website

git clone https://pyrossh.dev/repos/website.git

木 Personal website of pyrossh. Built with astrojs, shiki, vite.

53c2978e — pyrossh

add infra code

Files changed (3) hide show

deploy.sh +1 -1
infra/.terraform.lock.hcl +24 -0
infra/main.tf +180 -0

deploy.sh CHANGED Viewed

@@ -1,5 +1,5 @@
 rm -rf dist
 bun run build
 aws s3 sync --delete ./dist/ s3://pyrossh-website
-aws cloudfront create-invalidation --distribution-id E2KFT51L97LWA1 --paths "/*"
+aws cloudfront create-invalidation --distribution-id E2KFT51L97LWA1 --paths "/*" --no-cli-pager
 cd infra && terraform apply -auto-approve

infra/.terraform.lock.hcl ADDED Viewed

@@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+provider "registry.terraform.io/hashicorp/aws" {
+  version = "5.99.1"
+  hashes = [
+    "h1:xgPyZArCfKVMy8sThzhb0IernbFy0fJGm897ztejZAQ=",
+    "zh:00b0a61c6d295300f0aa7a79a7d40e9f836164f1fff816d38324c148cd846887",
+    "zh:1ee9d5ccb67378704642db62113ac6c0d56d69408a9c1afb9a8e14b095fc0733",
+    "zh:2035977ed418dcb18290785c1eeb79b7133b39f718c470346e043ac48887ffc7",
+    "zh:67e3ca1bf7061900f81cf958d5c771a2fd6048c2b185bec7b27978349b173a90",
+    "zh:87fadbe5de7347ede72ad879ff8d8d9334103cd9aa4a321bb086bfac91654944",
+    "zh:901d170c457c2bff244a2282d9de595bdb3ebecc33a2034c5ce8aafbcff66db9",
+    "zh:92c07d6cf530679565b87934f9f98604652d787968cce6a3d24c148479b7e34b",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:a7d4803b4c5ff17f029f8b270c91480442ece27cec7922c38548bcfea2ac2d26",
+    "zh:afda848da7993a07d29018ec25ab6feda652e01d4b22721da570ce4fcc005292",
+    "zh:baaf16c98b81bad070e0908f057a97108ecd6e8c9f754d7a79b18df4c8453279",
+    "zh:c3dd496c5014427599d6b6b1c14c7ebb09a15df78918ae0be935e7bfa83b894c",
+    "zh:e2b84c1d40b3f2c4b1d74bf170b9e932983b61bac0e6dab2e36f5057ddcc997f",
+    "zh:e49c92cb29c53b4573ed4d9c946486e6bcfc1b63f1aee0c79cc7626f3d9add03",
+    "zh:efae8e339c4b13f546e0f96c42eb95bf8347de22e941594849b12688574bf380",
+  ]
+}

