* infra/main.tf: See 93dfdb0 for more detail regarding the deployment issue. In addition,
have the deployment script correctly fail if any command does not succeed.
* infra/main.tf: This avoid a deployment issue after switching to guix for builds. Namely,
after to switching to guix to build this project, all built site files will have a datetime
of Unix epoch 0, which will then never be updated when running 'aws s3 sync ...' because the
files in the bucket were deployed before the site was built using guix, so they have newer
timestamps. Using the '--size-only' option improves this situation, in that files that are
modified and have a different size then the original will be updated, but files that are
changed but, by chance have the same size, will not be updated. Ironically, the update that I
discovered this on will end up resulting the same file sizes (changing the copyright date).
* infra/variables.tf: Add new variable 'site_statis_files_dir'
* infra/manifest.scm: Add guix manifest that captures all tools required for deploying this site. This currently includes terraform, in use terraform providers, as well as awscliv2 which is used directly from a null resource
* infra/main.tf: Pin all provider version so they are available from the rekahsoft-guix channel
Remove the need for the template provider. It is still included as these changes need to be applied to all environments before it can be removed.
Remove TF-UPGRAGE-TODO's
Use the new variable 'site_static_files_dir' for the location of the static site files to be deployed
* channels.scm (channel): Add symlink to top-level channels file
* infra/Makefile (SELECTED_WORKSPACE): Removed the dependency on terraform
(clean): Add new PHONY target 'clean' which cleans up terraform temporary files
(workspace): Add new PHONY target 'workspace which switches to user provided ENV
* channels.scm (channel): Updated rekahsoft-guix channel
* README.org (Features): Updated sections on deployment
This is primarily useful when testing locally, so that the users aws config/credentials aren't
polluted, and adds little no value otherwise.
Signed-off-by: Collin J. Doering <collin@rekahsoft.ca>
Adds the variables:
- `enable_naked_domain`
Whether or not to enable access to the site only via a naked domain.
When `enable_naked_domain=true`:
- This corresponds to the previous configuration.
When `enable_naked_domain=false`:
- Sets the domain_name to the www version of the domain and adds the naked domain as a
SAN (Subject Alternative Name) on the ACM certificate
- Create dns validation records for both the naked domain and www domain
- Creates a s3 bucket with redirect policy which redirects all requests to the www version
of the site
- Creates a cloudfront web distribution with a custom origin of the website bucket
url (this is required as s3 origins do not handle redirects)
- `subdomain`
The subdomain to use under the `dns_apex`, eg `<subdomain>.<dns_apex>`. Defaults to empty.
Remember, `dns_apex` must correspond to a route53 public hosted zone.
Signed-off-by: Collin J. Doering <collin@rekahsoft.ca>
Create a classic static site deployment using cloudfront with a s3 origin. Provision, verify and
utilize a ACM certificate to enable (and force) https for cloudfront.
This assumes that the build resources are available at ./_site as a null_resource is used to
sync it to the s3 origin backing cloudfront. A IAM user and policy is provisioned prior to the
null_resource execution with least privilege access to the s3 bucket.
Note: The required terraform backend resources were manually provisioned.
Signed-off-by: Collin J. Doering <collin.doering@rekahsoft.ca>
Collin J. Doering