Root Domain Site
A simple site with redirect from other none root domain.
- tsx
- dinghy.config.yml
- Overview
- Terraform
import { MoveToHere } from '@dinghy/base-components'
import { AwsStack } from '@dinghy/tf-aws'
import { CloudfrontSites } from '@dinghy/tf-aws/cloudfront'
export default () => (
<AwsStack infrastructure={<MoveToHere includes='AwsRoute53Zone' />}>
<CloudfrontSites />
</AwsStack>
)
awsStack:
title: example.com website
s3Backend: true
logBucket: true
sites:
example.com:
origins:
root:
target: s3://example-com-website/www
old_redirect:
target: https://new.example.com/{PATH}#from-old
pathPattern: '/old/*'
subsite:
target: s3://example-com-subsite
pathPattern: '/subsite/*'
redirectFromNames:
- '*.example.com'
stack.tf.json
{
"provider": {
"aws": [
{
"region": "us-east-1",
"default_tags": {
"tags": {
"iac:stack-title": "Example Com Websites",
"iac:stack-name": "example-com-websites"
}
}
}
]
},
"terraform": {
"required_providers": {
"aws": {
"source": "aws",
"version": "6.28.0"
}
},
"backend": {
"s3": {
"bucket": "example-com-websites-backend",
"key": "example-com-websites/example-com-websites.tfstate.json",
"region": "us-east-1"
}
}
},
"resource": {
"aws_cloudfront_distribution": {
"examplecom_site": {
"default_cache_behavior": {
"allowed_methods": [
"GET",
"HEAD"
],
"cached_methods": [
"GET",
"HEAD"
],
"target_origin_id": "root",
"viewer_protocol_policy": "redirect-to-https",
"cache_policy_id": "658327ea-f89d-4fab-a63d-7e88639e58f6",
"function_association": []
},
"enabled": true,
"origin": [
{
"origin_id": "root",
"domain_name": "${aws_s3_bucket.examplecom_root_bucket.bucket_regional_domain_name}",
"origin_path": "/www",
"origin_access_control_id": "${aws_cloudfront_origin_access_control.examplecom_originaccesscontrol.id}"
},
{
"origin_id": "subsite",
"domain_name": "${aws_s3_bucket.examplecom_subsite_bucket.bucket_regional_domain_name}",
"origin_path": "",
"origin_access_control_id": "${aws_cloudfront_origin_access_control.examplecom_originaccesscontrol.id}"
}
],
"restrictions": {
"geo_restriction": {
"restriction_type": "none"
}
},
"viewer_certificate": {
"acm_certificate_arn": "${aws_acm_certificate.examplecom_site_1_certificate.arn}",
"minimum_protocol_version": "TLSv1.2_2021",
"ssl_support_method": "sni-only"
},
"aliases": [
"example.com"
],
"comment": "example.com",
"default_root_object": "index.html",
"logging_config": {
"bucket": "${aws_s3_bucket.awss3bucket_globallogbucket.bucket_domain_name}",
"prefix": "cloudfront-accesslog/examplecom_site/"
},
"ordered_cache_behavior": [
{
"path_pattern": "/old/*",
"allowed_methods": [
"GET",
"HEAD"
],
"cached_methods": [
"GET",
"HEAD"
],
"target_origin_id": "root",
"viewer_protocol_policy": "redirect-to-https",
"cache_policy_id": "658327ea-f89d-4fab-a63d-7e88639e58f6",
"function_association": [
{
"event_type": "viewer-request",
"function_arn": "${aws_cloudfront_function.examplecom_old_redirect_redirect_function.arn}"
}
]
},
{
"path_pattern": "/subsite/*",
"allowed_methods": [
"GET",
"HEAD"
],
"cached_methods": [
"GET",
"HEAD"
],
"target_origin_id": "subsite",
"viewer_protocol_policy": "redirect-to-https",
"cache_policy_id": "658327ea-f89d-4fab-a63d-7e88639e58f6",
"function_association": []
}
],
"depends_on": [
"aws_s3_bucket.examplecom_root_bucket",