infra/main.tf ADDED Viewed

@@ -0,0 +1,180 @@
+provider "aws" {
+  region = "ap-south-1"
+  default_tags {
+    tags = {
+      Environment   = "Production"
+      ProvisionedBy = "Terraform"
+    }
+  }
+}
+provider "aws" {
+  alias  = "useast"
+  region = "us-east-1"
+  default_tags {
+    tags = {
+      Environment   = "Production"
+      ProvisionedBy = "Terraform"
+    }
+  }
+}
+resource "aws_route53_zone" "main" {
+  name = "pyrossh.dev"
+}
+resource "aws_s3_bucket" "website" {
+  bucket = "pyrossh-website"
+}
+# resource "aws_s3_bucket_acl" "website" {
+#   bucket = aws_s3_bucket.website.id
+#   acl    = "private"
+# }
+# resource "aws_s3_bucket_website_configuration" "s3_bucket" {
+#   bucket = aws_s3_bucket.website.id
+#   index_document {
+#     suffix = "index.html"
+#   }
+#   error_document {
+#     key = "error.html"
+#   }
+# }
+resource "aws_s3_bucket_public_access_block" "website_public_access" {
+  bucket                  = aws_s3_bucket.website.id
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+resource "aws_cloudfront_origin_access_control" "website" {
+  name                              = "s3-cloudfront-oac"
+  description                       = "Grant cloudfront access to s3 bucket ${aws_s3_bucket.website.id}"
+  origin_access_control_origin_type = "s3"
+  signing_behavior                  = "always" // "no-override"
+  signing_protocol                  = "sigv4"
+}
+data "aws_iam_policy_document" "cloudfront_oac_access" {
+  statement {
+    principals {
+      type        = "Service"
+      identifiers = ["cloudfront.amazonaws.com"]
+    }
+    actions = [
+      "s3:GetObject"
+    ]
+    resources = [
+      aws_s3_bucket.website.arn,
+      "${aws_s3_bucket.website.arn}/*"
+    ]
+    condition {
+      test     = "StringEquals"
+      variable = "AWS:SourceArn"
+      values   = [aws_cloudfront_distribution.s3_distribution.arn]
+    }
+  }
+}
+resource "aws_s3_bucket_policy" "website_access_policy" {
+  bucket = aws_s3_bucket.website.id
+  policy = data.aws_iam_policy_document.cloudfront_oac_access.json
+}
+resource "aws_acm_certificate" "domain_ssl_certificate" {
+  domain_name       = "pyrossh.dev"
+  validation_method = "EMAIL"
+  provider          = aws.useast
+}
+resource "aws_cloudfront_function" "subdirectory_redirector" {
+  name    = "subdirectory_redirector"
+  runtime = "cloudfront-js-2.0"
+  publish = true
+  code    = <<CODE
+    function handler(event) {
+      const request = event.request;
+      const uri = request.uri;
+      if (uri.endsWith('/')) {
+          request.uri += 'index.html';
+      } else if (!uri.includes('.')) {
+          request.uri += '/index.html';
+      }
+      return request;
+    }
+  CODE
+}
+resource "aws_cloudfront_distribution" "s3_distribution" {
+  origin {
+    domain_name              = aws_s3_bucket.website.bucket_regional_domain_name
+    origin_id                = aws_s3_bucket.website.bucket_regional_domain_name
+    origin_access_control_id = aws_cloudfront_origin_access_control.website.id
+  }
+  enabled             = true
+  is_ipv6_enabled     = true
+  aliases             = ["pyrossh.dev"]
+  default_root_object = "index.html"
+  dynamic "custom_error_response" {
+    for_each = [400, 403, 404, 405, 414, 416, 500, 501, 502, 503, 504]
+    content {
+      error_code         = custom_error_response.value
+      response_code      = custom_error_response.value
+      response_page_path = custom_error_response.value < 500 ? "/404.html" : "/500.html"
+    }
+  }
+  default_cache_behavior {
+    allowed_methods  = ["GET", "HEAD"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = aws_s3_bucket.website.bucket_regional_domain_name
+    forwarded_values {
+      query_string = true
+      cookies {
+        forward = "none"
+      }
+    }
+    viewer_protocol_policy = "redirect-to-https"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+    # function_association {
+    #   event_type   = "viewer-request"
+    #   function_arn = aws_cloudfront_function.subdirectory_redirector.arn
+    # }
+  }
+  price_class = "PriceClass_All"
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+  viewer_certificate {
+    cloudfront_default_certificate = false
+    acm_certificate_arn            = aws_acm_certificate.domain_ssl_certificate.arn
+    ssl_support_method             = "sni-only"
+  }
+}
+resource "aws_route53_record" "a_record_domain" {
+  zone_id = aws_route53_zone.main.zone_id
+  name    = "pyrossh.dev"
+  type    = "A"
+  alias {
+    name                   = aws_cloudfront_distribution.s3_distribution.domain_name
+    zone_id                = aws_cloudfront_distribution.s3_distribution.hosted_zone_id
+    evaluate_target_health = false #
+  }
+}

~repos /website

git clone https://pyrossh.dev/repos/website.git

木 Personal website of pyrossh. Built with astrojs, shiki, vite.