{"id":20251591,"url":"https://github.com/ironexdev/peon-media-hosting","last_synced_at":"2025-03-03T16:40:52.853Z","repository":{"id":261328918,"uuid":"883874962","full_name":"ironexdev/peon-media-hosting","owner":"ironexdev","description":"AWS S3 and CloudFront media hosting provisioned by Terraform. Supports public and signed URL access.","archived":false,"fork":false,"pushed_at":"2024-11-05T23:43:52.000Z","size":5,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-14T02:47:01.367Z","etag":null,"topics":["aws","cloudfront","iaac","s3","signed-url","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ironexdev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-05T18:16:35.000Z","updated_at":"2024-11-05T23:43:55.000Z","dependencies_parsed_at":"2024-11-06T00:31:53.693Z","dependency_job_id":"678687ca-dc40-48b2-b7f7-8bc5af3a7f70","html_url":"https://github.com/ironexdev/peon-media-hosting","commit_stats":null,"previous_names":["ironexdev/peon-media-hosting"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ironexdev%2Fpeon-media-hosting","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ironexdev%2Fpeon-media-hosting/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ironexdev%2Fpeon-media-hosting/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ironexdev%2Fpeon-media-hosting/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ironexdev","download_url":"https://codeload.github.com/ironexdev/peon-media-hosting/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241702295,"owners_count":20005940,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cloudfront","iaac","s3","signed-url","terraform"],"created_at":"2024-11-14T10:11:05.145Z","updated_at":"2025-03-03T16:40:52.834Z","avatar_url":"https://github.com/ironexdev.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Peon Media Hosting\n\n## Overview\n\nThis Terraform script provisions an S3 bucket and a CloudFront distribution in your AWS account for media hosting. The\nsolution supports two access methods: **Public** and **Signed URLs**. You can store and access media files based on your\naccess requirements, ensuring secure and efficient media delivery.\n\n### Short videos to get familiar with the technologies used in this project\n- [Terraform](https://www.youtube.com/watch?v=tomUWcQ0P3k)\n- [AWS](https://www.youtube.com/watch?v=JIbIYCM48to)\n- [S3](https://youtu.be/JIbIYCM48to?si=6KdJaJTJHaLf-3Rp\u0026t=281)\n- [CloudFront](https://www.youtube.com/watch?v=AT-nHW3_SVIhttps://www.youtube.com/watch?v=AT-nHW3_SVI)\n- [Signed URLs with Node.js](https://www.youtube.com/watch?v=EIYrhbBk7do)\n\n### Disclaimer\n\n- This script effectively creates two AWS resources: an __S3 bucket__ and a __CloudFront distribution__.\n  - __Both may incur costs__\n    - [CloudFront Pricing](https://aws.amazon.com/cloudfront/pricing/)\n    - [S3 Pricing](https://aws.amazon.com/s3/pricing/)\n  - __The cost is same as if you would create these resources manually__\n- This solution does not handle media optimization.\n\n---\n\n## Project Setup\n\n### Prerequisites\n\n- [Setup Terraform CLI](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli)\n  - A/ Use Terraform Cloud to store the infrastructure state\n    - Create [Terraform Account](https://app.terraform.io/public/signup/account)\n    - Create [Terraform Organization](https://app.terraform.io/app/organizations)\n      - Name of the organization must match the name specified in `backend.tf` - feel free to rename it\n      - Workspace will be automatically created based on `backend.tf`\n  - B/ Use local backend to store the infrastructure state\n    - Setup [local backend](https://developer.hashicorp.com/terraform/language/backend/local)\n- [Setup AWS CLI](https://www.youtube.com/watch?v=_DIRSI07kxY)\n- [Create and upload SSH key to sign urls](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#create-key-pair-and-key-group)\n- Add Key Group vars\n  - Go to AWS CloudFront [key groups](https://console.aws.amazon.com/cloudfront/v4/home#/keygrouplist)\n  - Copy id of the key group you previously created\n  - Create test.tfvars / production.tfvars file and set `cloudfront_key_group_id` value\n- (optional) Feel free to change project_name in variables.tf, \"pmh-origin\" in main.tf and \"pmh\" prefix use for service naming\n\n### Setup\n\n1. Clone the repository to your local environment\n2. Navigate to the project directory\n3. Initialize the project by running the following command `terraform init`\n4. Provision the infrastructure by running `terraform apply -var-file=\"testing.tfvars`\n\n### Terraform Commands\n\nUse the following commands to manage your Terraform infrastructure:\n\n- **Initialize the project:**\n  ```bash\n  terraform init\n  ```\n\n- **Apply the configuration to create resources:**\n  ```bash\n  terraform apply -var-file=\"testing.tfvars\n  ```\n\n- **Destroy the infrastructure:**\n  ```bash\n  terraform destroy\n  ```\n\n---\n\n## Usage\n\nThe media hosting solution can be utilized in two distinct ways:\n\n### Public Access\n\nPublic files are stored in the `assets` folder within the S3 bucket, accessible via a direct URL generated from the\nCloudFront distribution.\n\n**Steps to Access Public Files:**\n\n1. Upload the media file to the `assets` folder in the S3 bucket.\n2. Access the file by combining the CloudFront distribution URL with the media file path in S3: `https://\u003ccloudfront_distribution_domain\u003e/assets/\u003cpath_to_file\u003e`\n   - Replace `\u003ccloudfront_distribution_domain\u003e` with the actual CloudFront distribution domain, and `\u003cpath_to_file\u003e` with\n   the path of the media file in the `assets` folder.\n\n### Signed URL Access\n\nFiles outside the `assets` folder require a signed URL for access, providing an extra layer of security. Signed URLs can\nbe generated programmatically using the AWS SDK.\n\n**Example Signed URL Format:**\n\n```\nhttps://\u003cs3_bucket_name\u003e.s3.\u003cregion\u003e.amazonaws.com/\u003cpath_to_file\u003e?X-Amz-Algorithm=\u003calgorithm\u003e\u0026X-Amz-Content-Sha256=UNSIGNED-PAYLOAD\u0026X-Amz-Credential=\u003ccredential\u003e\u0026X-Amz-Date=\u003cdate\u003e\u0026X-Amz-Expires=\u003cexpires\u003e\u0026X-Amz-Signature=\u003csignature\u003e\u0026X-Amz-SignedHeaders=host\u0026x-id=GetObject\n```\n\n**Steps to Access Files Using Signed URLs:**\n\n1. Generate a signed URL using the [AWS SDK](https://www.npmjs.com/package/aws-sdk).\n2. (Optional) Store the signed URL in a database for future access.\n3. Use the signed URL to securely load the media file.\n\n---\n\n## Notes\n\n- Only files in the `assets` folder are publicly accessible; all other files require signed URLs.\n- Ensure that sensitive information, like AWS credentials, is handled securely.\n- Look up tf documentation for more information about S3 and ClodFront modules configuration (especially expiration times).\n- CloudFront cache invalidation:\n  - Go to `AWS -\u003e CloudFront -\u003e Distributions -\u003e Invalidations`\n  - Click `Create invalidation` button\n  - Enter object path (wildcards can be used)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fironexdev%2Fpeon-media-hosting","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fironexdev%2Fpeon-media-hosting","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fironexdev%2Fpeon-media-hosting/lists"}