"aws_cloudfront_origin_access_control.examplecom_originaccesscontrol",
"aws_s3_bucket.examplecom_subsite_bucket",
"aws_acm_certificate.examplecom_site_1_certificate",
"aws_s3_bucket.awss3bucket_globallogbucket",
"aws_cloudfront_function.examplecom_old_redirect_redirect_function"
],
"tags": {
"Name": "Distribution: example.com",
"iac:id": "examplecom_site"
}
},
"examplecom_redirect": {
"default_cache_behavior": {
"allowed_methods": [
"GET",
"HEAD"
],
"cached_methods": [
"GET",
"HEAD"
],
"target_origin_id": "root",
"viewer_protocol_policy": "redirect-to-https",
"cache_policy_id": "658327ea-f89d-4fab-a63d-7e88639e58f6",
"function_association": [
{
"event_type": "viewer-request",
"function_arn": "${aws_cloudfront_function.examplecom_redirect_function.arn}"
}
]
},
"enabled": true,
"origin": [
{
"origin_id": "root",
"domain_name": "${aws_s3_bucket.examplecom_root_bucket.bucket_regional_domain_name}",
"origin_path": "/www",
"origin_access_control_id": "${aws_cloudfront_origin_access_control.examplecom_originaccesscontrol.id}"
}
],
"restrictions": {
"geo_restriction": {
"restriction_type": "none"
}
},
"viewer_certificate": {
"acm_certificate_arn": "${aws_acm_certificate.examplecom_redirect_1_certificate.arn}",
"minimum_protocol_version": "TLSv1.2_2021",
"ssl_support_method": "sni-only"
},
"aliases": [
"*.example.com"
],
"comment": "Redirect to example.com",
"default_root_object": "index.html",
"logging_config": {
"bucket": "${aws_s3_bucket.awss3bucket_globallogbucket.bucket_domain_name}",
"prefix": "cloudfront-accesslog/examplecom_redirect/"
},
"depends_on": [
"aws_cloudfront_function.examplecom_redirect_function",
"aws_s3_bucket.examplecom_root_bucket",
"aws_cloudfront_origin_access_control.examplecom_originaccesscontrol",
"aws_acm_certificate.examplecom_redirect_1_certificate",
"aws_s3_bucket.awss3bucket_globallogbucket"
],
"tags": {
"Name": "Distribution: Redirect to example.com",
"iac:id": "examplecom_redirect"
}
}
},
"aws_route53_record": {
"examplecom_arecord": {
"name": "example.com",
"type": "A",
"zone_id": "${data.aws_route53_zone.examplecom_zone.id}",
"alias": {
"name": "${aws_cloudfront_distribution.examplecom_site.domain_name}",
"zone_id": "${aws_cloudfront_distribution.examplecom_site.hosted_zone_id}",
"evaluate_target_health": false
},
"depends_on": [
"aws_cloudfront_distribution.examplecom_site"
]
},
"examplecom_validation_cname": {
"name": "${one([\n for dvo in aws_acm_certificate.examplecom_site_1_certificate.domain_validation_options :\n dvo if dvo.domain_name == \"example.com\"\n]).resource_record_name}",
"type": "CNAME",
"zone_id": "${data.aws_route53_zone.examplecom_zone.id}",
"allow_overwrite": true,
"records": [
"${one([\n for dvo in aws_acm_certificate.examplecom_site_1_certificate.domain_validation_options :\n dvo if dvo.domain_name == \"example.com\"\n]).resource_record_value}"
],
"ttl": 60
},
"star_examplecom_arecord": {
"name": "*.example.com",
"type": "A",
"zone_id": "${data.aws_route53_zone.examplecom_zone.id}",
"alias": {
"name": "${aws_cloudfront_distribution.examplecom_redirect.domain_name}",
"zone_id": "${aws_cloudfront_distribution.examplecom_redirect.hosted_zone_id}",
"evaluate_target_health": false
},
"depends_on": [
"aws_cloudfront_distribution.examplecom_redirect"
