~repos /website
git clone https://pyrossh.dev/repos/website.git
木 Personal website of pyrossh. Built with astrojs, shiki, vite.
5931fd02
—
pyrossh 6 months ago
update infra
- deploy.sh +1 -1
- infra/main.tf +42 -7
- src/content.config.ts +1 -1
deploy.sh
CHANGED
|
@@ -2,4 +2,4 @@ rm -rf dist
|
|
|
2
2
|
bun run build
|
|
3
3
|
aws s3 sync --delete ./dist/ s3://pyrossh-website
|
|
4
4
|
aws cloudfront create-invalidation --distribution-id E2KFT51L97LWA1 --paths "/*" --no-cli-pager
|
|
5
|
-
cd infra && terraform apply -auto-approve
|
|
5
|
+
cd infra && terraform validate && terraform plan && terraform apply -auto-approve
|
infra/main.tf
CHANGED
|
@@ -49,14 +49,23 @@ resource "aws_s3_bucket_public_access_block" "website_public_access" {
|
|
|
49
49
|
}
|
|
50
50
|
|
|
51
51
|
resource "aws_cloudfront_origin_access_control" "website" {
|
|
52
|
-
name = "
|
|
52
|
+
name = "${aws_s3_bucket.website.id}-oac"
|
|
53
53
|
description = "Grant cloudfront access to s3 bucket ${aws_s3_bucket.website.id}"
|
|
54
54
|
origin_access_control_origin_type = "s3"
|
|
55
55
|
signing_behavior = "always" // "no-override"
|
|
56
56
|
signing_protocol = "sigv4"
|
|
57
57
|
}
|
|
58
58
|
|
|
59
|
+
resource "aws_cloudfront_origin_access_control" "repos_bucket" {
|
|
60
|
+
name = "${aws_s3_bucket.repos_bucket.id}-oac"
|
|
61
|
+
description = "Grant cloudfront access to s3 bucket ${aws_s3_bucket.repos_bucket.id}"
|
|
62
|
+
origin_access_control_origin_type = "s3"
|
|
63
|
+
signing_behavior = "always" // "no-override"
|
|
64
|
+
signing_protocol = "sigv4"
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
|
|
59
|
-
data "aws_iam_policy_document" "
|
|
68
|
+
data "aws_iam_policy_document" "cloudfront_website_access" {
|
|
60
69
|
statement {
|
|
61
70
|
principals {
|
|
62
71
|
type = "Service"
|
|
@@ -70,8 +79,6 @@ data "aws_iam_policy_document" "cloudfront_oac_access" {
|
|
|
70
79
|
resources = [
|
|
71
80
|
aws_s3_bucket.website.arn,
|
|
72
81
|
"${aws_s3_bucket.website.arn}/*",
|
|
73
|
-
aws_s3_bucket.repos_bucket,
|
|
74
|
-
"${aws_s3_bucket.repos_bucket.arn}/*"
|
|
75
82
|
]
|
|
76
83
|
|
|
77
84
|
condition {
|
|
@@ -84,9 +91,37 @@ data "aws_iam_policy_document" "cloudfront_oac_access" {
|
|
|
84
91
|
|
|
85
92
|
resource "aws_s3_bucket_policy" "website_access_policy" {
|
|
86
93
|
bucket = aws_s3_bucket.website.id
|
|
87
|
-
policy = data.aws_iam_policy_document.
|
|
94
|
+
policy = data.aws_iam_policy_document.cloudfront_website_access.json
|
|
88
95
|
}
|
|
89
96
|
|
|
97
|
+
data "aws_iam_policy_document" "cloudfront_repos_bucket_access" {
|
|
98
|
+
statement {
|
|
99
|
+
principals {
|
|
100
|
+
type = "Service"
|
|
101
|
+
identifiers = ["cloudfront.amazonaws.com"]
|
|
102
|
+
}
|
|
103
|
+
|
|
104
|
+
actions = [
|
|
105
|
+
"s3:GetObject"
|
|
106
|
+
]
|
|
107
|
+
|
|
108
|
+
resources = [
|
|
109
|
+
aws_s3_bucket.repos_bucket.arn,
|
|
110
|
+
"${aws_s3_bucket.repos_bucket.arn}/*",
|
|
111
|
+
]
|
|
112
|
+
|
|
113
|
+
condition {
|
|
114
|
+
test = "StringEquals"
|
|
115
|
+
variable = "AWS:SourceArn"
|
|
116
|
+
values = [aws_cloudfront_distribution.s3_distribution.arn]
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
resource "aws_s3_bucket_policy" "repos_bucket_access_policy" {
|
|
122
|
+
bucket = aws_s3_bucket.repos_bucket.id
|
|
123
|
+
policy = data.aws_iam_policy_document.cloudfront_repos_bucket_access.json
|
|
124
|
+
}
|
|
90
125
|
|
|
91
126
|
resource "aws_acm_certificate" "domain_ssl_certificate" {
|
|
92
127
|
domain_name = "pyrossh.dev"
|
|
@@ -122,7 +157,7 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
|
|
|
122
157
|
origin {
|
|
123
158
|
domain_name = aws_s3_bucket.repos_bucket.bucket_regional_domain_name
|
|
124
159
|
origin_id = aws_s3_bucket.repos_bucket.bucket_regional_domain_name
|
|
125
|
-
origin_access_control_id = aws_cloudfront_origin_access_control.
|
|
160
|
+
origin_access_control_id = aws_cloudfront_origin_access_control.repos_bucket.id
|
|
126
161
|
}
|
|
127
162
|
enabled = true
|
|
128
163
|
is_ipv6_enabled = true
|
|
@@ -159,7 +194,7 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
|
|
|
159
194
|
}
|
|
160
195
|
|
|
161
196
|
ordered_cache_behavior {
|
|
162
|
-
path_pattern = "/
|
|
197
|
+
path_pattern = "/zips/*"
|
|
163
198
|
allowed_methods = ["GET", "HEAD"]
|
|
164
199
|
cached_methods = ["GET", "HEAD"]
|
|
165
200
|
target_origin_id = aws_s3_bucket.repos_bucket.bucket_regional_domain_name
|
src/content.config.ts
CHANGED
|
@@ -5,7 +5,7 @@ import { defineCollection, z } from 'astro:content';
|
|
|
5
5
|
import { REPOS } from './consts';
|
|
6
6
|
|
|
7
7
|
|
|
8
|
-
// https://pyrossh.dev/
|
|
8
|
+
// https://pyrossh.dev/zips/rp2350/refs/heads/master/repo.zip
|
|
9
9
|
// https://pyrossh-repos.s3.ap-south-1.amazonaws.com/rp2350/refs/heads/master/repo.zip
|
|
10
10
|
|
|
11
11
|
async function checkFileExists(filePath: string) {
|