From 86a32565703545a7b9e532d13b0ec3d16a94e76c Mon Sep 17 00:00:00 2001 From: Chisel Date: Tue, 3 Oct 2023 04:29:34 +0100 Subject: [PATCH] chore: don't use S3 hosting for 'dev' workspace --- terraform/s3-web-files.tf | 14 +++++++--- terraform/s3-web-workspaced.tf | 48 +++++++++++++++++++++++++++++++--- 2 files changed, 55 insertions(+), 7 deletions(-) diff --git a/terraform/s3-web-files.tf b/terraform/s3-web-files.tf index 914890f2..34e45220 100644 --- a/terraform/s3-web-files.tf +++ b/terraform/s3-web-files.tf @@ -1,5 +1,10 @@ locals { - files = { + # a local to determine if our workspace is "prod" + is_prod = terraform.workspace == "prod" + + # set the_files to and empty map in the non-prod workspace + # and to a map of files in the prod workspace + files = local.is_prod ? { "index.html" = "text/html" "script.js" = "application/javascript" "custom.js" = "application/javascript" @@ -18,8 +23,7 @@ locals { "favicon/favicon-32x32.png" = "image/png" "favicon/favicon.ico" = "image/x-icon" "favicon/site.webmanifest" = "application/manifest+json" - - } + } : {} } resource "aws_s3_object" "wkspc_botc_www_files" { @@ -43,6 +47,10 @@ resource "aws_s3_object" "wkspc_botc_www_files" { # we need to create an s3 file/object (const.js) that contains the API Gateway # URL so that the web page can call the API Gateway resource "aws_s3_object" "botc_www_const_js" { + + # only create objects if we are in the prod workspace + count = local.is_prod ? length(local.files) : 0 + depends_on = [ aws_s3_bucket_policy.wkspc_www_bucket_policy, aws_api_gateway_stage.api_stage, diff --git a/terraform/s3-web-workspaced.tf b/terraform/s3-web-workspaced.tf index 956dd528..22ea4ada 100644 --- a/terraform/s3-web-workspaced.tf +++ b/terraform/s3-web-workspaced.tf @@ -1,11 +1,19 @@ # a bucket for the $workspace files to be stored in resource "aws_s3_bucket" "wkspc_www_bucket" { + + # only create objects if we are in the prod workspace + count = local.is_prod ? length(local.files) : 0 + bucket = "${local.site_name}.${var.www_bucket_name}" } resource "aws_s3_bucket_ownership_controls" "wkspc_www_bucket_ownership_controls" { - bucket = aws_s3_bucket.wkspc_www_bucket.id + + # only create objects if we are in the prod workspace + count = local.is_prod ? length(local.files) : 0 + + bucket = aws_s3_bucket.wkspc_www_bucket[count.index].id rule { object_ownership = "BucketOwnerPreferred" @@ -13,14 +21,22 @@ resource "aws_s3_bucket_ownership_controls" "wkspc_www_bucket_ownership_controls } resource "aws_s3_bucket_acl" "wkspc_www_bucket_acl" { + + # only create objects if we are in the prod workspace + count = local.is_prod ? 1 : 0 + depends_on = [ aws_s3_bucket_ownership_controls.wkspc_www_bucket_ownership_controls, ] - bucket = aws_s3_bucket.wkspc_www_bucket.id + bucket = aws_s3_bucket.wkspc_www_bucket[count.index].id acl = "public-read" } resource "aws_s3_bucket_policy" "wkspc_www_bucket_policy" { + + # only create objects if we are in the prod workspace + count = local.is_prod ? 1 : 0 + depends_on = [ aws_s3_bucket_acl.wkspc_www_bucket_acl, ] @@ -29,7 +45,11 @@ resource "aws_s3_bucket_policy" "wkspc_www_bucket_policy" { } resource "aws_s3_bucket_cors_configuration" "wkspc_www_bucket_cors" { - bucket = aws_s3_bucket.wkspc_www_bucket.id + + # only create objects if we are in the prod workspace + count = local.is_prod ? 1 : 0 + + bucket = aws_s3_bucket.wkspc_www_bucket[count.index].id cors_rule { allowed_headers = ["Authorization", "Content-Length"] @@ -40,7 +60,11 @@ resource "aws_s3_bucket_cors_configuration" "wkspc_www_bucket_cors" { } resource "aws_s3_bucket_website_configuration" "wkspc_www_bucket_website" { - bucket = aws_s3_bucket.wkspc_www_bucket.id + + # only create objects if we are in the prod workspace + count = local.is_prod ? 1 : 0 + + bucket = aws_s3_bucket.wkspc_www_bucket[count.index].id index_document { suffix = "index.html" @@ -53,6 +77,10 @@ resource "aws_s3_bucket_website_configuration" "wkspc_www_bucket_website" { resource "aws_cloudfront_distribution" "wkspc_www_s3_distribution" { + + # only create objects if we are in the prod workspace + count = local.is_prod ? 1 : 0 + origin { domain_name = aws_s3_bucket.wkspc_www_bucket.bucket_regional_domain_name origin_id = "S3-${local.site_name}.${var.www_bucket_name}" @@ -114,6 +142,10 @@ resource "aws_cloudfront_distribution" "wkspc_www_s3_distribution" { # we don't want to have to manually invalidate the cache every time we update the site resource "aws_s3_bucket_notification" "bucket_notification" { + + # only create objects if we are in the prod workspace + count = local.is_prod ? length(local.files) : 0 + bucket = aws_s3_bucket.wkspc_www_bucket.id lambda_function { @@ -126,6 +158,10 @@ resource "aws_s3_bucket_notification" "bucket_notification" { # Add permission for S3 bucket to trigger Lambda function resource "aws_lambda_permission" "allow_bucket" { + + # only create objects if we are in the prod workspace + count = local.is_prod ? length(local.files) : 0 + statement_id = "AllowS3BucketToTriggerLambda-${local.site_name}-${terraform.workspace}" action = "lambda:InvokeFunction" function_name = data.aws_lambda_function.invalidate_cache.function_name @@ -135,6 +171,10 @@ resource "aws_lambda_permission" "allow_bucket" { # Add permission for S3 bucket to trigger Lambda function resource "aws_lambda_permission" "apigw_invoke_function" { + + # only create objects if we are in the prod workspace + count = local.is_prod ? 1 : 0 + statement_id = "AllowApiGatewayToInvokeFunction-${local.site_name}-${terraform.workspace}" action = "lambda:InvokeFunction" function_name = data.aws_lambda_function.api_render_pdf.function_name