{"id":19854650,"url":"https://github.com/obytes/terraform-aws-s3-cdn","last_synced_at":"2026-03-19T12:03:21.218Z","repository":{"id":77139371,"uuid":"436965048","full_name":"obytes/terraform-aws-s3-cdn","owner":"obytes","description":"Reusable Terraform module for deploying, previewing and serving public static web applications and private media.","archived":false,"fork":false,"pushed_at":"2021-12-12T22:35:41.000Z","size":23,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":12,"default_branch":"main","last_synced_at":"2025-02-28T23:37:22.130Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/obytes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-10T12:06:23.000Z","updated_at":"2022-08-11T11:42:21.000Z","dependencies_parsed_at":null,"dependency_job_id":"7f544fd4-47ce-49b4-8e3c-759f7a00db24","html_url":"https://github.com/obytes/terraform-aws-s3-cdn","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/obytes/terraform-aws-s3-cdn","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obytes%2Fterraform-aws-s3-cdn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obytes%2Fterraform-aws-s3-cdn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obytes%2Fterraform-aws-s3-cdn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obytes%2Fterraform-aws-s3-cdn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/obytes","download_url":"https://codeload.github.com/obytes/terraform-aws-s3-cdn/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obytes%2Fterraform-aws-s3-cdn/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30127816,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-05T12:40:50.676Z","status":"ssl_error","status_checked_at":"2026-03-05T12:39:32.209Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-12T14:10:02.935Z","updated_at":"2026-03-05T13:32:05.281Z","avatar_url":"https://github.com/obytes.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Terraform AWS S3 CDN\n\nReusable Terraform module for deploying, previewing and serving public static web applications and private media.\n\n## Components\n\n- **Main CDN**: Provides a cloudfront distribution to serve public static web applications.\n\n- **Preview CDN**: Like Netlify, provides a cloudfront distribution to preview Github feature branches that has an open PR.\n\n- **Public Media CDN**: Provides a cloudfront distribution to serve public media.\n\n- **Private Media CDN**: Provides a cloudfront distribution to private media using pre-signed URLs.\n\n- **Policies**: Provides a cache optimized policy, an origin request policy and a response headers policy to improve \n  performance and secure content.\n  \n- **Preview Function**: Provides a viewer request cloudfront function for url re-writing and routing the wildcard preview\n  domain requests into the target preview content.\n\n## Features\n\n✅ Thanks to Brotli and GZip compression, Improve application performance by delivering content faster to viewers using \nsmaller file sizes.\n\n✅ Reduce the number of requests that the origin S3 service must respond to directly. Thanks to CloudFront caching and \nthe cache optimized policy, objects are served from CloudFront edge locations, which are closer to your users.\n\n✅ Provide a response headers policy to secure your application’s communications and customize its behavior. with CORS \nto control access to origin objects, and Security Headers to exchange security-related information.\n\n✅ Protect and serve private media using Cloudfront signed URLs.\n\n✅ Support Route53 and Cloudflare as DNS providers (If you want to use another DNS provider, you can call the components \ndirectly).\n\n✅ Auto provision the DNS records for the main, preview and the media CDNs.\n\n✅ Routing the preview requests to the target preview content based on the host header thanks to the wildcard domain and\ncloudfront preview function.