* infra/variables.tf: Add new variable 'site_statis_files_dir'
* infra/manifest.scm: Add guix manifest that captures all tools required for deploying this site. This currently includes terraform, in use terraform providers, as well as awscliv2 which is used directly from a null resource
* infra/main.tf: Pin all provider version so they are available from the rekahsoft-guix channel
Remove the need for the template provider. It is still included as these changes need to be applied to all environments before it can be removed.
Remove TF-UPGRAGE-TODO's
Use the new variable 'site_static_files_dir' for the location of the static site files to be deployed
* channels.scm (channel): Add symlink to top-level channels file
* infra/Makefile (SELECTED_WORKSPACE): Removed the dependency on terraform
(clean): Add new PHONY target 'clean' which cleans up terraform temporary files
(workspace): Add new PHONY target 'workspace which switches to user provided ENV
* channels.scm (channel): Updated rekahsoft-guix channel
* README.org (Features): Updated sections on deployment
Adds the variables:
- `enable_naked_domain`
Whether or not to enable access to the site only via a naked domain.
When `enable_naked_domain=true`:
- This corresponds to the previous configuration.
When `enable_naked_domain=false`:
- Sets the domain_name to the www version of the domain and adds the naked domain as a
SAN (Subject Alternative Name) on the ACM certificate
- Create dns validation records for both the naked domain and www domain
- Creates a s3 bucket with redirect policy which redirects all requests to the www version
of the site
- Creates a cloudfront web distribution with a custom origin of the website bucket
url (this is required as s3 origins do not handle redirects)
- `subdomain`
The subdomain to use under the `dns_apex`, eg `<subdomain>.<dns_apex>`. Defaults to empty.
Remember, `dns_apex` must correspond to a route53 public hosted zone.
Signed-off-by: Collin J. Doering <collin@rekahsoft.ca>
Create a classic static site deployment using cloudfront with a s3 origin. Provision, verify and
utilize a ACM certificate to enable (and force) https for cloudfront.
This assumes that the build resources are available at ./_site as a null_resource is used to
sync it to the s3 origin backing cloudfront. A IAM user and policy is provisioned prior to the
null_resource execution with least privilege access to the s3 bucket.
Note: The required terraform backend resources were manually provisioned.
Signed-off-by: Collin J. Doering <collin.doering@rekahsoft.ca>
Collin J. Doering