.us_east_1
    pagerduty = pagerduty
  }

  website_name = var.website_name
  sns_topic    = module.general_alarms_sns.arn
}

module "cloudfront_distribution_disable_lambda" {
  providers = {
    aws = aws.us_east_1
  }

  source                     = "./modules/cloudfront_distribution_disable_lambda"
  account_id                 = data.aws_caller_identity.current.account_id
  website_name               = var.website_name
  cloudfront_distribution_id = module.static_website.distribution_id
}

module "budget" {
  source = "./modules/budget"

  alert_email               = var.alert_email
  billing_alarm_threshold   = var.billing_alarm_threshold
  over_budget_sns_topic_arn = module.cloudfront_distribution_disable_lambda.sns_topic_arn
}

resource "aws_sns_topic_subscription" "email_alerts" {
  provider = aws.us_east_1

  protocol  = "email"
  topic_arn = module.general_alarms_sns.arn
  endpoint  = var.alert_email

  lifecycle {
    prevent_destroy = true //warning terraform cannot destroy unconfirmed email subs. Manually cleanup if you need to recreate
  }
}