]
},
"star_examplecom_validation_cname": {
"name": "${one([\n for dvo in aws_acm_certificate.examplecom_redirect_1_certificate.domain_validation_options :\n dvo if dvo.domain_name == \"*.example.com\"\n]).resource_record_name}",
"type": "CNAME",
"zone_id": "${data.aws_route53_zone.examplecom_zone.id}",
"allow_overwrite": true,
"records": [
"${one([\n for dvo in aws_acm_certificate.examplecom_redirect_1_certificate.domain_validation_options :\n dvo if dvo.domain_name == \"*.example.com\"\n]).resource_record_value}"
],
"ttl": 60
}
},
"aws_s3_bucket": {
"examplecom_root_bucket": {
"bucket": "example-com-website",
"tags": {
"Name": "Origin Bucket: example.com root",
"iac:id": "examplecom_root_bucket"
}
},
"examplecom_subsite_bucket": {
"bucket": "example-com-subsite",
"tags": {
"Name": "Origin Bucket: example.com subsite",
"iac:id": "examplecom_subsite_bucket"
}
},
"awss3bucket_globallogbucket": {
"bucket": "example-com-websites-logs-global",
"region": "us-east-1",
"tags": {
"Name": "Global LogBucket",
"iac:id": "awss3bucket_globallogbucket"
}
},
"awss3bucket_backend": {
"bucket": "example-com-websites-backend",
"object_lock_enabled": true,
"tags": {
"Name": "Backend Bucket",
"iac:id": "awss3bucket_backend"
}
},
"awss3bucket_logbucket": {
"bucket": "example-com-websites-logs-us-east-1",
"tags": {
"Name": "LogBucket",
"iac:id": "awss3bucket_logbucket"
}
}
},
"aws_s3_bucket_logging": {
"examplecom_root_bucket_logging": {
"depends_on": [
"aws_s3_bucket.examplecom_root_bucket"
],
"bucket": "example-com-website",
"target_bucket": "example-com-websites-logs-us-east-1",
"target_prefix": "s3-access-log/example-com-website/"
},
"examplecom_subsite_bucket_logging": {
"depends_on": [
"aws_s3_bucket.examplecom_subsite_bucket"
],
"bucket": "example-com-subsite",
"target_bucket": "example-com-websites-logs-us-east-1",
"target_prefix": "s3-access-log/example-com-subsite/"
},
"awss3bucket_backend_logging": {
"depends_on": [
"aws_s3_bucket.awss3bucket_backend"
],
"bucket": "example-com-websites-backend",
"target_bucket": "example-com-websites-logs-us-east-1",
"target_prefix": "s3-access-log/example-com-websites-backend/"
}
},
"aws_s3_bucket_policy": {
"examplecom_root_bucket_policy": {
"depends_on": [
"aws_s3_bucket.examplecom_root_bucket"
],
"bucket": "example-com-website",
"policy": "{\"Version\":\"2008-10-17\",\"Id\":\"PolicyForCloudFrontPrivateContent\",\"Statement\":[{\"Sid\":\"AllowCloudFrontServicePrincipal\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudfront.amazonaws.com\"},\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::example-com-website/*\",\"Condition\":{\"ArnLike\":{\"AWS:SourceArn\":[\"${aws_cloudfront_distribution.examplecom_site.arn}\"]}}}]}"
},
"examplecom_subsite_bucket_policy": {
"depends_on": [
"aws_s3_bucket.examplecom_subsite_bucket"
],
"bucket": "example-com-subsite",
"policy": "{\"Version\":\"2008-10-17\",\"Id\":\"PolicyForCloudFrontPrivateContent\",\"Statement\":[{\"Sid\":\"AllowCloudFrontServicePrincipal\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudfront.amazonaws.com\"},\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::example-com-subsite/*\",\"Condition\":{\"ArnLike\":{\"AWS:SourceArn\":[\"${aws_cloudfront_distribution.examplecom_site.arn}\"]}}}]}"
