Kharec/hugo-pages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e2f0696119247af17628d1f87467a548d3e412be
hugo-pages/aws-infra/main.tf
Kharec 804a3469b0 feat: add terraform infra
2025-11-30 11:42:00 +01:00

164 lines
4.0 KiB
HCL
Raw Blame History

provider "aws" {
region = "eu-central-1"
}
resource "aws_amplify_app" "hugo_pages" {
name = "hugo-pages"
platform = "WEB"
}
resource "aws_amplify_branch" "prod" {
app_id = aws_amplify_app.hugo_pages.id
branch_name = "prod"
stage = "PRODUCTION"
}
resource "aws_amplify_domain_association" "hugo_pages_domain" {
app_id = aws_amplify_app.hugo_pages.id
domain_name = "pages.kharec.info"
sub_domain {
branch_name = aws_amplify_branch.prod.branch_name
prefix = ""
}
wait_for_verification = true
}
resource "aws_s3_bucket" "amplify_deployments" {
bucket = "hugo-pages-amplify-deployments"
}
resource "aws_s3_bucket_lifecycle_configuration" "amplify_deployments" {
bucket = aws_s3_bucket.amplify_deployments.id
rule {
id = "delete-old-deployments"
status = "Enabled"
expiration {
days = 7
}
}
}
resource "aws_s3_bucket_versioning" "amplify_deployments" {
bucket = aws_s3_bucket.amplify_deployments.id
versioning_configuration {
status = "Disabled"
}
}
resource "aws_s3_bucket_policy" "amplify_deployments" {
bucket = aws_s3_bucket.amplify_deployments.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Sid = "AllowAmplifyReadAccess"
Effect = "Allow"
Principal = {
Service = "amplify.amazonaws.com"
}
Action = [
"s3:GetObject",
"s3:GetObjectAcl"
]
Resource = "${aws_s3_bucket.amplify_deployments.arn}/*"
Condition = {
StringEquals = {
"aws:SourceAccount" = data.aws_caller_identity.current.account_id
}
}
}
]
})
}
data "aws_caller_identity" "current" {}
resource "aws_iam_policy" "amplify_deployment" {
name = "HugoAmplifyDeploymentPolicy"
description = "Policy for Gitea CI to deploy Hugo site to AWS Amplify"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Sid = "S3DeploymentBucketAccess"
Effect = "Allow"
Action = [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl"
]
Resource = "${aws_s3_bucket.amplify_deployments.arn}/*"
},
{
Sid = "S3ListDeploymentBucket"
Effect = "Allow"
Action = [
"s3:ListBucket"
]
Resource = aws_s3_bucket.amplify_deployments.arn
},
{
Sid = "AmplifyAppAndBranchAccess"
Effect = "Allow"
Action = [
"amplify:GetApp",
"amplify:GetBranch"
]
Resource = [
aws_amplify_app.hugo_pages.arn,
"${aws_amplify_app.hugo_pages.arn}/branches/${aws_amplify_branch.prod.branch_name}"
]
},
{
Sid = "AmplifyDeploymentAccess"
Effect = "Allow"
Action = [
"amplify:StartDeployment",
"amplify:CreateDeployment"
]
Resource = [
"${aws_amplify_app.hugo_pages.arn}/branches/${aws_amplify_branch.prod.branch_name}/deployments/*",
"${aws_amplify_app.hugo_pages.arn}/branches/${aws_amplify_branch.prod.branch_name}/deployments/start"
]
}
]
})
}
resource "aws_iam_user" "amplify_deployment" {
name = "hugo-amplify-deployment"
}
resource "aws_iam_user_policy_attachment" "amplify_deployment" {
user = aws_iam_user.amplify_deployment.name
policy_arn = aws_iam_policy.amplify_deployment.arn
}
resource "aws_iam_access_key" "amplify_deployment" {
user = aws_iam_user.amplify_deployment.name
}
output "deployment_access_key_id" {
value = aws_iam_access_key.amplify_deployment.id
description = "AWS Access Key ID for Gitea CI deployment"
sensitive = false
}
output "deployment_secret_access_key" {
value = aws_iam_access_key.amplify_deployment.secret
description = "AWS Secret Access Key for Gitea CI deployment"
sensitive = true
}
output "s3_bucket_name" {
value = aws_s3_bucket.amplify_deployments.bucket
description = "S3 bucket name for deployment artifacts"
}
Reference in New Issue View Git Blame Copy Permalink