add storybook resources (#7)

phlask · Oct 17, 2023 · 7a7ccaa · 7a7ccaa
1 parent 04f66e8
commit 7a7ccaa
Show file tree

Hide file tree

Showing 7 changed files with 167 additions and 1 deletion.
diff --git a/beta.tf b/beta.tf
@@ -28,4 +28,16 @@ module "beta_site" {
  providers = {
  aws.us-east-1 = aws.us-east-1
  }
-}
+}
+
+module "storybook_beta_site" {
+ source = "./modules/storybook-resources"
+
+ env_name = "beta"
+
+ common_domain = var.common_domain
+
+ providers = {
+ aws = aws.us-east-1
+ }
+}
diff --git a/modules/storybook-resources/cache.tf b/modules/storybook-resources/cache.tf
@@ -0,0 +1,47 @@
+resource "aws_cloudfront_origin_access_control" "storybook_site" {
+ name = "storybook_site_${var.env_name}"
+ description = "S3 Bucket Access"
+ origin_access_control_origin_type = "s3"
+ signing_behavior = "always"
+ signing_protocol = "sigv4"
+}
+
+resource "aws_cloudfront_distribution" "storybook_site" {
+ origin {
+ domain_name = aws_s3_bucket.storybook_site.bucket_regional_domain_name
+ origin_access_control_id = aws_cloudfront_origin_access_control.storybook_site.id
+ origin_id = local.website_origin_id
+ }
+
+ enabled = true
+ is_ipv6_enabled = true
+ price_class = "PriceClass_100" # US & Europe Only
+ default_root_object = "index.html"
+
+ aliases = ["${var.env_name}.storybook.${var.common_domain}"]
+
+ default_cache_behavior {
+ allowed_methods = ["GET", "HEAD"]
+ cached_methods = ["GET", "HEAD"]
+ target_origin_id = local.website_origin_id
+
+ cache_policy_id = "658327ea-f89d-4fab-a63d-7e88639e58f6"
+ origin_request_policy_id = "88a5eaf4-2fd4-4709-b370-b4c650ea3fcf"
+
+ compress = true
+
+ viewer_protocol_policy = "redirect-to-https"
+ }
+
+ restrictions {
+ geo_restriction {
+ restriction_type = "none"
+ }
+ }
+
+ viewer_certificate {
+ acm_certificate_arn = aws_acm_certificate_validation.storybook_site.certificate_arn
+ minimum_protocol_version = "TLSv1.2_2021"
+ ssl_support_method = "sni-only"
+ }
+}
diff --git a/modules/storybook-resources/dns.tf b/modules/storybook-resources/dns.tf
@@ -0,0 +1,55 @@
+data "aws_route53_zone" "primary" {
+ name = "phlask.me"
+}
+
+
+resource "aws_route53_record" "storybook_site" {
+ zone_id = data.aws_route53_zone.primary.id
+ name = "${var.env_name}.storybook.${var.common_domain}"
+ type = "A"
+
+ alias {
+ name = aws_cloudfront_distribution.storybook_site.domain_name
+ zone_id = aws_cloudfront_distribution.storybook_site.hosted_zone_id
+ evaluate_target_health = true
+ }
+}
+
+
+resource "aws_acm_certificate" "storybook_site" {
+ domain_name = "${var.env_name}.storybook.${var.common_domain}"
+ validation_method = "DNS"
+
+ tags = {
+ Environment = var.env_name
+ }
+
+ lifecycle {
+ create_before_destroy = true
+ }
+}
+
+
+
+
+resource "aws_route53_record" "certificate_storybook" {
+ for_each = {
+ for dvo in aws_acm_certificate.storybook_site.domain_validation_options : dvo.domain_name => {
+ name = dvo.resource_record_name
+ record = dvo.resource_record_value
+ type = dvo.resource_record_type
+ }
+ }
+
+ allow_overwrite = true
+ name = each.value.name
+ records = [each.value.record]
+ ttl = 60
+ type = each.value.type
+ zone_id = data.aws_route53_zone.primary.zone_id
+}
+
+resource "aws_acm_certificate_validation" "storybook_site" {
+ certificate_arn = aws_acm_certificate.storybook_site.arn
+ validation_record_fqdns = [for record in aws_route53_record.certificate_storybook : record.fqdn]
+}
diff --git a/modules/storybook-resources/locals.tf b/modules/storybook-resources/locals.tf
@@ -0,0 +1,3 @@
+locals {
+ website_origin_id = "s3-${aws_s3_bucket.storybook_site.bucket}"
+}
diff --git a/modules/storybook-resources/provider.tf b/modules/storybook-resources/provider.tf
@@ -0,0 +1,7 @@
+terraform {
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ }
+ }
+}
diff --git a/modules/storybook-resources/storage.tf b/modules/storybook-resources/storage.tf
@@ -0,0 +1,35 @@
+resource "aws_s3_bucket" "storybook_site" {
+ bucket = var.env_name == "prod" ? "storybook.phlask.me" : "${var.env_name}.storybook.${var.common_domain}"
+}
+
+resource "aws_s3_bucket_policy" "storybook_site_bucket_policy" {
+ bucket = aws_s3_bucket.storybook_site.id
+ policy = data.aws_iam_policy_document.storybook_site_iam_policy.json
+}
+
+data "aws_iam_policy_document" "storybook_site_iam_policy" {
+ statement {
+ sid = "AllowCloudFrontServicePrincipalReadOnly"
+
+ effect = "Allow"
+
+ principals {
+ type = "Service"
+ identifiers = ["cloudfront.amazonaws.com"]
+ }
+
+ actions = [
+ "s3:GetObject",
+ ]
+
+ resources = [
+ "${aws_s3_bucket.storybook_site.arn}/*",
+ ]
+
+ condition {
+ test = "StringLike"
+ variable = "AWS:SourceArn"
+ values = [aws_cloudfront_distribution.storybook_site.arn]
+ }
+ }
+}
diff --git a/modules/storybook-resources/variables.tf b/modules/storybook-resources/variables.tf
@@ -0,0 +1,7 @@
+variable "env_name" {
+ type = string
+}
+
+variable "common_domain" {
+ type = string
+}