},
"awss3bucket_logbucket_policy": {
"bucket": "example-com-websites-logs-us-east-1",
"policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"logging.s3.amazonaws.com\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::example-com-websites-logs-us-east-1/*\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"logging.s3.amazonaws.com\"},\"Action\":\"s3:GetBucketAcl\",\"Resource\":\"arn:aws:s3:::example-com-websites-logs-us-east-1\"},{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"delivery.logs.amazonaws.com\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::example-com-websites-logs-us-east-1/*\",\"Condition\":{\"StringEquals\":{\"aws:SourceAccount\":\"${data.aws_caller_identity.caller_identity.account_id}\"}}}]}"
}
},
"aws_cloudfront_function": {
"examplecom_old_redirect_redirect_function": {
"lifecycle": {
"ignore_changes": [
"name"
]
},
"code": "\n function handler(event) {\n var request = event.request;\n var path = request.uri.substring(5);\n var newUrl = 'https://new.example.com/{PATH}#from-old'.replace('{PATH}',path);\n var response = {\n statusCode: 301,\n statusDescription: 'Moved Permanently',\n headers: {\n 'location': { value: newUrl }\n }\n };\n return response;\n }",
"name": "examplecom_old_redirect_redirect_function",
"runtime": "cloudfront-js-2.0",
"publish": true
},
"examplecom_redirect_function": {
"lifecycle": {
"ignore_changes": [
"name"
]
},
"code": "\n function handler(event) {\n var request = event.request;\n \n var newUrl = 'https://example.com';\n var response = {\n statusCode: 301,\n statusDescription: 'Moved Permanently',\n headers: {\n 'location': { value: newUrl }\n }\n };\n return response;\n }",
"name": "examplecom_redirect_function",
"runtime": "cloudfront-js-2.0",
"publish": true
}
},
"aws_acm_certificate": {
"examplecom_site_1_certificate": {
"lifecycle": {
"ignore_changes": [
"subject_alternative_names",
"domain_name"
]
},
"domain_name": "example.com",
"region": "us-east-1",
"subject_alternative_names": [],
"tags": {
"iac:id": "examplecom_site_1_certificate",
"Name": "v1"
},
"validation_method": "DNS"
},
"examplecom_redirect_1_certificate": {
"lifecycle": {
"ignore_changes": [
"subject_alternative_names",
"domain_name"
]
},
"domain_name": "*.example.com",
"region": "us-east-1",
"subject_alternative_names": [],
"tags": {
"iac:id": "examplecom_redirect_1_certificate",
"Name": "v1"
},
"validation_method": "DNS"
}
},
"aws_cloudfront_origin_access_control": {
"examplecom_originaccesscontrol": {
"name": "oac-examplecom",
"origin_access_control_origin_type": "s3",
"signing_behavior": "always",
"signing_protocol": "sigv4"
}
},
"aws_s3_bucket_ownership_controls": {
"awss3bucket_globallogbucket_ownership_controls": {
"depends_on": [
"aws_s3_bucket.awss3bucket_globallogbucket"
],
"bucket": "example-com-websites-logs-global",
"rule": {
"object_ownership": "BucketOwnerPreferred"
},
"region": "us-east-1"
}
},
"aws_s3_bucket_versioning": {
"awss3bucket_backend_versioning": {
"depends_on": [
"aws_s3_bucket.awss3bucket_backend"
],
"bucket": "example-com-websites-backend",
"versioning_configuration": {
"status": "Enabled"
}
}
}
},
"data": {
"aws_route53_zone": {
"examplecom_zone": {
"name": "example.com"
}
},
"aws_caller_identity": {
"caller_identity": {}
}
}
}