\n\n✅ Ability to conditionally provision the main, preview and media CDNs components using the `enable` Terraform map \nvariable.\n\n## Indirect Features\n\n✅ Improving the search rankings for web application and help meet regulatory compliance requirements for encrypting\ndata in transit by acquiring and auto validation of an SSL/TLS certificate for main/preview/media CDNs domains.\n\n✅ Provide a CI/CD pipeline for deploying the static web applications developed with any framework \n(ReactJS, VueJS, Hugo, Gatsby ...)\n\n## Used Services:\n\n- AWS S3\n- AWS Cloudfront\n- AWS Lambda Functions \n- AWS Codebuild\n- AWS Codepipeline\n- AWS Certificate Manger\n- AWS Route53 or Cloudflare\n- Github\n\n## Usage\n\nThis is an example to provision the main, preview and media CDNs along with their CI/CD pipelines, route53 records and \ndomains certification.\n\n```hcl\nmodule \"demo_webapp\" {\n  source      = \"git::https://github.com/obytes/terraform-aws-s3-cdn.git//modules/route53\"\n  prefix      = \"${local.prefix}-demo\"\n  common_tags = local.common_tags\n\n  comment = \"Demo wep application\"\n\n  enable = {\n    main          = true\n    preview       = true\n    public_media  = true\n    private_media = true\n  }\n\n  dns_zone_id        = aws_route53_zone._.zone_id\n  main_fqdn          = \"demo.kodhive.com\"\n  public_media_fqdn  = \"demo-public-media.kodhive.com\"\n  private_media_fqdn = \"demo-private-media.kodhive.com\"\n\n  media_signer_public_key = file(\"${path.module}/public_key.pem\")\n  content_security_policy = \"default-src * 'unsafe-inline'\"\n\n  # Artifacts\n  s3_artifacts = {\n    arn    = aws_s3_bucket.artifacts.arn\n    bucket = aws_s3_bucket.artifacts.bucket\n  }\n\n  # Github\n  github            = {\n    owner          = \"obytes\"\n    token          = \"Token used to comment on github PRs when the preview is ready!\"\n    webhook_secret = \"not-secret\"\n    connection_arn = \"arn:aws:codestar-connections:us-east-1:{ACCOUNT_ID}:connection/{CONNECTION_ID}\"\n  }\n  pre_release       = false\n  github_repository = {\n    name   = \"react-typescript-starter\"\n    branch = \"main\"\n  }\n\n  # Build\n  app_base_dir     = \".\"\n  app_build_dir    = \"build\"\n  app_node_version = \"latest\"\n  app_install_cmd  = \"yarn install\"\n  app_build_cmd    = \"yarn build\"\n\n  # Notification\n  ci_notifications_slack_channels = {\n    info  = \"ci-info\"\n    alert = \"ci-alert\"\n  }\n}\n```\n\n\u003e This example is using route53 Terraform module. If you are using cloudflare, you can switch to the cloudflare module.\n\nYou should also update the application's DOT Env environments variables pulled from secrets manager through terraform or \ndirectly from AWS Console.\n\n```hcl\nresource \"aws_secretsmanager_secret_version\" \"main_webapp_env_vars\" {\n  secret_id     = module.demo_webapp.main_webapp_envs_sm_id[0]\n  secret_string = jsonencode({\n    REACT_APP_FIREBASE_API_KEY     = \"REACT_APP_FIREBASE_API_KEY\"\n    REACT_APP_FIREBASE_PROJECT_ID  = \"REACT_APP_FIREBASE_PROJECT_ID\"\n    REACT_APP_FIREBASE_AUTH_DOMAIN = \"REACT_APP_FIREBASE_AUTH_DOMAIN\"\n  })\n}\n\nresource \"aws_secretsmanager_secret_version\" \"preview_webapp_env_vars\" {\n  secret_id     = module.demo_webapp.preview_webapp_envs_sm_id[0]\n  secret_string = jsonencode({\n    REACT_APP_FIREBASE_API_KEY     = \"REACT_APP_FIREBASE_API_KEY\"\n    REACT_APP_FIREBASE_PROJECT_ID  = \"REACT_APP_FIREBASE_PROJECT_ID\"\n    REACT_APP_FIREBASE_AUTH_DOMAIN = \"REACT_APP_FIREBASE_AUTH_DOMAIN\"\n  })\n}\n```\n\n\u003e Better to not manage this resource with terraform and let users modify secrets directly from the console.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fobytes%2Fterraform-aws-s3-cdn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fobytes%2Fterraform-aws-s3-cdn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fobytes%2Fterraform-aws-s3-cdn/lists"}